&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=11868479.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 11,868,479 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Runtime adaptive risk assessment and automated mitigation</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Roman Lysecky,  Tucson, AZ (US);  Jerzy Rozenblit,  Tucson, AZ (US);  Johannes Sametinger,  Linz (AT);  Aakarsh Rao,  Tucson, AZ (US); and  Nadir Carreon,  Tucson, AZ (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  ARIZONA BOARD OF REGENTS ON BEHALF OF THE UNIVERSITY OF ARIZONA,  Tucson, AZ (US); and  JOHANNES KEPLER UNIVERSITY LINZ,  Linz (AT)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Appl. No. 17/290,627</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Arizona Board of Regents on Behalf of the University of Arizona,  Tucson, AZ (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>PCT Filed Nov.  1, 2019, PCT No. PCT/US2019/059551<br>&#xa7; 371(c)(1), (2) Date Apr.  30, 2021, <br>PCT Pub. No.  WO2020/093020, PCT Pub. Date May   7, 2020.</b></td>
          </tr>
          <tr>
            <td colspan="3" class="table_data" align="center"><b>Claims priority of provisional application 62/755,110, filed on Nov.  2, 2018.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0035927 A1, Feb.  3, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/57</b></i> (2013.01); <i><b>G16H 20/17</b></i> (2018.01); <i><b>A61B 5/00</b></i> (2006.01); <i><b>A61N 1/362</b></i> (2006.01); <i><b>A61N 1/372</b></i> (2006.01); <i><b>G06F 21/56</b></i> (2013.01); <i><b>A61M 5/142</b></i> (2006.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/577</b></i> (2013.01)&#xa0;[<i><b>A61B 5/0022</b></i> (2013.01); <i><b>A61B 5/0031</b></i> (2013.01); <i><b>A61N 1/362</b></i> (2013.01); <i><b>A61N 1/37223</b></i> (2013.01); <i><b>G06F 21/566</b></i> (2013.01); <i><b>G16H 20/17</b></i> (2018.01); <i>A61M 5/14276</i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>24 Claims</b></td>
          </tr>
        </table>
        <center><img src="US11868479-20240109-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A system for detecting malware in a device, said system comprising:<div class="claim_text">said device having a computer processor, wherein the device is able to be connected to a network or external computer system; and</div>
                <div class="claim_text">a module implemented on the computer processor able to model normal system behavior of the device, compare current system operation to the modeled normal system behavior, and estimate a probability of the current system operation being affected by malware based on performance deviation between the current system operation and the modeled normal system behavior,</div>
                <div class="claim_text">wherein the compared current system operation comprises execution times of one or more operations performed by the device, and wherein estimating the probability of the current system operation being affected by malware comprises determining a number of execution times that fall outside predefined upper and lower timing boundaries in the modeled normal system behavior for the performed operations.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>