×

Detecting a malicious file infection via sandboxing

  • US 10,389,740 B2
  • Filed: 06/12/2017
  • Issued: 08/20/2019
  • Est. Priority Date: 03/31/2015
  • Status: Active Grant
First Claim
Patent Images

1. A device, comprising:

  • a memory; and

    one or more processors to;

    receive a malicious file;

    provoke, based on receiving the malicious file, a network activity reaction when operating the malicious file in a testing environment;

    determine, based on provoking the network activity reaction, a network activity profile associated with the malicious file,the network activity profile including information regarding at least one of;

    one or more requested network addresses,quantities of packets sent or received,distributions of packets sent or received,one or more ports that are opened for communication, orone or more ports that are utilized for communication;

    determine whether network activity for one or more client devices corresponds to the network activity profile;

    determine that the one or more client devices are infected with the malicious file based on the network activity having a threshold similarity to the network activity profile; and

    cause, based on determining that the one or more client devices are infected with the malicious file, a remediation action to be performed on the one or more client devices.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×