Computer system analysis method and apparatus
First Claim
1. A method of analysing a computer on which are installed a plurality of applications each comprising a set of inter-related objects, the method comprising:
- identifying a local dependency network for each of one or more of said applications, a local dependency network comprising at least a set of object paths and inter-object relationships;
comparing the or each local application dependency network against a database of known application dependency networks to determine whether the application associated with the local dependency network is known; and
using the results of the comparison to identify malware and/or orphan objects.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of analysing a computer on which are installed a plurality of applications each comprising a set of inter-related objects. The method first comprises identifying a local dependency network for each of one or more of said applications, a local dependency network comprising at least a set of object paths and inter-object relationships. The (or each) local application dependency network is then compared against a database of known application dependency networks to determine whether the application associated with the local dependency network is known. The results of the comparison are then used to identify malware and/or orphan objects.
24 Citations
16 Claims
-
1. A method of analysing a computer on which are installed a plurality of applications each comprising a set of inter-related objects, the method comprising:
-
identifying a local dependency network for each of one or more of said applications, a local dependency network comprising at least a set of object paths and inter-object relationships; comparing the or each local application dependency network against a database of known application dependency networks to determine whether the application associated with the local dependency network is known; and using the results of the comparison to identify malware and/or orphan objects. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A client computer comprising:
-
a system scanner for identifying a local dependency network for each of one or more applications installed on the client computer, a local application dependency network comprising at least a set of object paths and inter-object relationships; a result handler for obtaining the results of a comparison of the or each local application dependency network against a database of known application dependency networks to determine whether the application associated with the local application dependency network is known; and a policing unit for using the results of the comparison to identify malware and/or orphan objects.
-
-
16. A server computer system for serving a multiplicity of client computers, the server computer system comprising:
-
a database of known application dependency networks, each application dependency network including object paths and inter-object relationships; a receiver for receiving local application dependency networks from one or more of said client computers; a dependency network comparator for comparing the received local application dependency networks against the known application dependency networks in the database to determine whether associated local applications are known; and a transmitter for sending the results of the comparisons to the respective client computers.
-
Specification