Malware analysis and recovery
Abstract
A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.
- Inventors:
- Issue Date:
- Research Org.:
- Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1805551
- Patent Number(s):
- 10931685
- Application Number:
- 15/837,942
- Assignee:
- UT-Battelle, LLC (Oak Ridge, TN)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- DOE Contract Number:
- AC05-00OR22725
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 12/11/2017
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Smith, Jared M. Malware analysis and recovery. United States: N. p., 2021.
Web.
Smith, Jared M. Malware analysis and recovery. United States.
Smith, Jared M. Tue .
"Malware analysis and recovery". United States. https://www.osti.gov/servlets/purl/1805551.
@article{osti_1805551,
title = {Malware analysis and recovery},
author = {Smith, Jared M.},
abstractNote = {A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2021},
month = {2}
}
Works referenced in this record:
Protection System Including Machine Learning Snapshot Evaluation
patent-application, June 2015
- Kohlenberg, Tobias M.; Tatourian, Igor
- US Patent Application 14/360333; 20150178496
Evaluation of incremental backup copies for presence of malicious codes in computer systems
patent, June 2011
- Liao, En-Yi; Liao, Chinghsien
- US Patent Document 7,962,956
Bulk data distribution system
patent, July 2017
- Prater, Alexander Clark; Estevez, Victor Gregory; Carlson, Matthew Rice
- US Patent Document 9,697,268
Method for Processing an Intrusion into a Wireless Communication Network, Related Device and Computer Program
patent-application, October 2017
- Espes, David; Cuppens, NOra
- US Patent Application 15/516577; 20170302688
Methods and apparatus for virus detection using journal data
patent, April 2011
- Natanzon, Assaf; Drukh, Evgeny; Ahal, Shlomo
- US Patent Document 7,934,262
SDI-Scam
patent-application, April 2012
- Herz, Frederick S. M.
- US Patent Application 13/279893; 20120102570
Systems and methods for remediating the effects of malware
patent, November 2017
- Subramanian, Sonia
- US Patent Document 9,813,443
Intrusion detection method and signature table
patent-application, June 2003
- Brock, Ashley Anderson; Kim, Nathaniel Wook; McClain, Kevin Thomas
- US Patent Application 10/015377; 20030110393
Method and system for isolating suspicious email
patent-application, December 2005
- Huddleston, David E.
- US Patent Application 11/130896; 20050273856
Systems and Methods for Processing Data Flows
patent-application, August 2007
- Kapoor, Harsh; Akerman, Moisey; Justus, Stephen D.
- US Patent Application 11/610296; 20070192863
Automated Malware Detection and Remediation
patent-application, October 2011
- Hooks, David E.; Quinn, Mitchell N.
- US Patent Application 12/754814; 20110247071
Detecting and Marking Client Devices
patent-application, October 2014
- Hentunen, David
- US Patent Application 14/249747; 20140310811
Intrusion Detection and Radio Fingerprint Tracking
patent-application, August 2016
- Sen, Robi; Shattil, Steve
- US Patent Application 14/109928; 20160226892
Snapshot and restore technique for computer system recovery
patent, August 2010
- Fan, Paul; Lin, Jason T.; Wang, Pumbaa
- US Patent Document 7,784,098
Method and System for Identifying Enterprise Network Hosts Infected with Slow and/ or Distributed Scanning Malware
patent-application, November 2009
- Abdel-Aziz, Bassem; Chow, Stanley; Chen, Shu-Lin
- US Patent Application 12/124431; 20090293122
Security Alert Prioritization
patent-application, March 2014
- Manadhata, Pratyusa Kumar; Rao, Prasad V.
- US Patent Application 13/629222; 20140090056
System and method for deprioritizing and presenting data
patent-application, May 2007
- Mustafa, Tarique; Staniford, Stuart
- US Patent Application 11/268297; 20070118906
Intrusion prevention system (IPS) mode for a malware detection system
patent, December 2014
- McDougal, Monty D.; Lee, Jesse J.; Gilmore, William L.
- US Patent Document 8,914,882
Automated threat analysis
patent-application, December 2007
- Shevchenko, Sergei
- US Patent Application 11/600259; 20070283192
Prioritizing intrusion detection logs
patent-application, October 2005
- Gassoway, Paul A.
- US Patent Application 10/832692; 20050240781
Malicious Code Infection Cause-and-Effect Analysis
patent-application, January 2015
- Hartell, Gregory D.; Steeves, David J.; Hudis, Efim
- US Patent Application 14/481873; 20150013007
Centralized Storage and Management of Malware Manifests
patent-application, April 2016
- Kashyap, Rahul C.; Navaraj, J. McEnroe Samuel; Passi, Arun
- US Patent Application 14/954853; 20160099951
Systems and methods for orchestrating runtime operational integrity
patent, March 2015
- Kumar, Srinivas; Pollutro, Dennis Vance
- US Patent Document 8,990,948
Automated Behavior and Static Analysis Using an Instrumented Sandbox and Machine Learning Classification for Mobile Security
patent-application, April 2013
- Titonis, Theodora H.; Manohar-Alers, Nelson R.; Wysopal, Christopher J.
- US Patent Application 13/617568; 20130097706
Network Intrusion Detection with Distributed Correlation
patent-application, July 2011
- Figlin, Igal; Zavalkovsky, Arthur; Arzi, Lior
- US Patent Application 12/686959; 20110173699
System and method for detecting malicious traffic using a virtual machine configured with a select software environment
patent, May 2016
- Aziz, Ashar
- US Patent Document 9,356,944
Malicious code infection cause-and-effect analysis
patent-application, June 2007
- Hartrell, Gregory D.; Steeves, David J.; Hudis, Efim
- US Patent Application 11/321754; 20070150957
System ad Method for Managing Environment Configuration Using Snapshots
patent-application, February 2013
- Carmel, Yuval; Peleg, Guy; Halamish, Michal
- US Patent Application 13/198893; 20130036214
System and Method of Active Remediation and Passive Protection Against Cyber Attacks
patent-application, January 2014
- Cheng, Lee C.
- US Patent Application 13/953790; 20140033310
Computer virus and malware cleaner
patent-application, June 2007
- Nason, D. David; Lizon, Joshua Nathaniel
- US Patent Application 11/303397; 20070143843
Detecting advanced persistent threats
patent, December 2014
- Saklikar, Samir Dilipkumar; Kuppa, Aditya; Moreau, Dennis
- US Patent Document 8,904,531
Automatic Health-Check Method and Device for On-Line System
patent-application, December 2014
- Fu, Yisheng; Ji, Naigeng; Tian, Longhui
- US Patent Application 14/364290; 20140372602
Integrated network threat analysis
patent, April 2016
- Arcamone, Michael; Diehl, Matthew D.
- US Patent Document 9,313,217
Method and System for Automatic Detection and Analysis of Malware
patent-application, June 2016
- Thomas, Ralph; Ligh, Bruce Michael
- US Patent Application 15/003273; 20160156658
Remediation for Ransomware Attacks on Cloud Drive Folders
patent-application, February 2018
- Iwanir, Elad; Lahav, Chen; Tamir, Gal
- US Patent Application 15/375001; 20180034835
Security Policy Generation Based on Snapshots of Similar Virtual Machines
patent-application, November 2016
- Deng, Yu; Mahindra, Ruchi; Ramasamy, HariGovind V.
- US Patent Application 14/699251; 20160321455
System for Automated Computer Support
patent-application, December 2014
- Hooks, David Eugene
- US Patent Application 14/467780; 20140365825
Generation of alerts in an event management system based upon risk
patent, March 2016
- Dotan, Yedidya; Friedman, Lawrence N.; Nair, Manoj
- US Patent Document 9,282,114
Dynamic throughput ingestion of backup sources
patent, May 2019
- Thomas, Markose; Manjunath, Chinmaya
- US Patent Document 10,298,680
Method and system for a self-heating device
patent, November 2009
- Kramer, Michael; Field, Scott A.; Seinfeld, Marc E.
- US Patent Document 7,624,443
System and Method Employing Structured Intelligence to Verify and Contain Threats at Endpoints
patent-application, November 2014
- Cunningham, Sean; Dana, Robert; Nardone, Joseph
- US Patent Application 14/216453; 20140344926
Periodic Mobile Forensics
patent-application, April 2015
- Guido, Mark D.
- US Patent Application 14/062513; 20150121522
Malicious Code Infection Cause-and -Effect Analysis
patent-application, April 2015
- Hartell, Gregory D.; Steeves, David J.; Hudis, Efim
- US Patent Application 14/481864; 20150101010
System and Method for Cyber Security Threat Detection
patent-application, September 2013
- Paine, Jeffrey
- US Patent Application 15/699777; 20180255077