| 发明名称 |
ROBUST MALWARE DETECTOR |
| 摘要 |
A system, method and computer readable medium for detecting and diffusing malware on a computer. Malware is analysed to generate signatures and determine a fixing moment. All of the system calls of the operating system of a client computer are hooked and processed without emulation or the need for unpackers or decrypters, and a multi-level filter removes all system calls that are not associated with malware. The resulting system calls are accumulated on a per-thread basis and scanned, and the relevant threads are compared with the signatures to match with malware. The threads associated with malware are addressed at the fixing moment before the malware can operate to cause undesirable effects on the client computer. |
| 申请公布号 |
US2014237596(A1) |
申请公布日期 |
2014.08.21 |
| 申请号 |
US201414180110 |
申请日期 |
2014.02.13 |
| 申请人 |
Systems of Information Security 2012 |
发明人 |
Grytsan Volodymyr;Tumoyan Evgeny;Romanenko Ivan;Kukoba Anton;Sviridenkov Anatolii |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A malware detection and diffusion system comprising:
at least one server side computer; and at least one client side computer;wherein:
at least one malware sample is processed in at least one server side computer; at least one signature is formed for each malware sample by a server side computer having at least one stop call at a fixing moment; the signature is distributed by the server side computer to at least one client side computer,wherein:
a driver hooks all of the system calls of the operating system of the client side computer; the systems calls are processed by a filter to remove system calls not associated with malware; the system calls not removed by the filter are accumulated on a per-thread basis and checked for a stop call; the thread associated with the stop call is compared to the signature for a match with malware; and the thread that is matched with malware is addressed at the fixing moment. |
| 地址 |
Odessa city UA |
