Machine learning anomaly detection of process-loaded DLLs

Invention Grant

US11522891B2 Machine learning anomaly detection of process-loaded DLLs 有权

Please log in to see more content

Patent Title: Machine learning anomaly detection of process-loaded DLLs
Application No.: US16695781

Application Date: 2019-11-26
Publication No.: US11522891B2

Publication Date: 2022-12-06
Inventor: Ron Chittaro
Applicant: MICRO FOCUS LLC
Applicant Address: US CA Santa Clara
Assignee: MICRO FOCUS LLC
Current Assignee: MICRO FOCUS LLC
Current Assignee Address: US CA Santa Clara
Main IPC: H04L29/06
IPC: H04L29/06 ; H04L9/40 ; G06F11/30 ; H04L43/065 ; G06N20/00

Machine learning anomaly detection of process-loaded DLLs

Abstract:

An endpoint device monitors loading of dynamically loaded libraries (DLLs) by a process, such as during execution of the process on the endpoint device. The endpoint device can generate an endpoint-independent representation of the DLLs upon exiting of the process. The endpoint device may generate a hash, such as a one-way hash, of the endpoint-independent representation. The endpoint device may transmits the process and the hash to a management device to detect in a machine learning manner whether loading of the DLLs during the execution of the process was anomalous.

Public/Granted literature

US20210160265A1 MACHINE LEARNING ANOMALY DETECTION OF PROCESS-LOADED DLLS Public/Granted day:2021-05-27

Information query

Espacenet