×

Techniques for classifying non-process threats

  • US 9,652,616 B1
  • Filed: 03/14/2011
  • Issued: 05/16/2017
  • Est. Priority Date: 03/14/2011
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for improving classification of non-process threats to computers comprising:

  • generating, using a trace component operating within a non-process threat classification component module stored in computer memory, trace data of at least one observable event during execution of a process by an interpreter, wherein generating trace data comprises using context information to identify execution information associated with the at least one observable event;

    identifying, using at least one computer processor, a script file associated with the process executed by the interpreter, wherein the script the is identified using command line arguments provided during the execution of the process;

    associating the trace data with the script file;

    representing, using a feature representation component operating within the non-process threat classification component module, a first feature of the at least one observable event of the trace data;

    calculating, using a similarity evaluation component operating within the non-process threat classification component module, a similarity between the first feature and at least one sample feature of a known non-process threat; and

    classifying, using the similarity evaluation component, the script the as a non-process threat based on the similarity.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×