Methods for detecting file altering malware in VM based analysis
US9483644B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 31, 2015 |
| Grant date | Nov 1, 2016 |
| Priority date | — |
| Expiry date | May 5, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/031
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received object and monitors the processing during the dynamic analysis for a change to a file system within the virtual machine wherein the change involves a lure file placed in the file system. The file system is configured based on a received configuration file. Upon detection of a change in the file system associated with a lure file, the changes associated with the lure file during processing are compared to known file activity patterns of changes caused by file altering malware to determine whether the object includes file altering malware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.