Malware analysis and recovery

Smith, Jared M.

Title: Malware analysis and recovery

Full Record
Other Related Research

Abstract

A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.

Inventors:: Smith, Jared M.

Issue Date:: 2021-02-23

Research Org.:: Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1805551

Patent Number(s):: 10931685

Application Number:: 15/837,942

Assignee:: UT-Battelle, LLC (Oak Ridge, TN)

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 12/11/2017

Country of Publication:: United States

Language:: English

Citation Formats


                    Smith, Jared M. Malware analysis and recovery.  United States: N. p., 2021. 
        Web.

Copy to clipboard


                    Smith, Jared M. Malware analysis and recovery.  United States.

Copy to clipboard


                    Smith, Jared M. Tue .  
        "Malware analysis and recovery".  United States.  https://www.osti.gov/servlets/purl/1805551.

Copy to clipboard


                    
@article{osti_1805551,

  title        = {Malware analysis and recovery},

  author       = {Smith, Jared M.},

  abstractNote = {A system and method detects malware by processing notifications from an intrusion detection system and baseline snapshots from an image capture utility. The image capture utility constructs an image of the suspected malware intrusion and links the suspected malware intrusion to the baseline snapshots. The system and method propagates the image of the suspected malware intrusion across multiple networks before it distinguishes malicious code, device state, and files from benign code, device state, and files. Some systems and methods include a malware recovery system that executes machine learning instructions and heuristics to revert a client and/or a remote server to one or more baseline snapshots.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2021},

  month        = {2}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Similar Records in DOE Patents and OSTI.GOV collections:

Malware detection and analysis

Patent Chiang, Ken; Lloyd, Levi; Crussell, Jonathan; ...

Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable tomore » « less
Full Text Available
Integrating multiple data sources for malware classification

Patent Anderson, Blake Harrell; Storlie, Curtis B; Lane, Terran

Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.
Full Text Available
Statistical fingerprinting for malware detection and classification

Patent Prowell, Stacy J.; Rathgeb, Christopher T.

A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device.more » « less
Full Text Available
System and method for monitoring power consumption to detect malware

Patent Prowell, Stacy J.; Nichols, Jeffrey A.; Hernandez Jimenez, Jarilyn M.

A system and method (referred to as the system) detects malware, viruses, and/or malicious activity by generating a direct current source power consumption profile by causing a monitored device to execute a fully automated recurrent software operation. The system receives by an automated detection system, the direct current source power consumption profile generated by an intelligent power sensor and generates by a detection engine, a power security profile that identifies suspicious code by profiling direct current consumed by monitored type devices. The system executes a detection engine remote from the monitored device that identifies an infected device.
Full Text Available
Enzymatically active high-flux selectively gas-permeable membranes for enhanced oil recovery and carbon capture

Patent Rempe, Susan Lynne; Jiang, Ying-Bing; Vanegas, Juan; ...

A membrane structure for moving a gaseous object species from a first region having an object species first concentration, through the membrane structure, to a second region having an object species second concentration different from the first concentration is described. The membrane includes a supporting substrate having a plurality of pores therethrough, each of the plurality of pores defined by a first end, a second end and a surface of the supporting substrate extending between the first end and the second end as well as a nanoporous layer within the plurality of pores, wherein the nanoporous layer comprises a hydrophilicmore » « less
Full Text Available

Similar Records