Security information and event management
US9509708B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 2, 2014 |
| Grant date | Nov 29, 2016 |
| Priority date | — |
| Expiry date | Dec 20, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2101
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods for universal interception of events. The methods involve: intercepting functions performed by an OS object manager which specify Physical Events (“PEs”) occurring therein, each PE comprising a real-time event occurring in an OS in runtime; obtaining PE information indicating which PEs are specified by the intercepted functions being performed by the OS object manager; analyzing the PE information to identify Virtual Events (“VEs”) which are associated with each PE, where each VE comprises an event occurring when one of a plurality of operations is performed by an OS subsystem which facilitates an occurrence of a respective PE; filtering VE information specifying the VEs identified as being associated with the PEs so as to generate filtered information specifying only select ones of the VEs; and placing the filtered information is a queue for subsequent processing to detect malware threats to a computing device.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.