Malicious activity detection in a memory

DWPI Title: Method for monitoring volatile memory, involves selecting random locations in the volatile memory, and selecting random locations by using the dictionary, which is created from analyzing number of group of memory files
Abstract: A method and apparatus for monitoring a volatile memory in a computer system. Samples of compressed data from locations in the volatile memory in the computer system are read. Data in the volatile memory is reconstructed using the samples of compressed data. The data is an image of the volatile memory. The image enables determining whether an undesired process is present in the volatile memory.
Use: Method for monitoring a volatile memory.
Advantage: A detection of undesired process is used to enable performing a set of actions to prevent undesired process from causing an undesired operation of computer system.
Novelty: The method involves selecting a number of random locations in a volatile memory. The random locations are selected by using a dictionary, which is created from analyzing a group of memory files from a group of memories to identify multiple patterns. A number of samples of compressed data are read (300) from the random locations in the volatile memory. The samples of compressed data are analyzed (302) to determine whether an undesired process is present in the volatile memory by using the samples of compressed data without reconstructing data in the memory. The data is reconstructed in the memory by using the samples of compressed data.
Filed: 12/1/2016
Application Number: US15367026A
Tech ID: SD 13937.0
This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention.
Data from Derwent World Patents Index, provided by Clarivate
All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license.