BEHAVIORAL MODEL BASED MALWARE PROTECTION SYSTEM AND METHOD
First Claim
1. A method comprising:
- generating a behavioral model configured to describe one or more interactions associated with a protected data accessible by way of a computing device;
determining an attempt to access the protected data is abnormal based, at least in part, on a comparison between the attempt to access the protected data and the behavioral model;
determining the abnormal attempt to access the protected data is a malicious process based, at least in part, on a determined degree of variation from the behavioral model; and
causing, by a processor, the malicious process to be remediated with respect to the computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of protecting a computing system or device against a malicious threat such as malware comprises generating a behavioral model configured to describe one or more interactions associated with a protected data accessible by way of a computing device. The method also comprises determining an attempt to access the protected is abnormal based, at least in part, on a comparison between the attempt to access the protected data and the behavioral model. The method further comprises determining the abnormal attempt to access the protected data is a malicious process based, at least in part, on a determined degree of variation from the behavioral model. The method additionally comprises causing, by a processor, the malicious process to be remediated with respect to the computing device.
-
Citations
25 Claims
-
1. A method comprising:
-
generating a behavioral model configured to describe one or more interactions associated with a protected data accessible by way of a computing device; determining an attempt to access the protected data is abnormal based, at least in part, on a comparison between the attempt to access the protected data and the behavioral model; determining the abnormal attempt to access the protected data is a malicious process based, at least in part, on a determined degree of variation from the behavioral model; and causing, by a processor, the malicious process to be remediated with respect to the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, generate a behavioral model configured to describe one or more interactions associated with a protected data accessible by way of a computing device; determine an attempt to access the protected data is abnormal based, at least in part, on a comparison between the attempt to access the protected data and the behavioral model; determine the abnormal attempt to access the protected data is a malicious process based, at least in part, on a determined degree of variation from the behavioral model; and cause the malicious process to be remediated with respect to the computing device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification