发明名称 |
SYSTEM AND METHOD FOR DETECTING MALWARE THAT INTERFERES WITH THE USER INTERFACE |
摘要 |
System and method for detecting ransomware. A current user behavior pattern is monitored based on user input via a user input device. The user behavior is compared against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module. A current status pattern of the operating system is also monitored. The current status pattern is compared against a reference set of operating system status patterns associated with predefined ransomware behavior. In response to indicia of current user frustration with non-responsiveness of the user interface, and further in response to indicia of the current status pattern having a correlation to the predefined ransomware behavior, an indication of a positive detection of ransomware executing on the computer system is provided. |
申请公布号 |
US2014181971(A1) |
申请公布日期 |
2014.06.26 |
申请号 |
US201313853468 |
申请日期 |
2013.03.29 |
申请人 |
KASPERSKY LAB ZAO |
发明人 |
Tatarinov Ivan I.;Martynenko Vladislav V.;Monastyrsky Alexey V.;Pavlyushchik Mikhail A.;Sapronov Konstantin V.;Slobodyanuk Yuri G. |
分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. In a computer system comprising computing hardware that includes a processor and data store, a user input device and a display device, and an operating system executable on the computing hardware, the operating system including a user interface module interfaced with the user input device and the display device, a method for detecting ransomware, the method comprising:
monitoring a current user behavior pattern based on user input via the user input device; comparing the user behavior against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module; monitoring a current status pattern of the operating system; comparing the current status pattern against a reference set of operating system status patterns associated with predefined ransomware behavior; in response to a result of the comparing of the current user behavior pattern against the reference set of behavior patterns being indicative of current user frustration with non-responsiveness of the user interface module, and further in response to a result of the comparing of the current status pattern against the reference set of operating system status patterns being indicative of the current status pattern having a correlation to the predefined ransomware behavior, providing an indication of a positive detection of ransomware executing on the computer system. |
地址 |
Moscow RU |