Abstract
The systems and methods that detect malware from count vectors are provided. A count vector having multiple components is generated. The count vector tracks a number and types of system calls generated by a process. Each component in the count vector is mapped to a type of a system call that exists in an operating system. Multiple system calls generated by the process are received over a first time interval. Each system call is mapped to a component in the count vector. The count vectors are aggregated according to a second time interval into a vector packet. The vector packet is transmitted over a network to a malware detection system that uses the count vectors in the vector packet to determine whether the process is a malware process.
Original language | English |
---|---|
Patent number | US2018082060 |
IPC | G06F 21/ 56 A I |
Priority date | 16/09/16 |
State | Published - 22 Mar 2018 |