Systems and methods for detecting malware-induced crashes
First Claim
1. A computer-implemented method for detecting malware-induced crashes, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, by analyzing a health log associated with a previously stable computing device, an occurrence of an unexpected stability problem on the previously stable computing device, wherein the health log tracks at least one of;
the overall stability of the previously stable computing device over time;
the stability, over time, of application software installed on the previously stable computing device; and
the stability, over time, of system software installed on the previously stable computing device;
identifying, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device;
identifying a community of computing devices operating within at least one of a particular enterprise and a particular industry, the community of computing devices comprising the previously stable computing device;
determining that the event is potentially malicious based at least on;
the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device;
a determination that other computing devices within the community of computing devices have also experienced the unexpected stability problem;
a determination that computing devices outside of the community of computing devices have not experienced the unexpected stability problem; and
a determination that the event is potentially part of an advanced persistent threat targeted at the community of computing devices; and
performing a security action in response to determining that the event is potentially malicious that improves at least one of the security, performance, and stability of at least one of the previously stable computing device and one or more additional computing devices.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting malware-induced crashes may include (1) identifying, by analyzing a health log associated with a previously stable computing device, the occurrence of an unexpected stability problem on the previously stable computing device, (2) identifying, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, (3) determining, due at least in part to the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, that the event is potentially malicious, and (4) performing a security action in response to determining that the event is potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.
10 Citations
20 Claims
-
1. A computer-implemented method for detecting malware-induced crashes, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, by analyzing a health log associated with a previously stable computing device, an occurrence of an unexpected stability problem on the previously stable computing device, wherein the health log tracks at least one of; the overall stability of the previously stable computing device over time; the stability, over time, of application software installed on the previously stable computing device; and the stability, over time, of system software installed on the previously stable computing device; identifying, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; identifying a community of computing devices operating within at least one of a particular enterprise and a particular industry, the community of computing devices comprising the previously stable computing device; determining that the event is potentially malicious based at least on; the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; a determination that other computing devices within the community of computing devices have also experienced the unexpected stability problem; a determination that computing devices outside of the community of computing devices have not experienced the unexpected stability problem; and a determination that the event is potentially part of an advanced persistent threat targeted at the community of computing devices; and performing a security action in response to determining that the event is potentially malicious that improves at least one of the security, performance, and stability of at least one of the previously stable computing device and one or more additional computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for detecting malware-induced crashes, the system comprising:
-
an identification module, stored in memory, that; identifies, by analyzing a health log associated with a previously stable computing device, an occurrence of an unexpected stability problem on the previously stable computing device, wherein the health log tracks at least one of; the overall stability of the previously stable computing device over time; the stability, over time, of application software installed on the previously stable computing device; and the stability, over time, of system software installed on the previously stable computing device; identifies, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; and identifies a community of computing devices operating within at least one of a particular enterprise and a particular industry, the community of computing devices comprising the previously stable computing device; a determination module, stored in memory, that determines that the event is potentially malicious based at least on; the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; a determination that other computing devices within the community of computing devices have also experienced the unexpected stability problem; a determination that computing devices outside of the community of computing devices have not experienced the unexpected stability problem; and a determination that the event is potentially part of an advanced persistent threat targeted at the community of computing devices; and
;a security module, stored in memory, that performs a security action in response to determining that the event is potentially malicious that improves at least one of the security, performance, and stability of at least one of the previously stable computing device and one or more additional computing devices; and at least one physical processor that executes the identification module, the determination module, and the security module. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, by analyzing a health log associated with a previously stable computing device, an occurrence of an unexpected stability problem on the previously stable computing device, wherein the health log tracks at least one of; the overall stability of the previously stable computing device over time; the stability, over time, of application software installed on the previously stable computing device; and the stability, over time, of system software installed on the previously stable computing device; identify, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; identify a community of computing devices operating within at least one of a particular enterprise and a particular industry, the community of computing devices comprising the previously stable computing device; determine that the event is potentially malicious based at least on; the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device; a determination that other computing devices within the community of computing devices have also experienced the unexpected stability problem; a determination that computing devices outside of the community of computing devices have not experienced the unexpected stability problem; and a determination that the event is potentially part of an advanced persistent threat targeted at the community of computing devices; and perform a security action in response to determining that the event is potentially malicious that improves at least one of the security, performance, and stability of at least one of the previously stable computing device and one or more additional computing devices.
-
Specification