Entity resolution-based malicious file detection

Assignee

• Assured Information Security, Inc. · US

Inventors

• Daniel Scofield · Meridian, US
• Craig Miles · Perrysburg, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method includes monitoring system call invocations made to an operating system of a computer system by an application as the application renders a digital file. The method automatically featurizes the system call invocations into a set of features corresponding to the digital file, and compares each feature set against benign features of a set of known benign features. The comparing includes, for each feature of the set of features, applying entity resolution between the feature and benign feature(s) of the set of known benign features to find a correlation between the feature and a benign feature representing a common semantic interaction between the application and the operating system. The method identifies a number of features that do not correlate to the benign features, and determines maliciousness of the digital file based on the identified number of features that do not correlate to the benign features.