METHOD AND APPARATUS FOR IDENTIFYING COMPUTING RESOURCE TRAJECTORY

The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in maintaining a plurality of computing systems is that it may...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: HUGER, ALFRED, FRIEDRICHS, OLIVER, RAMZAN, ZULFIKAR, LEVY, ELIAS
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in maintaining a plurality of computing systems is that it may be required to have visibility into the extensive collection of computing related resources located across those systems as well as information about resources together with their behaviors and evolutions within those systems. Examples of such resources include files, file names, registry keys, entries in network communications logs, etc. Accordingly, we present novel methods, components, and systems for keeping track of information about these resources and presenting this information to an ultimate end user. More specifically, we describe methods, components, and systems that perform data analytics on system data to obtain and report upon resource trajectory information, such as when particular resources were seen in an environment, the actions associated with those resources, and other resources related to those original resources. If a particular resource is believed to be malicious or otherwise undesirable, then it can be determined which systems that resource is on, how it arrived on those systems, what it did on those systems as well as what resources are related to the original resource, and as such what might need to be removed from those systems to restore them to a more desirable state. Through the disclosed invention, system administrators will be better able to determine how to more effectively address issues related to the presence of those resources.