首页>
外国专利>
DETECTION OF HARMFUL SOFTWARE WITH CROSS-REVIEW
DETECTION OF HARMFUL SOFTWARE WITH CROSS-REVIEW
展开▼
机译:交叉检查检测有害软件
展开▼
页面导航
摘要
著录项
相似文献
摘要
In an example, a cross-view detection engine is disclosed for detecting malware behavior. Malware may attempt to avoid detection by remaining in volatile memory for as long as possible, and writing to disk only when necessary. To avoid detection, the malware may also provide a pseudo-driver at a file system level that performs legitimate-looking dummy operations. A firmware-level driver may simultaneously perform malicious operations. The cross-view detection engine detects this behavior by deconstructing call traces from the file system-level operations, and reconstructing call traces from firmware-level operations. If the traces do not match, the object may be flagged as suspicious.
展开▼