DETECTION OF ANOMALIES ASSOCIATED WITH INTERFERING PROCESSES

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Amer Aref Hassan of Kirkland WA US

Roy D. Kuntz of Kirkland WA US

Whitney J. Giaimo of Bellevue WA US

Edward C. Giaimo, Iii of Bellevue WA US

DETECTION OF ANOMALIES ASSOCIATED WITH INTERFERING PROCESSES

This abstract first appeared for US patent application 18384154 titled 'DETECTION OF ANOMALIES ASSOCIATED WITH INTERFERING PROCESSES

Original Abstract Submitted

A system and method for detecting anomalies and malicious processes by analyzing current consumption profiles is disclosed. The technique involves generating current consumption profiles that characterize the expected power draw for known software applications operating in various modes on a target device. At runtime, the current being consumed by actively running applications is measured and compared to the total expected current draw determined from the individual profiles. Deviations between the observed and expected consumption indicate potential interference from malware or other unwanted processes. Additionally, current fluctuation profiles are generated to model the characteristic transient current behavior when applications transition between operational modes. By comparing runtime current measurements during state changes to these expected transitional profiles, the system can identify aberrations indicative of background malware triggering during the transitions. The current monitoring approach provides an efficient way to detect anomalous behavior from unwanted processes with minimal overhead.