| 发明名称 |
SIGNATURE-INDEPENDENT, SYSTEM BEHAVIOR-BASED MALWARE DETECTION |
| 摘要 |
<p>A method, system, and computer program product for detecting malware based upon system behavior. At least one process expected to be active is identified for a current mode of operation of a processing system comprising one or more resources. An expected activity level of the one or more resources of the processing system is calculated based upon the current mode of operation and the at least one process expected to be active. An actual activity level of the plurality of resources is determined. If a deviation is detected between the expected activity level and the actual activity level, a source of unexpected activity is identified as a potential cause of the deviation. Policy guidelines are used to determine whether the unexpected activity is legitimate. If the unexpected activity is not legitimate, the source of the unexpected activity is classified as malware.</p> |
| 申请公布号 |
WO2012087685(A1) |
申请公布日期 |
2012.06.28 |
| 申请号 |
WO2011US64729 |
申请日期 |
2011.12.13 |
| 申请人 |
INTEL CORPORATION;POORNACHANDRAN, RAJESH;AISSI, SELIM |
发明人 |
POORNACHANDRAN, RAJESH;AISSI, SELIM |
| 分类号 |
G06F21/20;G06F11/30 |
主分类号 |
G06F21/20 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
