Composite analysis of executable content across enterprise network

Assignee

• Lockheed Martin Corporation · US

Inventors

• James B. Burnham · San Ramon, US
• Robert W. Hale · Manassas, US
• Timothy A. Sewell · Omaha, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1441
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Identification, characterization and attribution of executable content within and across an enterprise infrastructure (e.g., hosts, subnets, routers, etc.) to provide situational awareness for cyber security for purposes of supporting proactive defense and response. Copies of executable content collected at one or more locations within an infrastructure (e.g., hosts, network edges, etc.) may be passed to a central analysis server whereby various characteristics of the executable content may be extracted or gleaned from the copies such as author marks (e.g., directory names), tool marks (e.g., compiler settings), behaviors (e.g., function extraction), patterns (e.g., byte sequences), text, and/or the like. The characteristics may be analyzed in various manners to build profiles of actors or organizations associated with (e.g., responsible for) executable content within the enterprise infrastructure.