-
公开(公告)号:US11354409B1
公开(公告)日:2022-06-07
申请号:US16787204
申请日:2020-02-11
Applicant: Trend Micro Inc.
Inventor: Ian Kenefick
Abstract: An agent on an endpoint computer computes a locality-sensitive hash value for an API call sequence of an executing process. This value is sent to a cloud computer which includes an API call sequence blacklist database of locality-sensitive hash values. A search is performed using a balanced tree structure of the database using the received hash value and a match is determined based upon whether or not a metric distance is under or above a distance threshold. The received value may also be compared to a white list of locality-sensitive hash values. Attribute values of the executing process are also received from the endpoint computer and may be used to inform whether or not the executing process is deemed to be malicious. An indication of malicious or not is returned to the endpoint computer and if malicious, the process may be terminated and its subject file deleted.
Search Results
1
records
(took 0.01 seconds)
