Runtime detection of self-replicating malware
US9824217B2 · kind B2 · utility
Inventors
Key dates
| Filing date | Oct 30, 2016 |
| Grant date | Nov 21, 2017 |
| Priority date | — |
| Expiry date | Oct 30, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for detecting malicious active processes and self replicating executable binary files on a computing device. The method comprises monitoring in runtime active processes running on a computing device, extracting unique identifier(s) of each of the active processes which maps the active process to executable binary file(s) containing executable code of the active process, monitoring in runtime creation and modification of data files hosted by the computing device, identifying executable binary files among the data files, monitoring concurrent operation of logical sensors which detect malicious behavioral patterns of the active processes and maintain one or more lists of malicious behavioral pattern findings, and detecting malicious active process(es) of a malware from the active processes and self-replicating executable binary file(s) of the malicious active process(es) according to a match between the respective unique identifier(s), the malicious behavioral pattern findings and at least one the executable binary files.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.