公开(公告)号：US20220237284A1

公开(公告)日：2022-07-28

申请号：US17578836

申请日：2022-01-19

Applicant: Nokia Solutions and Networks Oy

Inventor： Serge PAPILLON ,  Haithem EL ABED ,  Francois BOUTIGNY ,  Pernelle Cathel Sika MENSAH

IPC: G06F21/53 ,  G06F21/56

Abstract: According to an example aspect of the present invention, there is provided a method comprising compiling a behavioural baseline database comprising system call behaviours of a computer program, using a first testing process based at least partly on emulated nodes, running a second test of the computer program using live nodes and logging system call behaviour of the computer program during the second test, and determining whether the system call behaviour logged during the second test comprises behaviour deviates from the behavioural baseline database.

公开(公告)号：US20220229901A1

公开(公告)日：2022-07-21

申请号：US17576674

申请日：2022-01-14

Applicant: Nokia Solutions and Networks Oy

Inventor： Haithem EL ABED ,  Pernelle Cathel Sika MENSAH ,  Francois BOUTIGNY ,  Serge PAPILLON

IPC: G06F21/54 ,  G06F21/56 ,  G06F21/55

Abstract: According to an example aspect of the present invention, there is provided a method, comprising running a multi-thread computer program and recording system calls thereby made to produce a test set of threads with their associated system calls, retrieving a mapping from the threads of the test set to reference threads of a database of reference threads, attempting to map, using the mapping, the threads of the test set to the reference threads of the database, and responsive to a first thread from among the threads of the test set not mapping to the reference threads of the database, flagging the first thread for a security action.