SYSTEM AND METHOD FOR THREAT DETECTION BASED ON STACK TRACE AND USER-MODE SENSORS

Abstract: systems and methods for threat detection and analysis. a method includes monitoring at least one thread associated with at least one user process on a computing device. the method further includes detecting specific-system calls associated with at least one user process at user level. the specific-system calls are analyzed by applying a filter to system calls sequence feature sets associated with the specific-system calls for detecting one or more events of interest. a capture of a full stack trace of at least one user process is requested if the system calls sequence feature set is filtered and at least one event of interest is detected. a first level monitoring is provided to the computing device, which includes processing and analyzing the captured full stack trace by a machine learning (ml) stack trace analyzer to generate a first verdict for threat detection and analysis.

Inventor(s): Vladimir Strogov, Sergey Ulasen, Aliaksei Dodz, Serg Bell, Stanislav Protasov

CPC Classification: G06F21/52 (during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow})

Search for rejections for patent application number 20250217475