MALWARE DETECTION AND IDENTIFICATION USING DEVIATIONS IN ONE OR MORE OPERATING PARAMETERS
First Claim
1. A method, comprising:
- monitoring current operating parameters for a computing system running one or more application;
obtaining baseline operating parameters for the computing system running the one or more application in the absence of malware;
identifying a deviation between the current operating parameters and the baseline operating parameters; and
determining whether the identified deviation matches a deviation associated with a predetermined malware definition.
2 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for detecting malware, such as a virus or spyware. The method looks for deviations expected operating parameters instead of focusing solely on conventional malware signatures. The method includes monitoring current operating parameters for a computing system running one or more application, obtaining baseline operating parameters for the computing system running the one or more application in the absence of malware, identifying a deviation between the current operating parameters and the baseline operating parameters, and determining whether the identified deviation matches a deviation associated with a predetermined malware definition.
9 Citations
20 Claims
-
1. A method, comprising:
-
monitoring current operating parameters for a computing system running one or more application; obtaining baseline operating parameters for the computing system running the one or more application in the absence of malware; identifying a deviation between the current operating parameters and the baseline operating parameters; and determining whether the identified deviation matches a deviation associated with a predetermined malware definition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to perform a method comprising:
-
monitoring current operating parameters for a computing system running one or more application; obtaining baseline operating parameters for the computing system running the one or more application in the absence of malware; identifying a deviation between the current operating parameters and the baseline operating parameters; and determining whether the identified deviation matches a deviation associated with a predetermined malware definition. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification