Patent · US Active

Detect encrypted program based on CPU statistics

US9607152B1 · kind B1 · utility

1Cited by

0References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventor

David Kane · Los Angeles, US

Key dates

Filing date	May 20, 2015
Grant date	Mar 28, 2017
Priority date	—
Expiry date	May 20, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Techniques are presented for detecting malware in an executable. The method includes receiving an executable to evaluate for malware, emulating an execution of the executable up to a first count of instructions, determining a number of cache misses that occur while emulating the executable up to the first count of instructions, comparing the number of cache misses to a threshold, and upon determining the number of cache misses exceeds the threshold, identifying the executable as potentially containing malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.