CPC G06F 21/577 (2013.01) [A61B 5/0022 (2013.01); A61B 5/0031 (2013.01); A61N 1/362 (2013.01); A61N 1/37223 (2013.01); G06F 21/566 (2013.01); G16H 20/17 (2018.01); A61M 5/14276 (2013.01); G06F 2221/034 (2013.01)] | 24 Claims |
1. A system for detecting malware in a device, said system comprising:
said device having a computer processor, wherein the device is able to be connected to a network or external computer system; and
a module implemented on the computer processor able to model normal system behavior of the device, compare current system operation to the modeled normal system behavior, and estimate a probability of the current system operation being affected by malware based on performance deviation between the current system operation and the modeled normal system behavior,
wherein the compared current system operation comprises execution times of one or more operations performed by the device, and wherein estimating the probability of the current system operation being affected by malware comprises determining a number of execution times that fall outside predefined upper and lower timing boundaries in the modeled normal system behavior for the performed operations.
|