RUNTIME DETECTION OF SELF-REPLICATING MALWARE,申请号US201615338399-传众专利搜索

首页产品黄页商标征信

会员服务注册登录

法人/股东/高管

发明名称	RUNTIME DETECTION OF SELF-REPLICATING MALWARE
摘要	A method for detecting malicious active processes and self replicating executable binary files on a computing device. The method comprises monitoring in runtime active processes running on a computing device, extracting unique identifier(s) of each of the active processes which maps the active process to executable binary file(s) containing executable code of the active process, monitoring in runtime creation and modification of data files hosted by the computing device, identifying executable binary files among the data files, monitoring concurrent operation of logical sensors which detect malicious behavioral patterns of the active processes and maintain one or more lists of malicious behavioral pattern findings, and detecting malicious active process(es) of a malware from the active processes and self-replicating executable binary file(s) of the malicious active process(es) according to a match between the respective unique identifier(s), the malicious behavioral pattern findings and at least one the executable binary files.
申请公布号	US2017046512(A1)	申请公布日期	2017.02.16
申请号	US201615338399	申请日期	2016.10.30
申请人	KEDMA Gabriel;HAVAZELET Doron	发明人	KEDMA Gabriel;HAVAZELET Doron
分类号	G06F21/56	主分类号	G06F21/56
代理机构		代理人
主权项	1. A method for detecting malicious active processes and self-replicating executable binary files on a computing device in runtime, the method comprising: executing a code on at least one hardware processor for: monitoring at least one of a file creation event and a file modification event held by an operating system executed in a user mode on said at least one hardware processor to detect a plurality of executable binary files;monitoring new process creation events of a plurality of active processes executed by said operating system on said at least one hardware processor;detecting at least one match between one of said plurality of active processes and one of said plurality of executable binary files;detecting at least one self replication event of said plurality of executable binary files according to an analysis of said at least one match; andsuspending or terminating at least one of said plurality of active processes based on a comparison between said at least one self replication event and at least one known suspicious pattern.
地址	Omer IL

您可能感兴趣的专利

HIGH PRESSURE RELEASING DEVICE FOR OILLFILLED ELECTRIC EQUIPMENT

BRUSH FOR MOTOR WITH COMMUTATOR

FIREERESISTING DECORATIVE SHEET OF WOOD

POWER SHIFT TRANSMISSION

ROLLING OF LARGELY THIK STEEL PLATE

COLORED INORGANIC GLASSY COATING LAYER AND PRODUCTION THEREOF

PREVENTING HIGH TEMPERATURE OXIDATION BLOWING UP

PRODUCTION OF TITANIUM CONTAINING AUSTENITE BASE STAINLESS STEEL HAVING GOOD GRAIN CORROSION RESISTANCE

METHOD OF MEASURING WATER CONTENT OF DEHYDRATED CAKE

FLASH FIXING DEVICE

MICROFILM PROJECTOR

MAGNETIC SOUND RECORDER*REPRODUCER

RECORDER AND*OR REPRODUCER

HIGH TEMPERATURE HOT AIR GENERATOR

1'-LOWER ALKYL-1'-(2-CYANO-METHYL)-1,2,3,4,6,7,12, 12B'-OCTAHYDRO-INDOLO -A)QUINOLIZINE COMPOUNDS

PROCESS FOR PREPARING 7'-ACYLAMINO- 7'-ALKOXYCEPHALOSPORINS '-ACYLAMINO-6'-ALKOXYPENICILLINS

SHOCK RESISTING VEHICULAR SIGNAL LAMP

LAMINATED ANODE