Patent · US Active

Method and apparatus for intelligent aggregation of threat behavior for the detection of malware

US10104101B1 · kind B1 · utility

28Cited by

5References

24Claims

0Family size

Assignee

Qualys, Inc. · US

Inventors

Sumedh Thakar · Foster City, US
Ankur S. Tyagi · Foster City, US
Abhijit Limaye · San Jose, US

Key dates

Filing date	Apr 28, 2017
Grant date	Oct 16, 2018
Priority date	—
Expiry date	Apr 28, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/145
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Embodiments disclosed herein are directed to intelligent malware detection. A scanner server is used to scan an endpoint device for malware. Various attributes and behaviors of the endpoint device are identified in retrieved scan data. Identified attributes and behaviors are then evaluated according to a malware detection framework, which is used to determine whether (as well as to what extent) the identified attributes and behaviors are indicative of malware. In this manner, potential security risks associated with the malware may be identified. The framework is constructed through a machine learning process that aggregates attributes and behaviors common amongst members of malware families. Advantageously, the framework enables the scanner server to detect unknown variants of known malware families.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.