MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING
Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or p...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Traynor, Patrick G Butler, Kevin Scaife, Walter N Carter, Henry |
| description | Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US2019228153A1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US2019228153A1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US2019228153A13</originalsourceid><addsrcrecordid>eNrjZDDxdfQJdwxyVXBxDXF1DvH091MI83RUcHEMcVQICXL0C3bzD_J1BIv7-vt5hvgHefq58zCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDSyMjC0NTY0dDY-JUAQB7eyiQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING</title><source>esp@cenet</source><creator>Traynor, Patrick G ; Butler, Kevin ; Scaife, Walter N ; Carter, Henry</creator><creatorcontrib>Traynor, Patrick G ; Butler, Kevin ; Scaife, Walter N ; Carter, Henry</creatorcontrib><description>Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2019</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20190725&DB=EPODOC&CC=US&NR=2019228153A1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25543,76294</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20190725&DB=EPODOC&CC=US&NR=2019228153A1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Traynor, Patrick G</creatorcontrib><creatorcontrib>Butler, Kevin</creatorcontrib><creatorcontrib>Scaife, Walter N</creatorcontrib><creatorcontrib>Carter, Henry</creatorcontrib><title>MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING</title><description>Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2019</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZDDxdfQJdwxyVXBxDXF1DvH091MI83RUcHEMcVQICXL0C3bzD_J1BIv7-vt5hvgHefq58zCwpiXmFKfyQmluBmU31xBnD93Ugvz41OKCxOTUvNSS-NBgIwNDSyMjC0NTY0dDY-JUAQB7eyiQ</recordid><startdate>20190725</startdate><enddate>20190725</enddate><creator>Traynor, Patrick G</creator><creator>Butler, Kevin</creator><creator>Scaife, Walter N</creator><creator>Carter, Henry</creator><scope>EVB</scope></search><sort><creationdate>20190725</creationdate><title>MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING</title><author>Traynor, Patrick G ; Butler, Kevin ; Scaife, Walter N ; Carter, Henry</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US2019228153A13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2019</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>Traynor, Patrick G</creatorcontrib><creatorcontrib>Butler, Kevin</creatorcontrib><creatorcontrib>Scaife, Walter N</creatorcontrib><creatorcontrib>Carter, Henry</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Traynor, Patrick G</au><au>Butler, Kevin</au><au>Scaife, Walter N</au><au>Carter, Henry</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING</title><date>2019-07-25</date><risdate>2019</risdate><abstract>Techniques and systems are described for detecting malware's bulk transformation of a user's data before the malware is able to complete the data transformation. Included are methods and systems for enabling malware detection by monitoring the file operations of a computer application or process for particular kinds of suspicious data transformation indicators. Indicators include primary indicators, such as file-type signature changes, notable changes in file data entropy, and out-of-range similarity measurements between the read and write versions of file data, as well as secondary indicators, such as a large number of file deletions and a large reduction in the number of file-types written versus read by a process over time. When indicators are triggered by a process, an adjustment to the process' malware score is made; in the event that the process' malware score reaches a malware detection threshold, the process is marked as malware and appropriate actions are taken.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_epo_espacenet_US2019228153A1 |
| source | esp@cenet |
| subjects | CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS |
| title | MALWARE DETECTION VIA DATA TRANSFORMATION MONITORING |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T07%3A49%3A30IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Traynor,%20Patrick%20G&rft.date=2019-07-25&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS2019228153A1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |