×

UNSUPERVISED ANOMALY-BASED MALWARE DETECTION USING HARDWARE FEATURES

  • US 20160275289A1
  • Filed: 03/14/2014
  • Published: 09/22/2016
  • Est. Priority Date: 03/18/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method for unsupervised anomaly-based malware detection using hardware features, the method comprising:

  • obtaining current hardware performance data, including hardware performance time-varying counter data, for a hardware device executing a first process associated with recorded hardware performance data representative of the first process'"'"' normal behavior;

    identifying a set of hardware performance data from the obtained current hardware performance data based at least on a degree of effectiveness of one or more features associated with hardware performance data;

    aggregating the identified set of hardware performance data;

    transforming the aggregated set of hardware performance data based on one or more transform functions; and

    determining whether an anomalous process is affecting performance of the first process based on a determination of an extent of deviation of the transformed set of hardware performance data corresponding to the first process from the recorded hardware performance data representative of the normal behavior of the first process.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×