Threat detection system

There is provided a method of detecting a threat against a computer system. The method includes creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system fo...

Full description

Saved in:
Bibliographic Details
Main Authors Matti Aksela, Mika Ståhlberg
Format Patent
LanguageEnglish
Published 22.04.2020
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:There is provided a method of detecting a threat against a computer system. The method includes creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.
Bibliography:Application Number: GB20170018313