×

Methods and systems for malware analysis

  • US 9,350,747 B2
  • Filed: 10/31/2013
  • Issued: 05/24/2016
  • Est. Priority Date: 10/31/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method executed by one or more processors, the method comprising:

  • training a particular analyzer using machine learning to classify data samples as including malware or not including malware;

    providing data for generating a graphical user interface at a user device, the graphical user interface being configured to receive, through user selectable options, configuration data that (i) defines a user-defined workflow to control one or more analyzers for analyzing malware having a particular malware attribute and (ii) specifies whether one or more virtual machines are to be supported by the user-defined workflow;

    receiving, from the user device, the configuration data through the graphical user interface;

    storing the configuration data in a workflow definition database, the workflow definition database including workflow definitions for a plurality of workflows respectively associated with a plurality of malware attributes;

    receiving a sample including a potential malware;

    determining, by the one or more processors at a server, at least one malware attribute of the sample;

    determining that the at least one malware attribute of the sample includes the particular malware attribute;

    selecting, from the plurality of workflows, the user-defined workflow for analyzing the sample;

    causing, by the one or more processors at the server, one or more analyzers to analyze the sample according to the user-defined workflow to obtain an analysis result, the one or more analyzers including the particular analyzer that is trained using machine learning; and

    providing (I) the analysis result in a colloquial language format, and (II) data for generating a second graphical user interface at the user device, the second graphical user interface being configured to display, at the user device, the analysis result and an action control interface that receives a selection of one or more remedial actions based on the analysis result.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×