Patent · US Active

Automated creation of lightweight behavioral indicators of compromise (IOCS)

US11451561B2 · kind B2 · utility

0Cited by

10References

17Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Jan Jusko · Praha, CZ
Danila Khikhlukha · Praha, CZ
Harshit Nayyar · Lone Pine, CA

Key dates

Filing date	Sep 14, 2018
Grant date	Sep 20, 2022
Priority date	—
Expiry date	Jan 12, 2041

Classification

Technology area (CPC G)Physics
CPC primaryG06F16/285
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In one embodiment, a device obtains execution records regarding executions of a plurality of binaries. The execution records comprise command line arguments used during the execution. The device determines measures of similarity between the executions of the binaries based on their command line arguments. The device clusters the executions into clusters based on the determined measures of similarity. The device flags the command line arguments for a particular one of the clusters as an indicator of compromise for malware, based on at least one of the binaries associated with the particular cluster being malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.