BEHAVIORAL ANALYTICS DRIVEN HOST-BASED MALICIOUS BEHAVIOR AND DATA EXFILTRATION DISRUPTION

BEHAVIORAL ANALYTICS DRIVEN HOST-BASED MALICIOUS BEHAVIOR AND DATA EXFILTRATION DISRUPTION

A system and method detects the existence of malicious software on a local host by analysis of software process behavior including user input events and system events. A user validation engine provides user notification. In-VM operating system monitors capture events handled by the OS, capture user...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SWIDOWSKI KIRK R, DANAHY JOHN J, SHARKEY JOSEPH J, SYVERSEN JASON M, BERG RYAN J, ZAFFARANO KARA A
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A system and method detects the existence of malicious software on a local host by analysis of software process behavior including user input events and system events. A user validation engine provides user notification. In-VM operating system monitors capture events handled by the OS, capture user input from the HMI devices, and capture system events from applications executed by the processor at hardware, kernel and/or API levels. The In-VM operating system monitors also pass captured user input and system events to the user validation engine for analysis. The user validation engine identifies legitimate user events as those that move from the hardware level upward to pre-selected applications, identifies illegitimate user events as those that start at the kernel and/or API levels, and approves communication for legitimate events while denying communication for illegitimate events.