Independent malware detection architecture

Smith, Jared M.; Petrik, Rachel L.; Arik, Berat E.

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Independent malware detection architecture

Abstract

A system and method (referred to as the system) detect malware by training a rule-based model, a functional based model, and a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device. The system extracts a feature set from a second memory snapshot captured from an operating state of the monitored device and processes the feature set by the rule-based model, the functional-based model, and the deep learning-based model. The system identifies identifying instances of malware on the monitored device without processing data identifying an operating system of the monitored device, data associated with a prior identification of the malware, data identifying a source of the malware, data identifying a location of the malware on the monitored device, or any operating system specific data contained within the monitored device.

Inventors:: Smith, Jared M.; Petrik, Rachel L.; Arik, Berat E.

Issue Date:: 2023-04-04

Research Org.:: STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH AND DEVELOPMENT These inventions were made with United States government support under Contract No. DE-AC05-000R22725 awarded by the United States Department of Energy. The United States government has certain rights in the inventions.

Sponsoring Org.:: USDOE

OSTI Identifier:: 1998261

Patent Number(s):: 11620384

Application Number:: 16/530,054

Assignee:: UT-Battelle, LLC (Oak Ridge, TN)

DOE Contract Number:: AC05-00OR22725

Resource Type:: Patent

Resource Relation:: Patent File Date: 08/02/2019

Country of Publication:: United States

Language:: English

Citation Formats


                    Smith, Jared M., Petrik, Rachel L., and Arik, Berat E. Independent malware detection architecture.  United States: N. p., 2023. 
        Web.

Copy to clipboard


                    Smith, Jared M., Petrik, Rachel L., & Arik, Berat E. Independent malware detection architecture.  United States.

Copy to clipboard


                    Smith, Jared M., Petrik, Rachel L., and Arik, Berat E. Tue .  
        "Independent malware detection architecture".  United States.  https://www.osti.gov/servlets/purl/1998261.

Copy to clipboard


                    
@article{osti_1998261,

  title        = {Independent malware detection architecture},

  author       = {Smith, Jared M. and Petrik, Rachel L. and Arik, Berat E.},

  abstractNote = {A system and method (referred to as the system) detect malware by training a rule-based model, a functional based model, and a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device. The system extracts a feature set from a second memory snapshot captured from an operating state of the monitored device and processes the feature set by the rule-based model, the functional-based model, and the deep learning-based model. The system identifies identifying instances of malware on the monitored device without processing data identifying an operating system of the monitored device, data associated with a prior identification of the malware, data identifying a source of the malware, data identifying a location of the malware on the monitored device, or any operating system specific data contained within the monitored device.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2023},

  month        = {4}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

System Memory Integrity Monitoring
patent-application, August 2016

Fraser, Timothy Jon; Molina-Terriza, Jesus Maria; Petroni, Nick Louis
US Patent Application 14/618997; 20160232354
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160232354

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
journal, July 2018

Cohen, Aviad; Nissim, Nir
Expert Systems with Applications, Vol. 102
https://doi.org/10.1016/j.eswa.2018.02.039

Malware Analysis and Recovery
patent-application, June 2018

Smith, Jared M.
US Patent Application 15/837942; 20180167403
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20180167403

Automated Forensics of Computer Systems Using Behavioral Intelligence
patent-application, December 2015

Mumcuoglu, Michael; Engel, Giora; Firstenberg, Eyal
US Patent Application 14/758966; 20150358344
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150358344

Automated malware detection using artifacts in forensic memory images
conference, May 2016

Mosli, Rayan; Li, Rui; Yuan, Bo
2016 IEEE Symposium on Technologies for Homeland Security (HST)
https://doi.org/10.1109/THS.2016.7568881

System and Method of Performing Memory Data Collection for Memory Forensics in a Computing Device
patent-application, July 2018

Gathala, Sudha Anil Kumar; Salajegheh, Mastooreh; Das, Saumitra Mohan
US Patent Application 15/407390; 20180203996
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20180203996

Bare-metal computer security appliance
patent, July 2016

Lukacs, Sandor; Colesa, Adrian V.
US Patent Document 9,383,934
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9383934

Automated Classification of Exploits Based on Runtime Environmental Features
patent-application, June 2018

Guri, Mordechai; Gorelik, Michael; Yehoshua, Ronen
US Patent Application 15/324659; 20180181752
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20180181752

Malware Detection with Deep Neural Network Using Process Behavior
conference, June 2016

Tobiyama, Shun; Yamaguchi, Yukiko; Shimada, Hajime
2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC)
https://doi.org/10.1109/COMPSAC.2016.151

Method and System for Automatic Detection and Analysis of Malware
patent-application, March 2012

Thomas, Ralph; Ligh, Michael
US Patent Application 13/219208; 20120079596
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20120079596

Demo
conference, October 2017

Smith, Jared M.; Greenlee, Elliot; Ferber, Aaron
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
https://doi.org/10.1145/3133956.3138854

Malware Detection
patent-application, February 2011

Stahlberg, Mika
US Patent Application 12/462913; 20110041179
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20110041179

Periodic Mobile Forensics
patent-application, April 2015

Guido, Mark D.
US Patent Application 14/062513; 20150121522
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150121522

Similar Records in DOE Patents and OSTI.GOV collections:

Statistical fingerprinting for malware detection and classification

Patent Prowell, Stacy J.; Rathgeb, Christopher T.

