首页> 外国专利> SYSTEM AND METHOD FOR DETECTING NEW MALICIOUS EXECUTABLES, BASED ON DISCOVERING AND MONITORING CHARACTERISTIC SYSTEM CALL SEQUENCES

SYSTEM AND METHOD FOR DETECTING NEW MALICIOUS EXECUTABLES, BASED ON DISCOVERING AND MONITORING CHARACTERISTIC SYSTEM CALL SEQUENCES

机译：基于发现和监视特征系统调用序列的新恶意执行程序的检测系统和方法

页面导航

摘要
著录项
相似文献

摘要

The invention relates to a method for detecting malicious executables, which comprises: (a) in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database; and, in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious.

机译：本发明涉及一种用于检测恶意可执行文件的方法，该方法包括：（a）在离线训练阶段，当执行这些恶意文件时，找到仅特征在于恶意文件的系统调用序列的集合，并将所述序列存储在数据库;并且在运行时中，对于每个正在运行的可执行文件，连续监视其发出的运行时系统调用，并与数据库中存储的系统调用序列进行比较，以确定在运行时系统的一部分序列之间是否存在匹配项调用和一个或多个数据库序列，并在找到这样的匹配项时，将所述可执行文件声明为恶意。

著录项

公开/公告号US2010229239A1

专利类型
公开/公告日2010-09-09

原文格式PDF
申请/专利权人 BORIS ROZENBERG;EHUD GUDES;YUVAL ELOVICI;
展开▼

申请/专利号US20100697559
发明设计人 BORIS ROZENBERG;EHUD GUDES;YUVAL ELOVICI;
展开▼

申请日2010-02-01
分类号G06F11/30;G06F21/00;
国家 US
入库时间 2022-08-21 18:52:02

相似文献

专利
外文文献
中文文献