US 11,809,562 B1
Operating system kernel analysis to detect a cyber attack
Lyle W. Paczkowski, Mission Hills, KS (US)
Assigned to T-Mobile Innovations LLC, Overland Park, KS (US)
Filed by T-Mobile Innovations LLC, Overland Park, KS (US)
Filed on Jun. 29, 2021, as Appl. No. 17/362,205.
Int. Cl. G06F 21/00 (2013.01); G06F 21/56 (2013.01)
CPC G06F 21/566 (2013.01) [G06F 2221/033 (2013.01)] 6 Claims
OG exemplary drawing
 
1. A method of detecting an initiation of malware code within a malware monitoring tool of a computer system, comprising:
performing a first measurement of a first malware monitoring tool in a memory stack location, by a measurement tool executing on the computer system;
storing the first measurement, by the measurement tool, in a storage location;
initiating the measurement tool in response to a trigger event;
performing a second measurement of the first malware monitoring tool, by the measurement tool;
comparing the second measurement to the first measurement, by the measurement tool, to determine a comparison value;
initiating a second malware monitoring tool, executing on the computer system, in response to the comparison value exceeding a threshold value;
detecting a suspect process executing in a second memory stack location, by the second malware monitoring tool; and
stopping the execution of the suspect process, by the second malware monitoring tool.