The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Nov. 12, 2019
Filed:
Sep. 25, 2015
Mcafee, Llc, Santa Clara, CA (US);
Cedric Cochin, Portland, OR (US);
John D. Teddy, Portland, OR (US);
Ofir Arkin, Petach Tikva, IS;
James Bean, Tigard, OR (US);
Joel R. Spurlock, Newberg, OR (US);
Carl Woodward, Santa Clara, CA (US);
McAfee, LLC, Santa Clara, CA (US);
Abstract
A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide 'content-less' malware detection, i.e., detecting a process as being an 'anomaly' not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) 'trusted' application behaviors, i.e., the trusted applications' 'phenotypes' and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e., “application phenotypes”)—and later compare the processes executed on a user device to the stored behavioral models to determine whether the actual measured behavior reflects a “good” application, or if it differs from the stored behavioral models to a sufficient degree and with a sufficient degree of confidence, thus indicating a potentially malicious application or behavior.