System and method for run-time object classification
US9747446B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 27, 2014 |
| Grant date | Aug 29, 2017 |
| Priority date | — |
| Expiry date | Apr 17, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/56
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
One embodiment of an electronic device comprises a processor and a memory accessible by the processor. The memory comprises virtual execution logic and run-time classifier logic. The virtual execution logic includes at least one virtual machine that is configured to virtually process content within an object under analysis and monitor for anomalous behaviors during the virtual processing that are indicative of malware. The run-time classifier logic performs, during run-time, a first analysis on the monitored anomalous behaviors and a pre-stored identifier to determine if the monitored anomalous behaviors indicate that the object is malware belonging to a classified malware family. The pre-stored identifier is a collection of data associated with anomalous behaviors that uniquely identify the malware family.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.