Method, system, and apparatus for detecting malicious code
US9465941B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 23, 2014 |
| Grant date | Oct 11, 2016 |
| Priority date | — |
| Expiry date | Jun 21, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method, a system, and an apparatus for detecting malicious code to solve the problem that detection efficiency is low and that more resources are occupied. The method includes: monitoring execution of an instruction in a virtual machine supervisor of a host computer, where the instruction is generated in escape mode when a read-write request generated during execution of program code in a virtual machine of the host computer is delivered to the virtual machine supervisor; obtaining execution characteristics of the program code according to execution of the instruction; and comparing the obtained execution characteristics with pre-stored execution characteristics of known malicious code, and determining that the program code is malicious code when the obtained execution characteristics and the pre-stored execution characteristics are the same. This improves the detection efficiency, and saves the storage resources and the processing resources in the host computer.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.