Statistical fingerprinting for malware detection and classification
A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.
- Research Organization:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-00OR22725
- Assignee:
- UT-Battelle, LLC (Oak Ridge, TN)
- Patent Number(s):
- 9,135,440
- Application Number:
- 13/955,784
- OSTI ID:
- 1214592
- Resource Relation:
- Patent File Date: 2013 Jul 31
- Country of Publication:
- United States
- Language:
- English
Similar Records
A novel digital pulse processing architecture for nuclear instrumentation
Towards Malware Detection via CPU Power Consumption: Data Collection Design and Analytics