COMPUTER IMMUNE SYSTEM AND METHOD FOR DETECTING UNWANTED CODE IN A COMPUTER SYSTEM

摘要

An automated analysis system detects malicious code within a computer system by generating and subsequently analyzing a behavior pattern for each compute r program introduced to the computer system. Generation of the behavior patter n is accomplished by a virtual machine invoked within the computer system. An initial analysis may be performed on the behaviour pattern to identify infected programs on initial presentation of the program to the computer system. The analysis system also stores behavior patterns and sequences with their corresponding analysis results in a database. Newly infected programs can be detected by analyzing a newly generated behaviour pattern for the program within reference to a stored behavior pattern to identify presence o f an infection or payload pattern.