发明授权
US08332944B2 System and method for detecting new malicious executables, based on discovering and monitoring characteristic system call sequences
失效
基于发现和监测特征系统调用序列,检测新的恶意可执行文件的系统和方法
- 专利标题: System and method for detecting new malicious executables, based on discovering and monitoring characteristic system call sequences
- 专利标题(中): 基于发现和监测特征系统调用序列,检测新的恶意可执行文件的系统和方法
-
申请号: US12697559申请日: 2010-02-01
-
公开(公告)号: US08332944B2公开(公告)日: 2012-12-11
- 发明人: Boris Rozenberg , Ehud Gudes , Yuval Elovici
- 申请人: Boris Rozenberg , Ehud Gudes , Yuval Elovici
- 代理机构: Roach Brown McCarthy & Gruber, P.C.
- 代理商 Kevin D. McCarthy
- 优先权: IL197477 20090308
- 主分类号: G06F12/14
- IPC分类号: G06F12/14
摘要:
The invention relates to a method for detecting malicious executables, which comprises: in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database; and, in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious.
公开/授权文献
信息查询
