公开(公告)号：US20190188380A1

公开(公告)日：2019-06-20

申请号：US15844453

申请日：2017-12-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Gowtham R. ANIMIREDDYGARI ,  Karthik SELVARAJ ,  Adrian M. MARINESCU ,  Catalin D. SANDU

IPC: G06F21/56 ,  G06F11/14

CPC classification number: G06F21/564 ,  G06F11/1451 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/568 ,  G06F2201/80 ,  G06F2201/805 ,  G06F2201/82 ,  G06F2221/034

Abstract: A system for operating system remediation intercepts input/output (I/O) requests to write to one or more files and stores, as file restore data, (i) a restore copy of the one or more files to the system cache prior to performing write operations of the I/O requests and (ii) identification information for one or more processes or entities making the corresponding I/O requests in the system cache. The system reverts to the restore copy of the one or more files using the file restore data and based at least on a later determination that one or more processes making the corresponding I/O requests was malware. A current version of the one or more files is thereby replaced with the restore copy of the one or more files with improved automatic remediation support and a greater likelihood that data can be restored from the cache in the case of malware attacks.

公开(公告)号：US20190228154A1

公开(公告)日：2019-07-25

申请号：US15879593

申请日：2018-01-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Rakshit AGRAWAL ,  Jack Wilson STOKES, III ,  Karthik SELVARAJ ,  Adrian M. MARINESCU

IPC: G06F21/56 ,  G06N3/08 ,  G06N3/04

Abstract: Implementations described herein disclose a malware sequence detection system for detecting presence of malware in a plurality of events. An implementation of the malware sequence detection includes receiving a sequence of a plurality of events, and detecting presence of a sequence of malware commands within the sequence of a plurality of events by dividing the sequence of plurality of events into a plurality of subsequences, performing sequential subsequence learning on one or more of the plurality of subsequences, and generating a probability of one or more of the plurality of subsequences being a malware based on the output of the sequential subsequence.