| 发明名称 | Detect encrypted program based on CPU statistics | ||
| 摘要 | Techniques are presented for detecting malware in an executable. The method includes receiving an executable to evaluate for malware, emulating an execution of the executable up to a first count of instructions, determining a number of cache misses that occur while emulating the executable up to the first count of instructions, comparing the number of cache misses to a threshold, and upon determining the number of cache misses exceeds the threshold, identifying the executable as potentially containing malware. | ||
| 申请公布号 | US9607152(B1) | 申请公布日期 | 2017.03.28 |
| 申请号 | US201514717939 | 申请日期 | 2015.05.20 |
| 申请人 | SYMANTEC CORPORATION | 发明人 | Kane David |
| 分类号 | G06F21/00;G06F21/56;G06F11/00;G06F12/14;G06F12/16;G08B23/00 | 主分类号 | G06F21/00 |
| 代理机构 | Patterson + Sheridan, LLP | 代理人 | Patterson + Sheridan, LLP |
| 主权项 | 1. A method for detecting malware in an executable, the method comprising: receiving an executable to evaluate for malware; executing the executable up to a first count of instructions, determining a number of cache misses that occur while executing the executable up to the first count of instructions; comparing the number of cache misses to a threshold, wherein the threshold corresponds to an expected number of cache misses occurring when executing a program containing junk instructions; and upon determining the number of cache misses exceeds the threshold, identifying the executable as potentially containing malware based at least on the number of cache misses. | ||
| 地址 | Mountain View CA US | ||