×

Behavioral-based host intrusion prevention system

  • US 9,210,182 B2
  • Filed: 07/07/2014
  • Issued: 12/08/2015
  • Est. Priority Date: 07/21/2009
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product embodied in a non-transitory computer readable medium that, when executing on one or more computers, performs the steps of:

  • monitoring an executing computer process for an indication of malicious behavior, wherein the indication of the malicious behavior is a result of comparing an operation with a predetermined behavior, referred to as a gene, where the gene is stored for reference in a database and wherein the gene relates to at least one of API calls, registry access, process manipulation, and file system access;

    performing the monitoring step a number of times to collect a plurality of malicious behavior indications;

    comparing the plurality of malicious behavior indications to one or more phenotypes that rank combinations of behaviors according to increasing levels of confidence that a runtime object is executing a behavior pattern comparable to a known family of malware;

    triggering a content analysis of the process when the plurality of malicious behavior indications for the process corresponds to one of the number of phenotypes having a predetermined level of confidence that the process contains a known family of malware, wherein a type of the content analysis is based on the one of the number of phenotypes, thereby providing a prediction; and

    causing an action based on the prediction.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×