×

System and method for verifying and detecting malware

  • US 10,225,280 B2
  • Filed: 02/23/2015
  • Issued: 03/05/2019
  • Est. Priority Date: 02/24/2014
  • Status: Expired due to Fees
First Claim
Patent Images

1. A device comprising:

  • a memory; and

    one or more processors to;

    perform behavior detonation through an execution of a file object in one or more virtual environments;

    extract feature values from one or more behavior traces generated from performing the behavior detonation;

    send the feature values to a machine learning model;

    identify the file object as a first malware object based on sending the feature values to the machine learning model;

    select one or more persistent artifacts, generated in the one or more virtual environments as a result of the execution of the file object in the one or more virtual environments, based on one or more algorithms applied to behavior traces of the file object,the one or more persistent artifacts including one or more of;

    information identifying a creation of a file, orinformation identifying an addition of a registry key;

    transform the one or more persistent artifacts into a form to detect a second malware object in another device using a different operating system,the one or more persistent artifacts, before being transformed, having a first mapping of an application data path, andthe one or more transformed persistent artifacts having a second mapping of the application data path,the second mapping corresponding to the different operating system; and

    incorporate the one or more transformed persistent artifacts into a set of instructions to be executed on the other device using the different operating system.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×