Patent · US Active

Identifying an evasive malicious object based on a behavior delta

US9922193B2 · kind B2 · utility

11Cited by

3References

20Claims

0Family size

Assignee

Juniper Networks, Inc. · US

Inventors

Kyle Adams · Brisbane, US
Daniel J. Quinlan · Sunnyvale, US

Key dates

Filing date	Mar 10, 2017
Grant date	Mar 20, 2018
Priority date	—
Expiry date	Mar 10, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A security device may receive actual behavior information associated with an object. The actual behavior information may identify a first set of behaviors associated with executing the object in a live environment. The security device may determine test behavior information associated with the object. The test behavior information may identify a second set of behaviors associated with testing the object in a test environment. The security device may compare the first set of behaviors and the second set of behaviors to determine a difference between the first set of behaviors and the second set of behaviors. The security device may identify whether the object is an evasive malicious object based on the difference between the first set of behaviors and the second set of behaviors. The security device may provide an indication of whether the object is an evasive malicious object.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.