Interactive infection visualization for improved exploit detection and signature generation for malware and malware families
US10027689B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 29, 2014 |
| Grant date | Jul 17, 2018 |
| Priority date | — |
| Expiry date | Nov 18, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG16B20/00
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
According to one embodiment, a malware detection and visualization system comprises one or more processors; and a storage module communicatively coupled to the one or more processors, the storage module comprises logic, upon execution by the one or more processors, that accesses a first set of information that comprises (i) information directed to a plurality of observed events and (ii) information directed to one or more relationships that identify an association between different observed events of the plurality of observed events; and generates a reference model based on the first set of information, the reference model comprises at least a first event of the plurality of observed events, a second event of the plurality of observed events, and a first relationship that identifies that the second event is based on the first event, wherein at least one of (i) the plurality of observed events or (ii) the one or more relationships constitutes an anomalous behavior is provided.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.