首页>
外国专利>
SYSTEM AND METHOD FOR DETECTING NEW MALICIOUS EXECUTABLES, BASED ON DISCOVERING AND MONITORING CHARACTERISTIC SYSTEM CALL SEQUENCES
SYSTEM AND METHOD FOR DETECTING NEW MALICIOUS EXECUTABLES, BASED ON DISCOVERING AND MONITORING CHARACTERISTIC SYSTEM CALL SEQUENCES
展开▼
机译:基于发现和监视特征系统调用序列的新恶意执行程序的检测系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
The invention relates to a method for detecting malicious executables, which comprises: (a) in an offline training phase, finding a collection of system call sequences that are characteristic only to malicious files, when such malicious files are executed, and storing said sequences in a database; and, in runtime, for each running executable, continuously monitoring its issued run-time system calls and comparing with the stored sequences of system calls within the database to determine whether there exists a match between a portion of the sequence of the run-time system calls and one or more of the database sequences, and when such a match is found, declaring said executable as malicious.
展开▼