Malware Target Recognition
First Claim
1. A method of recognizing malware in a computing environment having at least one computer, the method comprising:
- receiving a sample;
automatically determining by the at least one computer if the sample is malware using static analysis methods;
in response to the static analysis methods determining the sample is malware, using dynamic analysis methods by the at least one computer to automatically determine if the sample is malware;
in response to the dynamic analysis methods determining the sample is malware, present the sample to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses; and
in response to the adjudication determining the sample is malware, initiate a response action to recover from or mitigate a threat of the sample.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and program product are provided to recognize malware in a computing environment having at least one computer. A sample is received. An automatic determination is made by the at least one computer to determine if the sample is malware using static analysis methods. If the static analysis methods determine the sample is malware, dynamic analysis methods are used by the at least one computer to automatically determine if the sample is malware. If the dynamic analysis methods determine the sample is malware, the sample is presented to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses. If the adjudication determines the sample is malware, a response action is initiated to recover from or mitigate a threat of the sample.
295 Citations
20 Claims
-
1. A method of recognizing malware in a computing environment having at least one computer, the method comprising:
-
receiving a sample; automatically determining by the at least one computer if the sample is malware using static analysis methods; in response to the static analysis methods determining the sample is malware, using dynamic analysis methods by the at least one computer to automatically determine if the sample is malware; in response to the dynamic analysis methods determining the sample is malware, present the sample to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses; and in response to the adjudication determining the sample is malware, initiate a response action to recover from or mitigate a threat of the sample. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
a memory; a processor; and a program code resident in the memory and configured to be executed by the processor for recognizing malware, the program code further configured to receive a sample, automatically determine if the sample is malware using static analysis methods, in response to the static analysis methods determining the sample is malware, use dynamic analysis methods to automatically determine if the sample is malware, in response to the dynamic analysis methods determining the sample is malware, present the sample to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses, and receive a response action to recover from or mitigate a threat of the sample if the adjudication determines the sample is malware. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A program product comprising:
-
a computer recordable type medium; and a program code configured to recognize malware, the program code resident on the computer recordable type medium and further configured, when executed on a hardware implemented processor, to receive a sample, automatically determine if the sample is malware using static analysis methods, in response to the static analysis methods determining the sample is malware, use dynamic analysis methods to automatically determine if the sample is malware, in response to the dynamic analysis methods determining the sample is malware, present the sample to a malware analyst to adjudicate the automatic determinations of the static and dynamic analyses, and receive a response action to recover from or mitigate a threat of the sample if the adjudication determines the sample is malware.
-
Specification