Method, computer software, and system for providing end to end security protection of an online transaction
First Claim
1. A method, comprising:
- while a program is running on an information handling system in a manner that permits the program to infect the information handling system, the information handling system calculating a first score and a second score, wherein the first score is indicative of the likelihood that the program is malicious, wherein the second score is indicative of the likelihood that the program is valid, and wherein the calculating includes running a detection routine that performs a call to an application programming interface (API) of an operating system of the information handling system to gather information about the program, wherein the first score is calculated based on weighted results of those ones of a first plurality of detection routines that indicate a likelihood that the program is malicious, and wherein the second score is calculated based on weighted results of those ones of a second plurality of detection routines that indicate a likelihood that the program is valid; and
the information handling system categorizing the program with respect to the likelihood of the program infecting the information handling system, wherein the categorizing includes categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for categorizing programs running on an information handling system. One method includes, while a program is running on an information handling system in a manner that permits the program to infect the information handling system, calculating a first score and a second score. The first score is indicative of the likelihood that the program is malicious; the second score is indicative of the likelihood that the program is valid. This method further includes categorizing the program with respect to the likelihood of the program infecting the information handling system, including by categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score.
80 Citations
18 Claims
-
1. A method, comprising:
-
while a program is running on an information handling system in a manner that permits the program to infect the information handling system, the information handling system calculating a first score and a second score, wherein the first score is indicative of the likelihood that the program is malicious, wherein the second score is indicative of the likelihood that the program is valid, and wherein the calculating includes running a detection routine that performs a call to an application programming interface (API) of an operating system of the information handling system to gather information about the program, wherein the first score is calculated based on weighted results of those ones of a first plurality of detection routines that indicate a likelihood that the program is malicious, and wherein the second score is calculated based on weighted results of those ones of a second plurality of detection routines that indicate a likelihood that the program is valid; and the information handling system categorizing the program with respect to the likelihood of the program infecting the information handling system, wherein the categorizing includes categorizing the program as valid code based on the second score being above a threshold value, regardless of the first score. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable storage medium storing instructions executable by a computer system to:
-
calculate a first score and a second score, wherein the first score is indicative of a likelihood that a program running on the computer system is malicious, wherein the first score is calculated based on weighted results of those ones of a first plurality of detection routines that indicate a likelihood that the program is malicious, wherein the second score is indicative of a likelihood that the program is valid, wherein the second score is calculated based on weighted results of those ones of a second plurality of detection routines that indicate a likelihood that the program is valid, and wherein calculating the first score or the second score is based on a result from running a detection routine that performs a call to an application programming interface (API) of an operating system of the computer system to gather information about the program; and categorize the program as valid code based on a comparison of the second score to a valid threshold value, regardless of the first score. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium storing instructions that, if executed by a computing device, cause the computing device to:
-
perform a plurality of detection routines to gather information relating to a program running on the computing device, wherein the plurality of detection routines includes a detection routine that performs a call to an application programming interface (API) of an operating system to gather information about the program; calculate a first score based on weighted results of those ones of the plurality of detection routines that indicate a likelihood that the program is malicious; calculate a second score based on weighted results of those ones of the plurality of detection routines that indicate a likelihood that the program is valid; and categorize the program as valid based on a comparison of the second score to a valid threshold value, regardless of the first score. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification