The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 28, 2010
Filed:
Feb. 07, 2007
Suzanne Mcintosh, Clifton, NJ (US);
Daniel Brand, Millwood, NY (US);
Matthew Kaplan, New York, NY (US);
Paul A. Karger, Chappaqua, NY (US);
Michael G. Mcintosh, Clifton, NJ (US);
Elaine R. Palmer, Golden Bridges, NY (US);
Amitkumar M. Paradkar, Mohegan Lake, NY (US);
David Toll, Wappingers Falls, NY (US);
Samuel M. Weber, New York, NY (US);
Suzanne McIntosh, Clifton, NJ (US);
Daniel Brand, Millwood, NY (US);
Matthew Kaplan, New York, NY (US);
Paul A. Karger, Chappaqua, NY (US);
Michael G. McIntosh, Clifton, NJ (US);
Elaine R. Palmer, Golden Bridges, NY (US);
Amitkumar M. Paradkar, Mohegan Lake, NY (US);
David Toll, Wappingers Falls, NY (US);
Samuel M. Weber, New York, NY (US);
International Business Machines Corporation, Armonk, NY (US);
Abstract
A method for malware detection, wherein the method includes: utilizing a hardware based program flow monitor (PFM) for embedded software that employs a static analysis of program code; marrying the program code to addresses, while considering which central processing unit (CPU) is executing the program code; capturing an expected control flow of the program code, and storing the control flow as physical address pairs of leaders and followers (LEAD-FOLL pair) in a Metadata Store (MDS) within the PFM; monitoring control flow at runtime by the PFM; and comparing runtime control flow with the expected control flow.