×

Detecting malicious software by analyzing patterns of system calls generated during emulation

  • US 6,775,780 B1
  • Filed: 03/16/2000
  • Issued: 08/10/2004
  • Est. Priority Date: 03/16/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A method for determining whether software is likely to exhibit malicious behavior by analyzing patterns of system calls made during emulation of the software, comprising:

  • receiving the software;

    emulating the software within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the software;

    recording a pattern of system calls directed to an operating system of the computer system during emulation of the software;

    comparing the pattern of system calls against a database containing suspect patterns of system calls;

    determining whether the software is likely to exhibit malicious behavior based upon the comparison; and

    terminating the method if one of the following occurs;

    a maximum number of instructions are executed during the emulation, and a maximum number of system calls are made during the emulation.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×