The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jan. 02, 2018
Filed:
Dec. 04, 2015
Permissionbit, McLean, VA (US);
Ronnie Mainieri, Vienna, VA (US);
Curtis A. Hastings, Bethesda, MD (US);
PERMISSIONBIT, McLean, VA (US);
Abstract
A method for encoding computer processes for malicious program detection. The method includes the steps of (a) randomly sampling a trace of system calls collected over a predetermined interval, each system call including context information and memory addresses for the function being monitored; (b) computing system address differences from the trace of system calls and retaining the computed values; (c) forming a group of n-grams (words) of retained differences of system addresses from the trace of system calls; (d) forming a series of process snippets, each process snippet including context information and the retained differences of system addresses; (e) transforming each process snippet to form a compact representation (process dot) comprising a pair of elementsc, a, wherein c includes the context information and a is a sparse vector that encodes information derived from the group of n-grams; (f) forming clusters of compact representations; (g) obtaining clusters of compact representations from one or more malicious program-free computers; and (h) comparing the clusters formed in step (f) to those obtained in step (g) and determining the presence of malicious program from the comparison.