System and Method for Computer Malware Detection
First Claim
1. A system for detecting malicious programs, the system comprising:
- a processing system having at least one processor configurable toemulate execution of a program code;
monitor events of program execution;
classify the monitored events as malicious or non-malicious;
collect information about unclassifiable events; and
an analyst workstation connected to the processing system, the workstation includingmeans for isolating a program analyst from external audiovisual stimuli;
a video output device operable to display a list of unclassifiable events and event-related information to the program analyst; and
a user input device operable to receive analyst'"'"'s physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems and methods for computer malware detection. The system is configured to emulate execution of a program code, monitor events of program execution, classify the monitored events as malicious or non-malicious, and collect information about unclassifiable events. The system further includes one or more analyst workstations configured to isolate a program analyst from external audiovisual stimuli. The workstation includes a video output device operable to display a list of unclassifiable events and event-related information to the program analyst and a user input device operable to receive analyst'"'"'s physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior.
-
Citations
20 Claims
-
1. A system for detecting malicious programs, the system comprising:
-
a processing system having at least one processor configurable to emulate execution of a program code; monitor events of program execution; classify the monitored events as malicious or non-malicious; collect information about unclassifiable events; and an analyst workstation connected to the processing system, the workstation including means for isolating a program analyst from external audiovisual stimuli; a video output device operable to display a list of unclassifiable events and event-related information to the program analyst; and a user input device operable to receive analyst'"'"'s physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting malicious programs, the method comprising:
-
emulating execution of a program code; monitoring events of program execution; classifying the monitored events as malicious or non-malicious; collecting event-related information about unclassifiable events; presenting a list of unclassifiable events and event-related information to a program analyst via a head-mounted video display, detecting analyst'"'"'s physiological response to the presented information; and determining based on the detected response whether the presented list of unclassifiable events exhibits malicious behavior. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A malware detection system comprising:
-
a data store of malware-related information; a processing system being operable to classify a program event as malicious or non-malicious using at least malware-related information from the data store; and an analyst workstation connected to the processing system, the workstation including means for isolating a program analyst from external audiovisual stimuli; a video output device operable to display to the program analyst at least a portion of unclassifiable program code and program-related information; and a user input device operable to receive analyst'"'"'s physiological response indicative of whether the displayed unclassifiable program exhibits malicious behavior. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification