[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2019229503A1 - Application specific malware detection in a co-processing system - Google Patents

Application specific malware detection in a co-processing system Download PDF

Info

Publication number
WO2019229503A1
WO2019229503A1 PCT/IB2018/053912 IB2018053912W WO2019229503A1 WO 2019229503 A1 WO2019229503 A1 WO 2019229503A1 IB 2018053912 W IB2018053912 W IB 2018053912W WO 2019229503 A1 WO2019229503 A1 WO 2019229503A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
malware
memory
memory dump
general purpose
Prior art date
Application number
PCT/IB2018/053912
Other languages
French (fr)
Inventor
Pratik Sharma
Original Assignee
Pratik Sharma
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pratik Sharma filed Critical Pratik Sharma
Priority to PCT/IB2018/053912 priority Critical patent/WO2019229503A1/en
Publication of WO2019229503A1 publication Critical patent/WO2019229503A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware

Definitions

  • the general purpose processor maintains a hash map per application consisting of the malware name or identifier as the key and the value as the list of references or physical addresses of the memory dumps associated with the malware.
  • Application specific malware detection service running on a co-processing system consisting of a general purpose processor to which a hardware accelerator is coupled receives an application identifier or an application specific tag along with the application memory dump for analysis.
  • Memory dump of the application affected by the malware is offloaded by the general purpose processor to the hardware accelerator coupled to the general purpose processor by storing application memory dump and a reference or the physical address of the hash map corresponding to the application to system memory and indicating to the hardware accelerator that the application memory dump is available for content scanning.
  • the hardware accelerator then scans the application memory dump to derive various characteristics related to the application memory dump and matches it against the characteristics of different memory dumps of different malware obtained from the hash map corresponding to the application to detect the application specific malware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Here the general purpose processor maintains a hash map per application consisting of the malware name or identifier as the key and the value as the list of references or physical addresses of the memory dumps associated with the malware. Memory dump of the application affected by the malware is offloaded by the general purpose processor to the hardware accelerator coupled to the general purpose processor by storing application memory dump and a reference or the physical address of the hash map corresponding to the application to system memory and indicating to the hardware accelerator that the application memory dump is available for content scanning. The hardware accelerator then scans the application memory dump to derive characteristics related to application memory dump and matches it against the characteristics of different memory dumps of different malware obtained from the hash map corresponding to the application to detect the application specific malware.

Description

Application Specific Malware Detection In A Co-processing System
In this invention we provide application specific malware detection in a co processing system. Here the general purpose processor maintains a hash map per application consisting of the malware name or identifier as the key and the value as the list of references or physical addresses of the memory dumps associated with the malware. Application specific malware detection service running on a co-processing system consisting of a general purpose processor to which a hardware accelerator is coupled receives an application identifier or an application specific tag along with the application memory dump for analysis. Memory dump of the application affected by the malware is offloaded by the general purpose processor to the hardware accelerator coupled to the general purpose processor by storing application memory dump and a reference or the physical address of the hash map corresponding to the application to system memory and indicating to the hardware accelerator that the application memory dump is available for content scanning. The hardware accelerator then scans the application memory dump to derive various characteristics related to the application memory dump and matches it against the characteristics of different memory dumps of different malware obtained from the hash map corresponding to the application to detect the application specific malware.

Claims

Claims Following is the claim for this invention: -
1 . In this invention we provide application specific malware detection in a co
processing system. Here the general purpose processor maintains a hash map per application consisting of the malware name or identifier as the key and the value as the list of references or physical addresses of the memory dumps associated with the malware. Application specific malware detection service running on a co processing system consisting of a general purpose processor to which a hardware accelerator is coupled receives an application identifier or an application specific tag along with the application memory dump for analysis. Memory dump of the application affected by the malware is offloaded by the general purpose processor to the hardware accelerator coupled to the general purpose processor by storing application memory dump and a reference or the physical address of the hash map corresponding to the application to system memory and indicating to the hardware accelerator that the application memory dump is available for content scanning. The hardware accelerator then scans the application memory dump to derive various characteristics related to the application memory dump and matches it against the characteristics of different memory dumps of different malware obtained from the hash map corresponding to the application to detect the application specific malware. The above novel technique of providing application specific malware detection in a co-processing system is the claim for this invention.
PCT/IB2018/053912 2018-05-31 2018-05-31 Application specific malware detection in a co-processing system WO2019229503A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/053912 WO2019229503A1 (en) 2018-05-31 2018-05-31 Application specific malware detection in a co-processing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2018/053912 WO2019229503A1 (en) 2018-05-31 2018-05-31 Application specific malware detection in a co-processing system

Publications (1)

Publication Number Publication Date
WO2019229503A1 true WO2019229503A1 (en) 2019-12-05

Family

ID=68696845

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/053912 WO2019229503A1 (en) 2018-05-31 2018-05-31 Application specific malware detection in a co-processing system

Country Status (1)

Country Link
WO (1) WO2019229503A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120079596A1 (en) * 2010-08-26 2012-03-29 Verisign, Inc. Method and system for automatic detection and analysis of malware
US8347386B2 (en) * 2008-10-21 2013-01-01 Lookout, Inc. System and method for server-coupled malware prevention
US20160191548A1 (en) * 2008-05-07 2016-06-30 Cyveillance, Inc. Method and system for misuse detection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160191548A1 (en) * 2008-05-07 2016-06-30 Cyveillance, Inc. Method and system for misuse detection
US8347386B2 (en) * 2008-10-21 2013-01-01 Lookout, Inc. System and method for server-coupled malware prevention
US20120079596A1 (en) * 2010-08-26 2012-03-29 Verisign, Inc. Method and system for automatic detection and analysis of malware

Similar Documents

Publication Publication Date Title
Yaacoub et al. Securing internet of medical things systems: Limitations, issues and recommendations
US8301904B1 (en) System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
US8813226B2 (en) Defense method and device against intelligent bots using masqueraded virtual machine information
Wiederhold et al. First detection of TR34 L98H and TR46 Y121F T289A Cyp51 mutations in Aspergillus fumigatus isolates in the United States
EP1857768A3 (en) Route search planner
BRPI0606200A2 (en) cognitive change detection system
CN105897752B (en) The safety detection method and device of unknown domain name
RU2011147542A (en) SYSTEM AND METHOD FOR CORRECTING ANTI-VIRUS RECORDS
WO2015119522A3 (en) Systems and methods for detecting return-oriented programming (rop) exploits
BR112018009108A2 (en) method for the acquisition and analysis of aerial images
EP2472822A3 (en) Method and system for estimating the reliability of blacklists of botnet-infected computers
RU2013154735A (en) PREVIOUS SCANNING METHOD FOR MALICIOUS SOFTWARE
WO2015073078A3 (en) Apparatuses and methods for iris based biometric recognition
WO2008127540A3 (en) Systems, methods, and computer program products for generating reference geocodes for point addresses
NO20092482L (en) System analysis and handling
JP2013532328A5 (en)
CN113162953B (en) Network threat message detection and source tracing evidence obtaining method and device
WO2006110921A3 (en) System and method for scanning memory for pestware offset signatures
BR102014011433A8 (en) system, method and apparatus for data processing
PH12018501475A1 (en) Method and device for aquiring abbreviated name of point of interest on map
JP2012519923A5 (en)
GB2557538A (en) Wearable in-vehicle eye gaze detection
RU2017105533A (en) CROSS SURVEILLANCE DETECTION DETECTION
US8627461B2 (en) System, method, and computer program product for verifying an identification of program information as unwanted
WO2019137568A3 (en) Methods and devices for managing access to account in blockchain system

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18921050

Country of ref document: EP

Kind code of ref document: A1