Malware family identification using profile signatures
US9542556B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 15, 2015 |
| Grant date | Jan 10, 2017 |
| Priority date | — |
| Expiry date | Sep 15, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A potential malware sample is received from a security device at a server associated with a security cloud service. The sample is executed in a sandbox environment on the server, including by monitoring interaction of the sample with an application program interface (API), provided by the sandbox environment, in order to obtain an API log. It is determined whether the sample is associated with a known malware family including by determining, based at least in part on the API log, if the sample created an executable file and if the sample registered the executable file in a run key. If it is determined that the sample is associated with a known malware family, then an alert is generated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.