Methods and systems for malware analysis
First Claim
Patent Images
1. A computer-implemented method executed by one or more processors, the method comprising:
- training a particular analyzer using machine learning to classify data samples as including malware or not including malware;
providing data for generating a graphical user interface at a user device, the graphical user interface being configured to receive, through user selectable options, configuration data that (i) defines a user-defined workflow to control one or more analyzers for analyzing malware having a particular malware attribute and (ii) specifies whether one or more virtual machines are to be supported by the user-defined workflow;
receiving, from the user device, the configuration data through the graphical user interface;
storing the configuration data in a workflow definition database, the workflow definition database including workflow definitions for a plurality of workflows respectively associated with a plurality of malware attributes;
receiving a sample including a potential malware;
determining, by the one or more processors at a server, at least one malware attribute of the sample;
determining that the at least one malware attribute of the sample includes the particular malware attribute;
selecting, from the plurality of workflows, the user-defined workflow for analyzing the sample;
causing, by the one or more processors at the server, one or more analyzers to analyze the sample according to the user-defined workflow to obtain an analysis result, the one or more analyzers including the particular analyzer that is trained using machine learning; and
providing (I) the analysis result in a colloquial language format, and (II) data for generating a second graphical user interface at the user device, the second graphical user interface being configured to display, at the user device, the analysis result and an action control interface that receives a selection of one or more remedial actions based on the analysis result.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, system, and media for analyzing a potential malware sample are disclosed. A sample for malware analysis may be received. The sample may be received through a web interface. The sample may be analyzed using a plurality of analyzers implemented on one or more computing devices. The analyzers may perform a sequence of configurable analytic steps to extract information about the sample. The extracted information may be displayed to a user through the web interface.
-
Citations
36 Claims
-
1. A computer-implemented method executed by one or more processors, the method comprising:
-
training a particular analyzer using machine learning to classify data samples as including malware or not including malware; providing data for generating a graphical user interface at a user device, the graphical user interface being configured to receive, through user selectable options, configuration data that (i) defines a user-defined workflow to control one or more analyzers for analyzing malware having a particular malware attribute and (ii) specifies whether one or more virtual machines are to be supported by the user-defined workflow; receiving, from the user device, the configuration data through the graphical user interface; storing the configuration data in a workflow definition database, the workflow definition database including workflow definitions for a plurality of workflows respectively associated with a plurality of malware attributes; receiving a sample including a potential malware; determining, by the one or more processors at a server, at least one malware attribute of the sample; determining that the at least one malware attribute of the sample includes the particular malware attribute; selecting, from the plurality of workflows, the user-defined workflow for analyzing the sample; causing, by the one or more processors at the server, one or more analyzers to analyze the sample according to the user-defined workflow to obtain an analysis result, the one or more analyzers including the particular analyzer that is trained using machine learning; and providing (I) the analysis result in a colloquial language format, and (II) data for generating a second graphical user interface at the user device, the second graphical user interface being configured to display, at the user device, the analysis result and an action control interface that receives a selection of one or more remedial actions based on the analysis result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; and a non-transitory computer-readable storage medium coupled to the one or more processors having instructions stored thereon which, when executed by the one or more processors, causes the one or more processors to perform operations comprising; training a particular analyzer using machine learning to classify data samples as including malware or not including malware; providing data for generating a graphical user interface at a user device, the graphical user interface being configured to receive, through user selectable options, configuration data that (i) defines a user-defined workflow to control one or more analyzers for analyzing malware having a particular malware attribute and (ii) specifies whether one or more virtual machines are to be supported by the user-defined workflow; receiving, from the user device, the configuration data through the graphical user interface; storing the configuration data in a workflow definition database, the workflow definition database including workflow definitions for a plurality of workflows respectively associated with a plurality of malware attributes; receiving a sample including a potential malware; determining, at a server, at least one malware attribute of the sample; determining that the at least one malware attribute of the sample includes the particular malware attribute; selecting, from the plurality of workflows, the user-defined workflow for analyzing the sample; causing, at the server, one or more analyzers to analyze the sample according to the user-defined workflow to obtain an analysis result, the one or more analyzers including the particular analyzer that is trained using machine learning; and providing (I) the analysis result in a colloquial language format and (II) data for generating a second graphical user interface at the user device, the second graphical user interface being configured to display, at the user device, the analysis result and an action control interface that receives a selection of one or more remedial actions based on the analysis result. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer-readable storage medium encoded with a computer program comprising instructions that, when executed, operate to cause one or more processors to perform operations comprising:
-
training a particular analyzer using machine learning to classify data samples as including malware or not including malware; providing data for generating a graphical user interface at a user device, the graphical user interface being configured to receive, through user selectable options, configuration data that (i) defines a user-defined workflow to control one or more analyzers for analyzing malware having a particular malware attribute and (ii) specifies whether one or more virtual machines are to be supported by the user-defined workflow; receiving, from the user device, the configuration data through the graphical user interface; storing the configuration data in a workflow definition database, the workflow definition database including workflow definitions for a plurality of workflows respectively associated with a plurality of malware attributes; receiving a sample including a potential malware; determining, at a server, at least one malware attribute of the sample; determining that the at least one malware attribute of the sample includes the particular malware attribute; selecting, from the plurality of workflows, the user-defined workflow for analyzing the sample; causing, at the server, one or more analyzers to analyze the sample according to the user-defined workflow to obtain an analysis result, the one or more analyzers including the particular analyzer that is trained using machine learning; and providing (I) the analysis result in a colloquial language format and (II) data for generating a second graphical user interface at the user device, the second graphical user interface being configured to display, at the user device, the analysis result and an action control interface that receives a selection of one or more remedial actions based on the analysis result. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification