SYSTEM AND METHOD FOR PROACTIVE DETECTION OF MALWARE DEVICE DRIVERS VIA KERNEL FORENSIC BEHAVIORAL MONITORING AND A BACK-END REPUTATION SYSTEM
First Claim
Patent Images
1. A method for detecting malware device drivers, comprising:
- identifying one or more device drivers loaded on an electronic device;
analyzing the device drivers to determine suspicious device drivers, the suspicious device drivers not recognized as not comprising malware;
accessing information about the suspicious device drivers in a reputation system, the reputation system configured to store information about suspicious device drivers; and
evaluating whether the suspicious device drivers comprise malware, wherein the evaluation is based upon historical data regarding the suspicious device driver.
10 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malware device drivers includes the steps of identifying one or more device drivers loaded on an electronic device, analyzing the device drivers to determine suspicious device drivers, accessing information about the suspicious device drivers in a reputation system, and evaluating whether the suspicious device driver include malware. The suspicious device drivers are not recognized as not including malware. The reputation system is configured to store information about suspicious device drivers. The evaluation is based upon historical data regarding the suspicious device driver.
119 Citations
42 Claims
-
1. A method for detecting malware device drivers, comprising:
-
identifying one or more device drivers loaded on an electronic device; analyzing the device drivers to determine suspicious device drivers, the suspicious device drivers not recognized as not comprising malware; accessing information about the suspicious device drivers in a reputation system, the reputation system configured to store information about suspicious device drivers; and evaluating whether the suspicious device drivers comprise malware, wherein the evaluation is based upon historical data regarding the suspicious device driver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An article of manufacture, comprising:
-
a computer readable medium; and computer-executable instructions carried on the computer readable medium, the instructions readable by a processor, the instructions, when read and executed, for causing the processor to; identify one or more device drivers loaded on an electronic device; analyze the device drivers to determine suspicious device drivers, the suspicious device drivers not recognized as not comprising malware; access information about the suspicious device drivers in a reputation system, the reputation system configured to store information about suspicious device drivers; and evaluate whether the suspicious device drivers comprise malware device drivers, wherein the evaluation is based upon historical data regarding the suspicious device drivers. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for detecting malware device drivers, comprising:
-
a monitor, the monitor configured to; identify one or more device drivers loaded on an electronic device; analyze the device drivers to determine suspicious device drivers, the suspicious device drivers not recognized as not comprising malware; and send information about the suspicious device driver to a reputation system; and a reputation system, the reputation system configured to; access information about the suspicious device driver in a reputation database, the reputation database configured to store information about suspicious device drivers; and evaluate whether the suspicious device driver is a malware device driver, wherein the evaluation is based upon historical data regarding the suspicious device driver; wherein the monitor and reputation system are communicatively coupled. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification