New US Patent Granted to Kaspersky Lab for the Acceleration of Malware Detection Using an Antivirus Cache
09 Apr 2012
Kaspersky Lab has received a new patent in the US, recognizing a new system and method to accelerate malware detection using an antivirus cache. Patent № 8146162 increases the overall performance of an antivirus product by optimizing the use of the data required to scan the system and detect malware.
Most antivirus solutions use special databases that contain various types of data, including signatures of dangerous objects, algorithms for unpacking files and heuristic analysis, information required for remediation etc. These databases require regular updates, but a full-scale update can have a significant impact on resources. To minimize this impact, a differential update method is used. The antivirus solution loads only a small portion of the database and merges the latest information with the previously available content.
The differential update method simplifies the task of distributing updates and storing them on the computer. There are, however, some limitations to this approach – before the database can be used in the security system, it has to be converted into another format. If there are several scanning processes, the database has to be converted and loaded into the memory each time. This may also have a significant resource impact.
The new method, covered by the patent, ensures the antivirus software makes optimal use of system resources, by utilizing the data cache. This cache contains information from the antivirus database in a form suitable for efficient operation. The executable code from each update is converted into a dynamic library, such as a dynamically-linked library or dynamic shared objects (DSO) and stored in the corresponding section of the antivirus cache. This allows one instance of the cache to be used in several processes simultaneously, reducing memory usage. The cache is stored in the permanent memory, so there is no need to perform the conversion each time the data is required, which also saves resources. Overall, the newly-patented method significantly increases the antivirus solution’s performance.
At present Kaspersky Lab has been granted 47 patents covering its advanced technologies in the US. Another 46 patent applications are currently being examined by the US patent office. The total number of patents granted to Kaspersky Lab worldwide now stands at 102.