Malware detection and analysis
Abstract
Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1243304
- Patent Number(s):
- 9294486
- Application Number:
- 14/198,366
- Assignee:
- Sandia Corporation (Albuquerque, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- DOE Contract Number:
- AC04-94AL85000
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2014 Mar 05
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 99 GENERAL AND MISCELLANEOUS; 97 MATHEMATICS AND COMPUTING
Citation Formats
Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, and Fritz, David Jakob. Malware detection and analysis. United States: N. p., 2016.
Web.
Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, & Fritz, David Jakob. Malware detection and analysis. United States.
Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, and Fritz, David Jakob. Tue .
"Malware detection and analysis". United States. https://www.osti.gov/servlets/purl/1243304.
@article{osti_1243304,
title = {Malware detection and analysis},
author = {Chiang, Ken and Lloyd, Levi and Crussell, Jonathan and Sanders, Benjamin and Erickson, Jeremy Lee and Fritz, David Jakob},
abstractNote = {Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {3}
}
Works referenced in this record:
Farm: An automated malware analysis environment
conference, October 2008
- Van Randwyk, Jamie; Chiang, Ken; Lloyd, Levi
- 2008 IEEE International Carnahan Conference on Security Technology (ICCST), 2008 42nd Annual IEEE International Carnahan Conference on Security Technology
Aggregating, retrieving, and providing access to document visuals
patent, February 2007
- Bebo, Michael; Carr, Merle; Schneider, Melissa
- US Patent Document 7,181,445
Classification of malware using clustering that orders events in accordance with the time of occurance
patent, October 2010
- Lee, Tony; Mody, Jigar J.; Lin, Ying
- US Patent Document 7,809,670
System and method for detecting malware in an executable code module according to the code module's exhibited behavior
patent, March 2011
- Bodorin, Daniel M.; Marinescu, Adrian
- US Patent Document 7,913,305
Apparatus and methods for remote classification of unknown malware
patent, July 2014
- Oliver, Jonathan J.
- US Patent Document 8,769,683
Method and System for Automatic Detection and Analysis of Malware
patent-application, March 2012
- Thomas, Ralph; Ligh, Michael
- US Patent Application 13/219208; 20120079596