METHODS, SYSTEMS, AND MEDIA FOR DETECTING COVERT MALWARE
First Claim
1. A method for detecting covert malware in a computing environment, the method comprising:
- receiving a first set of user actions;
generating a second set of user actions based on the first set of user actions and a model of user activity;
conveying the second set of user actions to an application inside the computing environment;
determining whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and
determining whether covert malware is present in the computing environment based at least in part on the determination.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and media for detecting covert malware are provided. In accordance with some embodiments, a method for detecting covert malware in a computing environment is provided, the method comprising: receiving a first set of user actions; generating a second set of user actions based on the first set of user actions and a model of user activity; conveying the second set of user actions to an application inside the computing environment; determining whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and determining whether covert malware is present in the computing environment based at least in part on the determination.
50 Citations
23 Claims
-
1. A method for detecting covert malware in a computing environment, the method comprising:
-
receiving a first set of user actions; generating a second set of user actions based on the first set of user actions and a model of user activity; conveying the second set of user actions to an application inside the computing environment; determining whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and determining whether covert malware is present in the computing environment based at least in part on the determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting covert malware in a computing environment, the system comprising:
a hardware processor that is configured to; receive a first set of user actions; generate a second set of user actions based on the first set of user actions and a model of user activity; convey the second set of user actions to an application inside the computing environment; determine whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and determine whether covert malware is present in the computing environment based at least in part on the determination. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
23. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a processor, cause the processor to perform a method for detecting covert malware in a computing environment, the method comprising:
-
receiving a first set of user actions; generating a second set of user actions based on the first set of user actions and a model of user activity; conveying the second set of user actions to an application inside the computing environment; determining whether state information of the application matches an expected state after the second set of user actions is conveyed to the application; and determining whether covert malware is present in the computing environment based at least in part on the determination.
-
Specification