A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device. The system detects malware when there is a difference in execution times between the first and the second computing devices.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH AND DEVELOPMENT
The inventions were made with United States government support under Contract No. DE-AC05-000R22725 awarded by the United States Department of Energy. The United States government has certain rights in the inventions.