×

System and method for dynamically detecting computer viruses through associative behavioral analysis of runtime state

  • US 6,973,577 B1
  • Filed: 05/26/2000
  • Issued: 12/06/2005
  • Est. Priority Date: 05/26/2000
  • Status: Expired due to Term
First Claim
Patent Images

1. A system for dynamically detecting computer viruses through associative behavioral analysis of runtime state, comprising:

  • a parameter set stored on a client system defining a group of monitored events, each monitored event comprising a set of one or more actions defined within an object, each action being performed by one or more applications executing within a defined computing environment;

    a monitor executing on the client system, comprising;

    a collector continuously monitoring runtime state within the defined computing environment for an occurrence of any one of the monitored events in the group and tracking a sequence of execution of the monitored events for each of the applications;

    an analyzer identifying each occurrence of a specific event sequence characteristic of behavior of a computer virus and the application which performed the specific event sequence, creating a histogram describing the specific event sequence occurrence for each of the applications, and identifying repetitions of the histogram associated with at least one object;

    a storage manager organizing the histograms into plurality of records ordered by object, application, and monitored event; and

    a structured database in which the plurality of records is stored;

    wherein the storage manager stores each histogram for each such specific event sequence occurrence in one such database record identified by the application by which the specific event sequence was performed;

    wherein the storage manager configures the structured database as an event log organized by each event in the group of monitored events and updates the database record storing each specific event sequence occurrence with a revised histogram as each such occurrence is identified.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×