Real time malicious software detection
First Claim
Patent Images
1. A method of detecting malicious software, wherein the method comprises:
- recording one or more previously intercepted activities in a list;
intercepting a request to perform an activity in a processing system;
determining an entity associated with the activity, wherein the entity comprises at least one of;
a requesting entity of the activity; and
a target entity of the activity;
analysing the entity and the activity to determine if the entity and the activity are associated with malicious software, wherein the entity and the activity are analysed by;
accessing one or more previously intercepted activities from the list, wherein a determination has not been made as to whether the previously intercepted activities are associated with malicious software;
comparing the activity and the accessed one or more previously intercepted activities to a sequence of known malicious activities;
in the event of a positive comparison, determining, in real time, that the entity and the activity are associated with malicious software; and
in the event that the entity and the activity are determined to be associated with malicious software, restricting the request to perform the activity in the processing system.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system, computer program product and/or computer readable medium of instructions for detecting malicious software, comprising intercepting a request to perform an activity in a processing system; determining an entity associated with the activity, wherein the entity comprises at least one of: a requesting entity of the activity; and a target entity of the activity; analysing the entity and the activity to determine if the request is associated with malicious software; and in the event that the request is determined to be associated with malicious software, restricting the request to perform the activity in the processing system.
-
Citations
15 Claims
-
1. A method of detecting malicious software, wherein the method comprises:
-
recording one or more previously intercepted activities in a list; intercepting a request to perform an activity in a processing system; determining an entity associated with the activity, wherein the entity comprises at least one of; a requesting entity of the activity; and a target entity of the activity; analysing the entity and the activity to determine if the entity and the activity are associated with malicious software, wherein the entity and the activity are analysed by; accessing one or more previously intercepted activities from the list, wherein a determination has not been made as to whether the previously intercepted activities are associated with malicious software; comparing the activity and the accessed one or more previously intercepted activities to a sequence of known malicious activities; in the event of a positive comparison, determining, in real time, that the entity and the activity are associated with malicious software; and in the event that the entity and the activity are determined to be associated with malicious software, restricting the request to perform the activity in the processing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system to detect malicious software, wherein the system is configured to:
-
record one or more previously intercepted activities in a list; intercept a request to perform an activity in a processing system; determine at least one of; a requesting entity of the activity; and a target entity of the activity; analyse at least one of the requesting entity, the target entity and the activity to determine if the entity and the activity are associated with malicious software, wherein the system is configured to; access one or more previously intercepted activities from the list, wherein a determination has not been made as to whether the previously intercepted activities are associated with malicious software; compare the activity and the accessed one or more previously intercepted activities to a sequence of known malicious activities; in the event of a positive comparison, determine, in real time, that the entity and the activity are associated with malicious software; and restrict the request to perform the activity in the processing system in the event that the entity and the activity are determined to be associated with malicious software.
-
-
15. A computer program product comprising a non-transitory computer readable medium having a computer program recorded therein or thereon, the computer program enabling detection of malicious software, wherein the computer program product configures the processing system to:
-
record one or more previously intercepted activities in a list; intercept a request to perform an activity in a processing system; determine at least one of; a requesting entity of the activity; and a target entity of the activity; analyse at least one of the requesting entity, the target entity and the activity to determine if the entity and the activity are associated with malicious software, wherein the computer program product configures the processing system to; access one or more previously intercepted activities from the list, wherein a determination has not been made as to whether the previously intercepted activities are associated with malicious software; compare the activity and the accessed one or more previously intercepted activities to a sequence of known malicious activities; in the event of a positive comparison, determine, in real time, that the entity and the activity are associated with malicious software; and restrict the request to perform the activity in the processing system in the event that the entity and the activity are determined to be associated with malicious software.
-
Specification