Архив рубрики: AI-based IDP

(Formal) Definition of malware

Malware, a portmanteau the words malicious and software, is software designed to infiltrate or damage a computer system without the owner’s informed consent. Software is considered malware based on the perceived intent of the creator rather than any particular features.

Software behavior and\or object code shall match its declared or assumed purpose. For example, if software is thought to be a word processor it shall behave as word processor or it may be classified as malware.

Рубрика: AI-based IDP | Добавить комментарий

Inductive Learning in Malware Detection

Эта запись доступна только зарегистрированным пользователям с достаточным уровнем доступа.
To view the contents of this post, you must be authenticated and have the required access level.

Рубрика: AI-based IDP | Метки: | Добавить комментарий

Associative classification and post-processing techniques used for malware detection

Эта запись доступна только зарегистрированным пользователям с достаточным уровнем доступа.
To view the contents of this post, you must be authenticated and have the required access level.

Рубрика: AI-based IDP | Метки: | Добавить комментарий

System and methods for adaptive model generation for detecting intrusions in computer systems

US Patent 7225343 — System and methods for adaptive model generation for detecting intrusions in computer systems

Abstract

A system and methods for detecting intrusions in the operation of a computer system comprises a sensor configured to gather information regarding the operation of the computer system, to format the information in a data record having a predetermined format, and to transmit the data in the predetermined data format. A data warehouse is configured to receive the data record from the sensor in the predetermined data format and to store the data in a database. A detection model generator is configured to request data records from the data warehouse in the predetermined data format, to generate an intrusion detection model based on said data records, and to transmit the intrusion detection model to the data warehouse according to the predetermined data format. A detector is configured to receive a data record in the predetermined data format from the sensor and to classify the data record in real-time as one of normal operation and an attack based on said intrusion detection model. A data analysis engine is configured to request data records from the data warehouse according to the predetermined data format and to perform a data processing function on the data records.

Рубрика: AI-based IDP | Метки: | Добавить комментарий

Disk-level Malware Detection

Nathanael Paul, Adrienne Felt, David Evans, Sudhanva Gurumurthi; University of Virginia

Modern disk drive processors are now capable of general purpose computation, and we can harness this new power to implement malware detection directly on the disk drive. All data owing to and from the hard drive must pass through the disk drive processor. This key property makes the disk processor the «nal line of defense against malware, since it is privy to the low-level behavior of viruses that wish to alter data on the host. Disk-level malware detection uses the disk processor to identify threats based on patterns of I/O requests.

Читать далее

Рубрика: AI-based IDP | Метки: | Добавить комментарий