Method of malware characterization and prediction

Assignee

• SRI International · US

Inventors

• Sek M. Chai · Streamwood, US
• Michael E. Locasto · Mina, US
• Scott Oberg · New London, US
• Nicholas Vitovitch · New York, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0245
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method, apparatus and system for malware characterization includes receiving data identifying a presence of at least one anomaly of a respective portion of a processing function captured by at least one of each of at least two different sensor payloads and one sensor payload at two different times, determining a correlation between the at least two anomalies identified by the data captured by the at least one sensor payloads, and determining a presence of malware in the processing function based on the determined correlation. The method, apparatus and system can further include predicting an occurrence of at least one anomaly in the network based on at least one of current sensor payload data or previously observed and stored sensor payload data, recommending and/or initiating a remediation action and reporting a result of the malware characterization to a user.