| CPC G06F 21/554 (2013.01) [G06F 21/552 (2013.01); G06F 21/566 (2013.01); G06F 2201/865 (2013.01)] | 18 Claims |
|
1. A method of discrete processor feature behavior and analysis, comprising:
installing software content in a computing environment, the software content comprising instructions;
monitoring, by a monitor engine, interactions between the software content and the computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment;
detecting, by the monitor engine executing in the computing environment, loading of instructions into memory of the computing environment;
evaluating, by the monitor engine executing in the computing environment, the instructions, wherein evaluating the instructions comprises applying a profiling component, the profiling component adapted to parse the instructions to identify export function names, associated memory addresses, and applicable offsets;
generating performance data based on said evaluating;
identifying, by the monitor engine and using the secure execution environment maintained by the monitor engine, calls of interest in the instructions based on the performance data and evaluating, by a behavioral analysis engine, the calls of interest to generate behavioral signatures;
applying, by the monitor engine and using the secure execution environment maintained by the monitor engine, the behavioral signatures to identify malicious software content; and
based on the identified malicious software content, executing, by a remedial component, a remedial action in the computing environment.
|