Patent · US Active

Method and system for malware detection in virtual machines

US9733969B2 · kind B2 · utility

57Cited by

3References

19Claims

0Family size

Assignee

EMC IP Holding Company LLC · US

Inventors

Philip Derbeko · Holon, IL
Assaf Natanzon · Nes Ziona, IL
Maya Bakshi · Beer Sheva, IL

Key dates

Filing date	Jun 30, 2015
Grant date	Aug 15, 2017
Priority date	—
Expiry date	Sep 10, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F2009/45587
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Example embodiments relate to methods, systems, and a computer program product for detecting and responding to the presence of malware persistently executing in a monitored virtual machine of a virtual computing platform. The method includes logging I/O requests at a hypervisor kernel in a kernel log and at a virtual machine (VM) managed by the hypervisor in a VM log. The logged I/O requests then may be compared to detect evidence of malware according to differences between the I/O requests logged in the VM log and the kernel log.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.