CPC G06F 21/572 (2013.01) [G06F 21/53 (2013.01); G06F 21/566 (2013.01); G06F 21/577 (2013.01); G06F 2221/033 (2013.01)] | 20 Claims |
1. A method comprising:
loading a first application with known behavior into a controlled execution environment;
importing a software package into the first application;
based on first criteria for detecting behaviors that deviate from the known behavior of the first application, evaluating behavior patterns recorded during execution of the loaded first application having the imported software package;
based on determining that one or more behaviors recorded in the behavior patterns satisfy one or more of the first criteria, determining that the one or more behaviors correspond to deviations from the known behavior of the first application and are attributable to the software package;
computing a score indicative of trustworthiness of the software package based on scores assigned to the one or more behaviors; and
based on evaluating the score computed for the software package, determining that the software package is malicious.
|