IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 10025929 B1

PDFFull Text
Date of Patent:
Jul. 17, 2018

Filed:

Nov. 05, 2013

Detection of anomalous program execution using hardware-based micro-architectural data

Applicants:

The Trustees of Columbia University IN the City of New York, New York, NY (US);

Lakshminarasimhan Sethumadhavan, New York, NY (US);

John Demme, New York, NY (US);

Jared Schmitz, New York, NY (US);

Adrian Tang, New York, NY (US);

Sal Stolfo, New York, NY (US);

Matthew Maycock, New York, NY (US);

Inventors:

Lakshminarasimhan Sethumadhavan, New York, NY (US);

John Demme, New York, NY (US);

Jared Schmitz, New York, NY (US);

Adrian Tang, New York, NY (US);

Sal Stolfo, New York, NY (US);

Matthew Maycock, New York, NY (US);

Assignee:

The Trustees of Columbia University in the City of New York, New York, NY (US);

Attorney:

Occhiuti & Rohlicek LLP

Primary Examiner:

Josnel Jeudy

Int. Cl.
CPC ...
H04L 9/00 (2006.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06N 99/00 (2010.01); H04L 9/32 (2006.01); H04L 29/06 (2006.01); G06F 11/34 (2006.01);
U.S. Cl.
CPC ...
G06F 21/566 (2013.01); G06F 21/572 (2013.01); G06N 99/005 (2013.01); H04L 9/3239 (2013.01); H04L 63/0428 (2013.01); G06F 11/3466 (2013.01); G06F 2201/88 (2013.01); G06F 2221/034 (2013.01);
Abstract

Disclosed are devices, systems, apparatus, methods, products, media and other implementations, including a method that includes obtaining hardware-based micro-architectural data, including hardware-based micro-architectural counter data, for a hardware device executing one or more processes, and determining based, at least in part, on the hardware-based micro-architectural data whether at least one of the one or more processes executing on the hardware device corresponds to a malicious process. In some embodiments, determining based on the hardware-based micro-architectural data whether the at least one of the one or more processes corresponds to a malicious process may include applying one or more machine-learning procedures to the hardware-based micro-architectural data to determine whether the at least one of the one or more processes corresponds to the malicious process.

Find Patent Forward Citations

Loading…