A system detects malware in a computing architecture with an unknown pedigree. The system includes a first computing device having a known pedigree and operating free of malware. The first computing device executes a series of instrumented functions that, when executed, provide a statistical baseline that is representative of the time it takes the software application to run on a computing device having a known pedigree. A second computing device executes a second series of instrumented functions that, when executed, provides an actual time that is representative of the time the known software application runs on the second computing device.more » « less
Full Text Available
Malware detection and analysis

Patent Chiang, Ken; Lloyd, Levi; Crussell, Jonathan; ...

Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable tomore » « less
Full Text Available
System and method for monitoring power consumption to detect malware

Patent Prowell, Stacy J.; Nichols, Jeffrey A.; Hernandez Jimenez, Jarilyn M.

A system and method (referred to as the system) detects malware, viruses, and/or malicious activity by generating a direct current source power consumption profile by causing a monitored device to execute a fully automated recurrent software operation. The system receives by an automated detection system, the direct current source power consumption profile generated by an intelligent power sensor and generates by a detection engine, a power security profile that identifies suspicious code by profiling direct current consumed by monitored type devices. The system executes a detection engine remote from the monitored device that identifies an infected device.
Full Text Available
Systems and methods for architecture-independent binary code analysis

Patent Haile, Jedediah T.; Beckman, Bryan R.; Havens, Sage R.; ...

Binaries configured for execution within respective computing environments may be disassembled into architecture-specific intermediate (AIL) representations. The AIL representations may be converted into canonical intermediate language (CIL) representations. The CIL representations may comprise normalized, architecture-independent code configured to characterize functionality of respective components of a binary (e.g., respective functions or the like). Feature vectors may be extracted from the CIL representations. The feature vectors may be used to identify components of respective binaries, assign security classifications to the binaries, and/or the like.
Full Text Available
Neutron detection using Poisson distribution comparison independent of count rate based on correlation signals

Patent Rowland, Mark S.; Snyderman, Neal J.

Embodiments are directed to comparison-based methods of conditionally assessing the excess in correlation of an unknown neutron count measurement compared to the correlation present in a data defined as background, and to providing a technical definition of excess correlation intended to properly handle the measured excess correlation. The degree of correlation between an unknown source and background can be used to prevent masking of neutron count data for the source by background radiation.
Full Text Available

Similar Records

Title: Independent malware detection architecture

Abstract

Citation Formats

System Memory Integrity Monitoring patent-application, August 2016

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory journal, July 2018

Malware Analysis and Recovery patent-application, June 2018

Automated Forensics of Computer Systems Using Behavioral Intelligence patent-application, December 2015

Automated malware detection using artifacts in forensic memory images conference, May 2016

System and Method of Performing Memory Data Collection for Memory Forensics in a Computing Device patent-application, July 2018

Bare-metal computer security appliance patent, July 2016

Automated Classification of Exploits Based on Runtime Environmental Features patent-application, June 2018

Malware Detection with Deep Neural Network Using Process Behavior conference, June 2016

Method and System for Automatic Detection and Analysis of Malware patent-application, March 2012

Demo conference, October 2017

Malware Detection patent-application, February 2011

Periodic Mobile Forensics patent-application, April 2015

System Memory Integrity Monitoring
patent-application, August 2016

Trusted detection of ransomware in a private cloud using machine learning methods leveraging meta-features from volatile memory
journal, July 2018

Malware Analysis and Recovery
patent-application, June 2018

Automated Forensics of Computer Systems Using Behavioral Intelligence
patent-application, December 2015

Automated malware detection using artifacts in forensic memory images
conference, May 2016

System and Method of Performing Memory Data Collection for Memory Forensics in a Computing Device
patent-application, July 2018

Bare-metal computer security appliance
patent, July 2016

Automated Classification of Exploits Based on Runtime Environmental Features
patent-application, June 2018

Malware Detection with Deep Neural Network Using Process Behavior
conference, June 2016

Method and System for Automatic Detection and Analysis of Malware
patent-application, March 2012

Demo
conference, October 2017

Malware Detection
patent-application, February 2011

Periodic Mobile Forensics
patent-application, April 2015