Malware detection from operating system event tracing

Malware detection from operating system event tracing

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: receive a client event report, the client event report including an operating system event trace for an...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Kumar, Amit, Lancioni, German, Palasamudram Ramagopal, Prashanth
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: receive a client event report, the client event report including an operating system event trace for an attempt to exploit a patched vulnerability, and first feature data for a malware object that made the attempt; receive second feature data for an unknown object; compare the first feature data to the second feature data; and if the second feature data match the first feature data above a threshold, convict the unknown object as malware.