Policy-Based Protection for Computer Systems From Viruses and Worms
Original Publication Date: 2004-Aug-03
Included in the Prior Art Database: 2004-Aug-03
Mal-ware and virus software presents a constant threat to computer systems. Current solutions to protect a computer system consist of scanning and monitoring filesystem input-output streams for known virus signatures. The problem with this approach is that in order to fend-off a malware attack all computers need to be updated with the virus signatures of all existing malware. As a result, even if a new malware software exploits a computer system in the same fashion as known malware, computer systems cannot be protected against its attack unless its signature is compiled and distributed. Core idea of this disclosure is to use behavioral profiling to assess the risks posed by particular executable(s) and creating a policy set representing malware behaviour. By monitoring operations on a given computer system and comparing them against such policy set, malware infection and propagation can be caught irrespective of their implementation details.