×

Method and system for detecting and remediating polymorphic attacks across an enterprise

  • US 10,193,906 B2
  • Filed: 12/09/2016
  • Issued: 01/29/2019
  • Est. Priority Date: 12/09/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting potential malware comprising:

  • a)

         1) obtaining an attack tree representative of an attack on a network, the attack tree formed of objects;

    2) analyzing the objects to determine whether each of the objects is classified as known or unknown, in accordance with predetermined criteria; and

    ,3) representing the unknown objects in the attack tree as generalized objects, resulting in the creation of a generalized attack tree from the obtained attack tree;

    b) breaking the first generalized attack tree into subtrees including generalized objects;

    c) obtaining at least one subtree including generalized objects associated with a subsequent generalized attack tree including generalized objects;

    d) comparing the subtrees from the first generalized attack tree to the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects;

    e) creating an updated generalized attack tree from the subtrees from the first generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree;

    f) obtaining the subtrees associated with updated generalized attack tree;

    g) comparing the subtrees associated with the updated generalized attack tree with the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects; and

    ,h) creating an updated generalized attack tree from the subtrees from the previously updated generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree, to detect potential malware.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×