Detecting malicious processes based on process location
First Claim
Patent Images
1. A method for identifying malicious processes, the method comprising:
- receiving, using an interface, at least one path indicating where a process was launched;
parsing, using an analysis module executing instructions stored on a memory, the at least one path into at least one individual component;
computing, using the analysis module, at least one inequality indicator for the at least one path to determine whether the process is malicious; and
isolating the process upon determining the process is malicious.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for detecting malicious processes. Methods described herein gather data regarding process locations and calculate one or more inequality indicators related to the process paths based on economic principles. Instances of inequality with respect to process paths may indicate a path is uncommon and therefore the associated binary is used for malicious purposes.
16 Citations
20 Claims
-
1. A method for identifying malicious processes, the method comprising:
-
receiving, using an interface, at least one path indicating where a process was launched; parsing, using an analysis module executing instructions stored on a memory, the at least one path into at least one individual component; computing, using the analysis module, at least one inequality indicator for the at least one path to determine whether the process is malicious; and isolating the process upon determining the process is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for identifying malicious processes, the system comprising:
-
an interface configured to receive at least one path indicating where a process was launched; a memory; and an analysis module configured to execute instructions stored on the memory to; parse the at least one path into at least one individual component; compute at least one inequality indicator for the at least one path to determine whether the process is malicious; and isolate a process upon determining the process is malicious. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification