Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for reducing load on an operating system when executing antivirus operations

Active Publication Date: 2015-06-02
AO KASPERSKY LAB
View PDF23 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The invention relates to selectively performing malware analysis of objects in a computer system. It assigns a trust level to each object and monitors events that are informative of its trust status. Based on the trust level, the system determines if malware analysis is needed and performs it accordingly. The technical effect of this invention is improved efficiency and accuracy in identifying malicious software in an automated manner, while reducing the likelihood of false positives.

Problems solved by technology

The above-described technologies, used jointly to detect malicious programs, have one substantial deficiency.
This deficiency is related to the fact that a malicious code (for example, due to a vulnerability of the program or of the operating system) can infiltrate the address space of a trusted process and continue to be executed with the rights of the trusted process.
In known approaches for detecting malicious programs, monitoring, analysis, and evaluation of the behavior of all the processes, are very resource-consuming tasks, the performance of which can cause the so-called “freezing” of the applications run by the user or of the whole operating system.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

I Glossary

[0017]The following Glossary sets forth definitions of terms used herein. This Glossary is applicable to only the present Application.

[0018]“Antivirus analysis,”“malware analysis,”“security-related analysis”—performance of a detailed evaluation as to possible maliciousness of an object. One or more of a variety of different techniques can be employed, including signature analysis (i.e., checking for the presence of known patterns in the object), heuristic techniques, emulation, and the like. Antivirus analysis of a process involves examining all of the events occurring during the execution of the associated program code. In general, antivirus analysis is more computationally expensive (i.e., involving more time, more processor cycles, etc.) than a trust status evaluation.

“Computer,”“computer system”, and “computing System”—an electronic device or system of inter-operable electronic devices containing hardware including one or more processors, data storage, input-output dev...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

An initial trust status is assigned to a first object, the trust status representing one of either a relatively higher trust level or a relatively lower trust level. Based on the trust status, the first object is associated with an event type to be monitored, where the event type is selected from among: essential events, occurrence of which is informative as to trust status evaluating for an object, and critical events, including the essential events, and additional events, occurrence of which is informative as to execution of suspicious code. Occurrences of events relating to the first object are monitored. In response to the first object being assigned the relatively higher trust level, only the essential events are monitored. In response to the first object being assigned the relatively lower trust level, the critical events are monitored. A need for performing malware analysis is determined based on the trust status of the first object and the event type. In response to determination of the need for performing the malware analysis, the malware analysis for the first object is either performed, or not.

Description

PRIOR APPLICATION[0001]This Application claims the benefit of Russian Federation Patent Application No. 2013153767, filed Dec. 5, 2013, the content of which is incorporated by reference herein.FIELD OF THE INVENTION[0002]The invention relates generally to information processing systems and security and, more particularly, to systems and methods for improving efficiency of anti-malware operations.BACKGROUND OF THE INVENTION[0003]Malicious software, commonly referred to as malware, describes any software designed for infiltration into a computer system in order to gain control over such a system and to perform unauthorized actions, such as theft of confidential information, for example. A wide variety of malware exists today, including network worms, trojan programs, rootkits, exploits and computer viruses. Therefore, many owners of computer devices (for example, personal computers) use various antivirus applications for protection, which allow to detect and remove malicious programs....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56H04L29/06G06F21/50G06F21/55
CPCH04L63/145H04L63/1408H04L63/1441G06F21/56G06F21/565G06F21/50H04L63/1425G06F21/564G06F21/566G06F21/554H04L63/14H04L63/1416
Inventor SOBKO, ANDREY V.YUDIN, MAXIM V.MEZHUEV, PAVEL N.GODUNOV, ILYA B.SHIROKY, MAXIM A.
Owner AO KASPERSKY LAB
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More