Kaspersky Lab Patents System to Make Security Scans More Efficient
Woburn, MA – July 15, 2014 - The United States Patent and Trademark Office has granted patent
8,762,948 to Kaspersky
a technology that establishes a system for filtering insignificant events
during software analysis to make security scans more efficient.
is one of the most effective methods of analyzing malicious software, but it
requires a huge amount of data to be analyzed. It works as follows: the program
code is divided into separate commands, each of which is run on a virtual
machine. This approach makes it possible to monitor the behavior of the
commands without compromising the operating system of the computer. This
process generates an event log which is then analyzed to identify potentially
this log usually contains many insignificant events which do nothing to help
identify if a program is malicious and can make the analysis process less
effective. Analyzing these insignificant events complicates the identification
of genuinely malicious events that might get lost in the mass of data. It also
creates excessive strain on computing resources. Rather than overburdening the
log with insignificant events, pre-filtering mechanisms are applied that can
remove all insignificant events from the log prior to the start of the
analysis. This special filtration module removes all insignificant events from
the logs using an updated database of filtering rules.
describes the method that generates these rules. The method is essentially the
same program emulation carried out on a remote system in the antivirus company.
At first, a number of test programs based on the most popular development tools
are created. They are run on an isolated virtual machine where the event log is
recorded. This log is analyzed and repetitive insignificant events are
detected. Since these events do nothing to determine the level of malware danger,
information about them is added to a database of filtering rules. Therefore,
whenever a similar event appears in the log during the use of the emulator, the
filtering module automatically removes it before beginning the analysis.
An example of a
log event that would be deemed insignificant by this method would be the
function call for ’GetVersion ()’ which is a
request for the operating system version. This request is always made by any
application written in Delphi 7 and is not an indication of malware.
“When developing an effective
analytical module, it is important to maintain a balance so that effective
protection does not restrict computing performance. First and foremost, we
cannot overload this module with insignificant information – it already has enough
work to do,” commented Oleg Zaitsev, Lead Technical Specialist at Kaspersky Lab
and the author of the patented technology.
technology is already integrated into Kaspersky Endpoint Security 8.0 for
Windows, Kaspersky Endpoint Data Protection Edition (Endpoint 10), Kaspersky
Internet Security, Kaspersky Internet Security for Virtualization and Kaspersky
Lab continues to obtain more and more patents for its cutting-edge information
security technologies. As of July 2014, Kaspersky Lab’s portfolio includes 219
patents issued in Russia, the US, the EU and China. An additional 276 patent
applications are currently under consideration by the patent authorities in
About Kaspersky Lab Kaspersky Lab is the world’s largest
privately held vendor of endpoint protection solutions. The company is ranked
among the world’s top four vendors of security solutions for endpoint users*.
Throughout its more than 16-year history Kaspersky Lab has remained an
innovator in IT security and provides effective digital security solutions for
large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company
registered in the United Kingdom, currently operates in almost 200 countries
and territories across the globe, providing protection for over 300 million
users worldwide. Learn more at www.kaspersky.com.
* The company was rated
fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012.
The rating was published in the IDC report "Worldwide Endpoint Security
2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The
report ranked software vendors according to earnings from sales of endpoint
security solutions in 2012.
For the latest in-depth information on security
threat issues and trends, please visit: