Malware detection and analysis
Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.
- Research Organization:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- Assignee:
- Sandia Corporation (Albuquerque, NM)
- Patent Number(s):
- 9,294,486
- Application Number:
- 14/198,366
- OSTI ID:
- 1243304
- Resource Relation:
- Patent File Date: 2014 Mar 05
- Country of Publication:
- United States
- Language:
- English
Similar Records
Malware forensics on mobile devices for DOE-EM applications - 15708
Tools for Large-Scale Mobile Malware Analysis