首页>
外国专利>
SIGNATURE-INDEPENDENT, SYSTEM BEHAVIOR-BASED MALWARE DETECTION
SIGNATURE-INDEPENDENT, SYSTEM BEHAVIOR-BASED MALWARE DETECTION
展开▼
机译:独立于信号的,基于系统行为的恶意软件检测
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method, system, and computer program product for detecting malware based upon system behavior. At least one process expected to be active is identified for a current mode of operation of a processing system comprising one or more resources. An expected activity level of the one or more resources of the processing system is calculated based upon the current mode of operation and the at least one process expected to be active. An actual activity level of the plurality of resources is determined. If a deviation is detected between the expected activity level and the actual activity level, a source of unexpected activity is identified as a potential cause of the deviation. Policy guidelines are used to determine whether the unexpected activity is legitimate. If the unexpected activity is not legitimate, the source of the unexpected activity is classified as malware.
展开▼