| 发明名称 | Process security validation | ||
| 摘要 | Techniques for process security validation are described herein. In one example, a method includes determining, via a processor, that a process is in a first idle state based at least in part on system activity and process activity being below an activity threshold. The method can include detecting, via the processor, that the first idle state of the process transitions to an active state of the process based at least in part on the system activity or the process activity being above the activity threshold, and detecting, via the processor, that the active state of the process transitions to a second idle state based at least in part on the system activity and the process activity being below the activity threshold. Furthermore, the method can include generating, via the processor, the security validation data in response to detecting that the process has executed malicious content during the active state. | ||
| 申请公布号 | US9537883(B2) | 申请公布日期 | 2017.01.03 |
| 申请号 | US201414578530 | 申请日期 | 2014.12.22 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Bachar Ronen;Hay Roee;Rokah Erez;Shany Yoav |
| 分类号 | G06F11/00;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Cantor Colburn LLP | 代理人 | Cantor Colburn LLP ;Choi Ed |
| 主权项 | 1. A method for process security validation comprising: determining, via a processor, that a process is in a first idle state based at least in part on system activity and process activity being below an activity threshold; detecting, via the processor, that the first idle state of the process transitions to an active state of the process based at least in part on the system activity or the process activity being above the activity threshold; detecting, via the processor, from a simulated environment, that the active state of the process transitions to a second idle state based at least in part on the system activity and the process activity being below the activity threshold; the simulated environment configured to generate instructions as if the instructions originate from an input device without receiving instructions from the input device; wherein the simulated environment comprises a monitoring module configured for generating instructions as if the instructions originated from an external input device; and wherein the simulated environment is configured to automate generation of security validation data and reduce a latency in testing the process transitions; and generating, via the processor, the security validation data in response to detecting that the process has executed malicious content during the active state. | ||
| 地址 | Armonk NY US | ||