ADVANCED PERSISTENT THREAT (APT) DETECTION CENTER
First Claim
1. A computerized method for discovering and identifying advanced persistent threats (APT) using an APT detection center, comprising:
- receiving, by an APT server, an object to be classified;
extracting features describing behavior of the received object;
storing the received object along with the extracted features in an APT database;
comparing the extracted features with features of objects in the APT database using an APT classifier; and
flagging the received object as an APT object in the APT database in response to determining that the extracted features include one or more APT related features having a prescribed level of correlation with one or more features of known APT objects in the APT database.
7 Assignments
0 Petitions
Accused Products
Abstract
A computerized method is described in which one or more received objects are analyzed by an advanced persistent threat (APT) detection center to determine if the objects are APTs. The analysis may include the extraction of features describing and characterizing features of the received objects. The extracted features may be compared with features of known APT malware objects and known non-APT malware objects to determine a classification or probability of the received objects being APT malware. Upon determination that the received objects are APT malware, warning messages may be transmitted to a user of associated client devices. Classified objects may also be used to generate analytic data for the prediction and prevention of future APT attacks.
-
Citations
31 Claims
-
1. A computerized method for discovering and identifying advanced persistent threats (APT) using an APT detection center, comprising:
-
receiving, by an APT server, an object to be classified; extracting features describing behavior of the received object; storing the received object along with the extracted features in an APT database; comparing the extracted features with features of objects in the APT database using an APT classifier; and flagging the received object as an APT object in the APT database in response to determining that the extracted features include one or more APT related features having a prescribed level of correlation with one or more features of known APT objects in the APT database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory storage medium including instructions discovering and identifying new advanced persistent threats (APT), when the instructions are executed by one or more hardware processors in an APT detection center, performs a plurality of operations, comprising:
-
extracting features, including APT related features, describing behavior and characteristics of received object to be classified; storing the received object along with the extracted features in an APT database; comparing, by an APT classifier, the extracted features, including the APT features, with features of known APT objects also stored in the APT database; and flagging the received object as an APT object in the APT database in response to determining that the extracted features are similar to one or more features of known APT objects in the APT database.
-
-
23. An advanced persistent threats (APT) detection center system for identifying and discovering new APTs, comprising:
-
one or more hardware processors; a memory including one or more software modules that, when executed by the one or more hardware processors; extract features, including APT related features, describing behavior of a received object to be classified; store the received object along with the extracted features in an APT database; compare, by an APT classifier, the extracted features, including the APT features, with features of known APT objects also stored in the APT database; and flag the received object as an APT object in the APT database in response to determining that the extracted features are similar to one or more features of known APT objects in the APT database.
-
-
24. A computerized method for discovering and identifying new advanced persistent threats (APT) using an APT detection center, comprising:
-
determining one or more features associated with an object, each of the one or more features describing a behavior of the object that is monitored during virtual processing of the object; comparing the one or more features with features of objects in an APT database using an APT classifier; and identifying the object as an APT object in the APT database in response to determining that the one or more features have a prescribed level of correlation with one or more features of the objects in the APT database. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
25. The computerized method of claim 25, wherein identifying the object as the APT object when a predefined number of the one or more features has a prescribed level of correlation with features of a known APT object in the APT database.
Specification