Method and apparatus for detecting malicious code in an information handling system
First Claim
Patent Images
1. A method for detecting malicious code in an information handling system, comprising:
- executing malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines;
applying the detection routines to executable code under investigation, the detection routines associating weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines; and
determining whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.
7 Assignments
0 Petitions
Accused Products
Abstract
Malicious code detection code is executed by an information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation. The detection routines associate weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines. It is determined whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.
251 Citations
104 Claims
-
1. A method for detecting malicious code in an information handling system, comprising:
-
executing malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines;
applying the detection routines to executable code under investigation, the detection routines associating weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines; and
determining whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting malicious code in an information handling system, comprising:
-
executing malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines for gathering information about executable code under investigation, the detection routines including at least one of the following;
(a) examining the code or program and (b) searching for information in the information handling system about the code or program, the detection routines including valid program detection routines and malicious code detection routines;
applying the detection routines to the executable code under investigation, the detection routines associating weights to respective code under investigation in response to detections of a valid program or malicious code as a function of at least one of the detection routines; and
determining whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines, wherein determining whether the code under investigation is a valid program or malicious code includes scoring an execution of the detection routines as a function of the weights, and wherein scoring includes configuring a scoring algorithm to identify code under investigation as malicious code in response to at least one of a valid score and a malicious code score. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for detecting malicious code on a information handling system, comprising:
-
executing detection routines, the detection routines examining at least one of the following;
characteristics and behaviors of executable code under investigation;
assigning weights as a function of the examined characteristics and behaviors, the assigned weights indicative of a valid program or malicious code as a function of the detection routines; and
determining whether executable code under investigation is malicious code as a function of the weights assigned by the detection routines. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A computer program stored on computer-readable media for detecting malicious code in an information handling system, the computer program including instructions processable by the information handing system for causing the information handling system to:
-
execute malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines for gathering information about executable code under investigation, the detection routines including at least one of the following;
(a) examining the executable code or program; and
(b) searching for information in the information handling system about the executable code or program, the detection routines including at least one of valid program detection routines and malicious code detection routines;
apply the detection routines to the executable code under investigation, the detection routines associating weights to respective code under investigation in response to detections of a valid program or malicious code as a function of at least one of the detection routines; and
determine whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines, wherein determining whether the code under investigation is a valid program or malicious code includes scoring an execution of the detection routines as a function of the weights, wherein scoring includes configuring a scoring algorithm to identify code under investigation as malicious code in response to at least one of a valid score and a malicious code score. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
-
49. A computer program stored on computer-readable media for detecting malicious code in an information handling system, the computer program including instructions processable by the information handling system for causing the information handling system to:
-
execute detection routines, the detection routines examining at least one of the following;
characteristics and behaviors of executable code under investigation;
assign weights as a function of the examined characteristics and behaviors, the assigned weights indicative of a valid program or malicious code as a function of the detection routines; and
determine whether executable code under investigation is malicious code as a function of the assigned weights. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. An information handling system, comprising:
-
a memory;
a processor; and
computer-readable code stored by the memory and processable by the processor for detecting malicious code, the computer-readable code including instructions for causing the processor to;
execute malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines for gathering information about executable code under investigation, the detection routines including at least one of the following;
(a) examining the executable code or program and (b) searching for information about the executable code or program in the information handling system, the detection routines including valid program detection routines and malicious code detection routines;
apply the detection routines to the executable code under investigation, the detection routines assigning weights to respective executable code under investigation in response to detections of a valid program or malicious code as a function of at least one of the detection routines; and
determine whether executable code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines, wherein determining whether the code under investigation is a valid program or malicious code includes scoring an execution of the detection routines as a function of the weights, and wherein scoring includes configuring a scoring algorithm to identify executable code under investigation as malicious code in response to at least one of a valid score and a malicious code score. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76)
-
-
77. An information handling system, comprising:
-
a memory;
a processor; and
computer-readable code stored by the memory and processable by the processor for detecting malicious code on the information handling system, the computer-readable code including instructions for causing the processor to;
execute detection routines, the detection routines examining at least one of the following;
characteristics and behaviors of programs;
assign weights as a function of the examined characteristics and behaviors, the assigned weights indicative of a valid program or malicious code as a function of the detection routines; and
determine whether executable code under investigation is malicious code as a function of the weights assigned by the detection routines. - View Dependent Claims (78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94)
-
-
95. A method for detecting malicious code in an information handling system, comprising:
-
executing malicious code detection code (MCDC) on the information handling system, the MCDC including detection routines;
applying the detection routines to code under investigation, the detection routines associating weights to respective code under investigation in response to detections of malicious code as a function of the detection routines; and
determining whether code under investigation is malicious code as a function of the weights associated by the detection routines. - View Dependent Claims (96, 97, 98, 99, 100, 101, 102, 103, 104)
-
Specification