Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware

a threat behavior and malware technology, applied in the field of malware detection methods and apparatuses, can solve the problems of new variants of malware families that can go undetected by traditional malware detection techniques

Active Publication Date: 2018-11-01
QUALYS
View PDF2 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, malware families often spawn new variants that can go undetected by traditional malware detection techniques.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware
  • Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware
  • Method and Apparatus for Intelligent Aggregation of Threat Behavior for the Detection of Malware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

System Environment

[0030]Looking initially at FIG. 1, illustrated is a high level block diagram of one embodiment of a system 100 constructed in accordance with the disclosed principles. In the illustrated embodiment, the system 100 may include a scanner server 105 coupled to an open computer network 110. The system 100 may also include an exemplary target endpoint device 125 on which malware detection scans may be run in accordance with the disclosed principles. While a single scanner server is illustrated, the disclosed principles and techniques are of course expandable to multiple scanner servers. Similarly, while a single endpoint device 125 is illustrated, the disclosed principles and techniques are of course expandable to multiple endpoint devices.

[0031]In some embodiments, the network 110 may include a plurality of networks. In some embodiments, the network 110 may include any wireless and / or wired communications network that facilitates communication between the scanner serve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments disclosed herein are directed to intelligent malware detection. A scanner server is used to scan an endpoint device for malware. Various attributes and behaviors of the endpoint device are identified in retrieved scan data. Identified attributes and behaviors are then evaluated according to a malware detection framework, which is used to determine whether (as well as to what extent) the identified attributes and behaviors are indicative of malware. In this manner, potential security risks associated with the malware may be identified. The framework is constructed through a machine learning process that aggregates attributes and behaviors common amongst members of malware families. Advantageously, the framework enables the scanner server to detect unknown variants of known malware families.

Description

TECHNICAL FIELD[0001]The present disclosure relates to a method and apparatus for the intelligent aggregation of threat behavior for the detection of malware.BACKGROUND[0002]Computing devices are often scanned for the purpose of identifying malware such as computer viruses, threats, and / or other potentially harmful vulnerabilities. However, malware families often spawn new variants that can go undetected by traditional malware detection techniques. As such, an intelligent mechanism for detecting new variants of malware is desired.BRIEF SUMMARY[0003]In some embodiments, a method is provided, wherein the method comprises: receiving, by at least one processing device of a computing apparatus, a data sample associated with a malware family; executing, by the at least one processing device, the data sample in a secure environment; identifying, by the at least one processing device, an attribute comprised in the data sample; determining, by the at least one processing device, whether the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/166H04L63/145G06F21/53G06F21/552G06F21/56
Inventor THAKAR, SUMEDHTYAGI, ANKUR S.LIMAYE, ABHIJIT V.
Owner QUALYS