Method and Product for Providing a Predictive Security Product and Evaluating Existing Security Products
First Claim
Patent Images
1. A malware evaluator system, comprising:
- a non-transitory memory storing a variant of a malware specimen; and
one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;
scanning the variant with one or more malware detectors to determine an evasiveness characteristic of the variant and a maliciousness characteristic of the variant;
determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic of the variant and the maliciousness characteristic of the variant;
based on the determined likelihood, selecting the variant for mutation; and
mutating the selected variant to generate one or more successive variants.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, product and computer program product for evaluating a generation of malware variants, the method including the steps of: scanning, with one or more malware detectors, a variant of a malware specimen; determining an evasiveness characteristic of the variant and a maliciousness characteristic of the variant; determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic of the variant and the maliciousness characteristic of the variant; and based on the determined likelihood, selecting the variant for propagation.
-
Citations
22 Claims
-
1. A malware evaluator system, comprising:
-
a non-transitory memory storing a variant of a malware specimen; and one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising; scanning the variant with one or more malware detectors to determine an evasiveness characteristic of the variant and a maliciousness characteristic of the variant; determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic of the variant and the maliciousness characteristic of the variant; based on the determined likelihood, selecting the variant for mutation; and mutating the selected variant to generate one or more successive variants. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
-
scanning, with one or more malware detectors, a variant of a malware specimen; determining an evasiveness characteristic corresponding to the variant and a maliciousness characteristic corresponding to the variant; determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic corresponding to the variant and the maliciousness characteristic corresponding to the variant; and based on the determined likelihood, selecting the variant for mutation. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for evaluating a generation of malware variants comprising:
-
scanning, with one or more malware detectors, a variant of a malware specimen; determining an evasiveness characteristic of the variant and a maliciousness characteristic of the variant; determining a likelihood that the variant meets one or more criteria based at least on the evasiveness characteristic and the maliciousness characteristic of the variant; and based on the determined likelihood, selecting the variant for propagation. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A method for evaluating a generation of malware variants comprising:
-
scanning, with one or more malware detectors, two or more variants of a malware specimen; determining an evasiveness characteristic and a maliciousness characteristic of each of the variants; determining a likelihood that each of the variants meets one or more criteria based at least on the evasiveness characteristic and the maliciousness characteristic of each of the variants; and selecting a variant of the two or more variants that has a highest determined likelihood of meeting the one or more criteria; and mutating the selected variant to generate one or more successive variants.
-
Specification