- Document Number:
20250021645
- Appl. No:
18/771395
- Application Filed:
July 12, 2024
- نبذة مختصرة :
The various implementations described herein include methods and devices for deploying context-based countermeasures against cybersecurity threats. In one aspect, a method includes identifying a process running on the computing device, and in response to identifying the process running on the computing device: (i) selecting one or more countermeasures from a plurality of countermeasures based at least in part on the determined process and (ii) executing each of the selected countermeasures at the computing device. In another aspect, a method includes determining an operating context for the computing device, identifying a set of one or more countermeasures from a plurality of countermeasures based on the determined operating context, and deploying the set of one or more countermeasures at the computing device.
- Claim:
1. A method performed at a computing device having memory and one or more processors, the method comprising: identifying a process running on the computing device; in response to identifying the process running on the computing device: selecting one or more countermeasures from a plurality of countermeasures based at least in part on the determined process; and executing each of the selected countermeasures at the computing device.
- Claim:
2. The method of claim 1, further comprising: determining an operating context for the identified process on the computing device where the process is running, wherein the one or more countermeasures are selected based at least in part on the determined operating context.
- Claim:
3. The method of claim 1, wherein the one or more countermeasures are received via a trust agent at the computing device prior to identifying the process.
- Claim:
4. The method of claim 1, wherein the one or more countermeasures are received via a trust agent at the computing device in response to identifying the process running on the computing device.
- Claim:
5. The method of claim 1, wherein the one or more countermeasures are applied as a group.
- Claim:
6. The method of claim 1, wherein at least one of the countermeasures of the selected countermeasures is executed in parallel to running the process.
- Claim:
7. The method of claim 1, wherein a first countermeasure and a second countermeasure of the plurality of countermeasures are trained based on distinct types of malicious attacks.
- Claim:
8. The method of claim 1, wherein a first countermeasure and a second countermeasure of the plurality of countermeasures are configured to mitigate distinct types of malicious attacks.
- Claim:
9. The method of claim 1, further comprising in response to identifying the process running on the computing device: performing one or more checks in accordance with one or more countermeasure policies; and in response to detecting one or more suspicious agents in accordance with the one or more countermeasure policies, sending an alert to a trust center via the trust agent.
- Claim:
10. The method of claim 1, further comprising in response to identifying the process running on the computing device: in response to detecting one or more suspicious agents in accordance with the one or more countermeasure policies, terminating the process.
- Claim:
11. The method of claim 1, wherein one or more of the selected countermeasures are reactive artificial intelligence machines.
- Claim:
12. The method of claim 1, wherein the one or more countermeasures include one or more of: a no-trust countermeasure, a self-protection countermeasure, a reflective injection countermeasure, a heap spray countermeasure, a read buffer countermeasure, a write buffer countermeasure, an unauthorized function countermeasure, a malicious script countermeasure, a shell code countermeasure, a Javascript countermeasure, a privilege escalation countermeasure, a tamper countermeasure, a hollowing countermeasure, an immutable countermeasure, a registry key countermeasure, a malicious path countermeasure, an image load countermeasure, a malicious registry entry countermeasure, a DLL hooking countermeasure, a connection block countermeasure, and a digital certificate verification countermeasure.
- Claim:
13. A computing device, comprising: one or more processors; memory; a display; and one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs comprising instructions for: identifying a process running on the computing device; and in response to identifying the process running on the computing device: selecting one or more countermeasures from a plurality of countermeasures based at least in part on the determined process; and executing each of the selected countermeasures at the computing device.
- Claim:
14. The computing device of claim 13, wherein the one or more programs further comprise instructions for: determining an operating context for the identified process on the computing device where the process is running, wherein the one or more countermeasures are selected based at least in part on the determined operating context.
- Claim:
15. The computing device of claim 13, wherein the one or more countermeasures are received via a trust agent at the computing device in response to identifying the process running on the computing device.
- Claim:
16. The computing device of claim 13, wherein the one or more programs further comprise instructions for: in response to identifying the process running on the computing device: performing one or more checks in accordance with one or more countermeasure policies; and in response to detecting one or more suspicious agents in accordance with the one or more countermeasure policies, sending an alert to a trust center via the trust agent.
- Claim:
17. A non-transitory computer-readable storage medium storing one or more programs configured for execution by a computing device having one or more processors, memory, and a display, the one or more programs comprising instructions for: identifying a process running on the computing device; and in response to identifying the process running on the computing device: selecting one or more countermeasures from a plurality of countermeasures based at least in part on the determined process; and executing each of the selected countermeasures at the computing device.
- Claim:
18. The non-transitory computer-readable storage medium of claim 17, wherein the one or more programs further comprise instructions for: determining an operating context for the identified process on the computing device where the process is running, wherein the one or more countermeasures are selected based at least in part on the determined operating context.
- Claim:
19. The non-transitory computer-readable storage medium of claim 17, wherein the one or more countermeasures are received via a trust agent at the computing device in response to identifying the process running on the computing device.
- Claim:
20. The non-transitory computer-readable storage medium of claim 17, wherein the one or more programs further comprise instructions for: in response to identifying the process running on the computing device: performing one or more checks in accordance with one or more countermeasure policies; and in response to detecting one or more suspicious agents in accordance with the one or more countermeasure policies, sending an alert to a trust center via the trust agent.
- Current International Class:
06
- الرقم المعرف:
edspap.20250021645
Processing Request
No Comments.