×

METHODS AND SYSTEMS FOR ENCODING COMPUTER PROCESSES FOR MALWARE DETECTION

  • US 20160164901A1
  • Filed: 12/04/2015
  • Published: 06/09/2016
  • Est. Priority Date: 12/05/2014
  • Status: Active Grant
First Claim
Patent Images

1. In a managed network of computers, a method for encoding computer processes for malicious program detection, comprising the steps of:

  • (a) randomly sampling a trace of system calls collected over an observation interval, each system call including context information and memory addresses for the function being monitored;

    (b) computing system address differences from the trace of system calls and retaining the computed values;

    (c) forming a group of n-grams (words) of retained differences of system addresses from the trace of system calls;

    (d) forming a series of process snippets, each process snippet including context information and the retained differences of system addresses;

    (e) transforming each process snippet to form a compact representation (process dot) comprising a pair of elements custom-characterc, acustom-character, wherein c includes the context information and a is a sparse vector that encodes information derived from the group of n-grams;

    (f) forming clusters of compact representations;

    (g) obtaining clusters of compact representations from one or more malicious program-free computers; and

    (h) comparing the clusters formed in step (f) to those obtained in step (g) and determining the presence of malicious program from the comparison;

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×