Acronis International has filed a patent for a security system that performs forensic analysis on consistent system footprints to detect rootkit infections. The system includes a threat detection unit with a machine learning model that analyzes system dumps to identify suspicious memory blocks. A forensic analyzer then examines processes and network connections associated with the suspicious thread to detect the presence of a rootkit. If a rootkit is detected, the system generates an alert and forensic analysis report. GlobalData’s report on Acronis International gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on Acronis International, Hybrid cloud mgmt was a key innovation area identified from patents. Acronis International's grant share as of September 2023 was 64%. Grant share is based on the ratio of number of grants to total number of patents.
Rootkit detection system using forensic analysis on system footprints
A recently filed patent (Publication Number: US20230315848A1) describes a security system designed to perform forensic analysis on consistent system footprints in order to detect a thread infected with a rootkit. The system includes a system event monitor that intercepts and collects various entities such as an application network connection log, an application event activity log, and an application file operation log. These entities are then stored in a consistent database, where they are clustered together based on timestamp and system ID.
The system also includes a threat detection unit equipped with a machine learning model. This unit analyzes system dumps captured by a system dump capture driver to identify suspicious memory blocks. The suspicious memory blocks are compared with data associated with the intercepted entities using a similarity scanner, allowing the system to determine if there is a suspicious thread storing a rootkit infection code.
To further investigate the presence of the rootkit, the system employs a forensic analyzer that analyzes processes and network connections associated with the suspicious thread. By examining these elements, the system can detect the presence of the rootkit. If a rootkit is detected, the system classifies the system state as infected.
The system dump can be broken down into smaller sections, including textual and binary representations. The forensic analyzer can analyze the suspicious memory block in conjunction with the application event log to determine if the memory block is infected. Static analysis can also be used to analyze the system dumps.
Additionally, the system is capable of detecting malware processes, network addresses involved, and vulnerable drivers through which the rootkit was loaded into the system. A log of operation is generated by the system event monitor to establish the relationship between the detected rootkit infection and the thread that initiated it.
The system operates in kernel mode and can generate a rootkit detection alert upon detection. It can also generate a forensic report as a result of the forensic analysis.
In summary, the patent describes a security system that utilizes forensic analysis techniques and machine learning to detect rootkit infections in a system. By analyzing consistent system footprints and comparing suspicious memory blocks with intercepted entities, the system can identify and classify the system state as infected if a rootkit is detected. The system offers various features such as the ability to break down system dumps, perform static analysis, and generate alerts and reports.
To know more about GlobalData’s detailed insights on Acronis International, buy the report here.
Data Insights
From
The gold standard of business intelligence.
Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.