Malware detection system with contextual analysis

a malware detection and contextual analysis technology, applied in the field of cybersecurity, can solve the problems of influencing or attacking normal operations, network devices will continue to be targeted for malware attacks, and the problem of malicious software becoming a pervasive problem for internet users,

Active Publication Date: 2020-03-03
FIREEYE SECURITY HLDG US LLC
View PDF735 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The patent describes a malware detection system that uses various analysis logic systems to detect malicious objects. The system uses a correlation logic to combine characteristics and behaviors of the objects to improve accuracy. The system can also conduct secondary contextual analyses to confirm the presence or absence of certain attributes of the object. This helps to reduce both false negative and false positive outcomes. The system is highly configurable and adaptable based on the types of objects and content received. Overall, the system improves the accuracy of malware detection and reduces the risk of harm to devices.

Problems solved by technology

Over the last decade, malicious software has become a pervasive problem for Internet users as many networked resources include vulnerabilities that are subject to attack.
While some vulnerabilities continue to be addressed through software patches, prior to the release of such software patches, network devices will continue to be targeted for attack by malware, namely information such as computer code that attempts during execution to take advantage of a vulnerability in computer software by acquiring sensitive information or adversely influencing or attacking normal operations of the network device or the entire enterprise network.
Although some conventional malware detection systems may be configured to evaluate objects for malware, these conventional systems may produce “false negative” or “false positive” outcomes because the classification of the objects is based on a collection of scores that concentrate on results associated with a single type of analysis.
As a result, in accordance with conventional malware detection systems, an object may contain features that, when analyzed in isolation, may fail to identify the object as malicious when the feature itself does not exhibit maliciousness during the scanning process.
It is contemplated that conventional malware detection systems may also experience a “false positive” outcome since there is no correlation of results from different analyses of the object to determine whether the object is malicious.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016]Embodiments of the present disclosure generally relate to a malware detection system configured to detect and classify one or more objects based on a correlation of analytic results that are produced from different types of analyses conducted on that object. According to one embodiment of the disclosure, these analytic results, generally referred to herein as “attributes,” may feature (1) one or more (a first set of) behaviors that include monitored activity or inactivity by the object during processing (herein, “behavior(s)”) and (2) one or more (a second set of) characteristics of the object that include certain information pertaining to the object acquired without executing or opening the object (herein, “characteristic(s)”). Examples of types of monitored behaviors may include communication-based or execution-based activities (especially anomalies) while types of detected characteristics may include metadata, any formatting information (especially anomalies) of the object,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.

Description

FIELD[0001]Embodiments of the disclosure relate to the field of cyber-security. More specifically, one embodiment of the disclosure relates to a system, apparatus and method configured to detect malicious objects based on an analysis of contextual information.GENERAL BACKGROUND[0002]Over the last decade, malicious software has become a pervasive problem for Internet users as many networked resources include vulnerabilities that are subject to attack. For instance, over the past few years, an increasing number of vulnerabilities are being discovered in software that is loaded onto network devices, such as vulnerabilities within operating systems, for example. While some vulnerabilities continue to be addressed through software patches, prior to the release of such software patches, network devices will continue to be targeted for attack by malware, namely information such as computer code that attempts during execution to take advantage of a vulnerability in computer software by acqu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L9/00H04L29/06H04L29/08
CPCH04L63/1433H04L63/1416H04L63/1425H04L67/06H04L67/02G06F21/562G06F21/566H04L63/1408
Inventor KHALID, YASIRVASHISHT, SAI OMKAROTVAGIN, ALEXANDER
Owner FIREEYE SECURITY HLDG US LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap