Method of detecting malicious files resisting analysis in an isolated environment
US11170103B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 15, 2019 |
| Grant date | Nov 9, 2021 |
| Priority date | — |
| Expiry date | Apr 19, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Disclosed are systems and methods for recognizing files as malicious. One exemplary method comprises intercepting a file for analysis received at a computing device of a user, opening the file for analysis in an environment for safe execution, generating a log that stores a portion of information occurring during opening of the file for analysis in the environment for safe execution, analyzing the log to recognize a first set of security related events from the portion of information, tracking a second set of security related events when the file for analysis is opened on the computing device, comparing the second set of security related events and the first set of security related events to identify a discrepancy; and in response to identifying the discrepancy, recognizing the file under analysis as malicious.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.