×

Endpoint malware detection using an event graph

  • US 10,460,105 B2
  • Filed: 03/19/2018
  • Issued: 10/29/2019
  • Est. Priority Date: 04/15/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product for detecting malware on an endpoint in an enterprise network, the computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on the endpoint, performs the steps of:

  • instrumenting the endpoint to monitor a number of causal relationships among a number of computing objects at a plurality of logical locations within a computing environment related to the endpoint;

    selecting a set of logical locations from the plurality of logical locations, the set of logical locations excluding at least one logical location of the plurality of logical locations associated with a known, good process;

    recording a sequence of events causally relating the number of computing objects at the set of logical locations;

    creating an event graph based on the sequence of events;

    applying a malware detection rule to the event graph; and

    remediating the endpoint when the malware detection rule and the event graph indicate a compromised security state.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×