Method and system for discrete stateful behavioral analysis

摘要

A method for analyzing a computing system includes the steps of at a first moment in time, scanning the resources of the computing system for indications of malware, at a second moment in time scanning the resources of the computing system for indications of malware and determining the system executable objects loaded on the computing system, determining malware system changes, identifying a relationship between the malware system changes and the system executable objects loaded on the computing system, and identifying as suspected malware the system executable objects loaded on the computing system which have a relationship with the malware system changes. The malware system changes include differences between the results of scanning the resources of the computing system for indications of malware at the second and first moment of time.

主权项

1. A method for analyzing a computing system, comprising:
at a first moment in time, scanning the resources of the computing system for indications of malware; at a second moment in time:
scanning the resources of the computing system for indications of malware; and,determining one or more system executable objects loaded on the computing system; determining one or more system changes, wherein the system changes comprise one or more differences between the results of scanning the resources of the computing system for indications of malware at the second moment of time and the first moment in time; identifying a relationship between the system changes and the one or more system executable objects loaded on the computing system; identifying as malicious the one or more system executable objects loaded on the computing system for which a relationship with the system changes has been identified.