DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Malware detection and analysis

Abstract

Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.

Inventors:
; ; ; ; ;
Issue Date:
Research Org.:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1243304
Patent Number(s):
9294486
Application Number:
14/198,366
Assignee:
Sandia Corporation (Albuquerque, NM)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
DOE Contract Number:  
AC04-94AL85000
Resource Type:
Patent
Resource Relation:
Patent File Date: 2014 Mar 05
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS; 97 MATHEMATICS AND COMPUTING

Citation Formats

Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, and Fritz, David Jakob. Malware detection and analysis. United States: N. p., 2016. Web.
Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, & Fritz, David Jakob. Malware detection and analysis. United States.
Chiang, Ken, Lloyd, Levi, Crussell, Jonathan, Sanders, Benjamin, Erickson, Jeremy Lee, and Fritz, David Jakob. Tue . "Malware detection and analysis". United States. https://www.osti.gov/servlets/purl/1243304.
@article{osti_1243304,
title = {Malware detection and analysis},
author = {Chiang, Ken and Lloyd, Levi and Crussell, Jonathan and Sanders, Benjamin and Erickson, Jeremy Lee and Fritz, David Jakob},
abstractNote = {Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2016},
month = {3}
}

Works referenced in this record:

Farm: An automated malware analysis environment
conference, October 2008

  • Van Randwyk, Jamie; Chiang, Ken; Lloyd, Levi
  • 2008 IEEE International Carnahan Conference on Security Technology (ICCST), 2008 42nd Annual IEEE International Carnahan Conference on Security Technology
  • https://doi.org/10.1109/CCST.2008.4751322

Aggregating, retrieving, and providing access to document visuals
patent, February 2007


Method and System for Automatic Detection and Analysis of Malware
patent-application, March 2012