Determining the maliciousness of executable files using a remote sandbox environment
US10567410B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 1, 2018 |
| Grant date | Feb 18, 2020 |
| Priority date | — |
| Expiry date | Aug 3, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L43/062
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The behavior analysis engine detects malicious executable files that are being downloaded by networked devices in the local network by executing the executable files in a sandboxing environment operating on the behavior analysis engine. The network traffic hub identifies network communications that are transmitted through the local network that contain executable files. The network traffic hub sends the executable file to the behavior analysis engine and the behavior analysis engine executes the executable file in a sandboxing environment that replicates the networked device that was downloading the executable. The behavior analysis engine extracts execution features from the execution of the executable file and applies an execution model to the execution features to determine a confidence score for the executable file. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to download the executable.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.