Behavior profiling for malware detection
First Claim
1. A method for behavior profiling for malware detection, comprising:
- applying, via executable instructions stored in memory and executed by one or more processors coupled to a computer network, a domain specific language to a target accessible via the computer network, the domain specific language utilized to detect malware associated with the target, the domain specific language having a set of rules which includes;
detecting a set of temporal sequences and temporal events of the target;
determining a presence of one or more markers within the set of temporal sequences and temporal events that are indicative of the malware; and
identifying the target as being associated with the malware based on the presence of the one or more markers.
4 Assignments
0 Petitions
Accused Products
Abstract
Provided herein are systems and methods for behavior profiling of targets to determine malware presence. The method includes, in various embodiments, applying a domain specific language to a target, observing a set of temporal sequences and events of the target; determining presence of markers within the set of temporal sequences and events indicative of malware, and identifying the target as being associated with malware based on the markers. In some embodiments, a malware detection system is provided for creating a behavioral sandbox environment where a target is inspected for malware. The behavioral sandbox environment can include forensic collectors. Each of the collectors may be configured to apply a domain specific language to a target; observe a set of temporal sequences and events of the target; determine presence of markers within the set of temporal sequences and events indicative of malware; and detect malware presence based on the markers.
-
Citations
24 Claims
-
1. A method for behavior profiling for malware detection, comprising:
-
applying, via executable instructions stored in memory and executed by one or more processors coupled to a computer network, a domain specific language to a target accessible via the computer network, the domain specific language utilized to detect malware associated with the target, the domain specific language having a set of rules which includes; detecting a set of temporal sequences and temporal events of the target; determining a presence of one or more markers within the set of temporal sequences and temporal events that are indicative of the malware; and identifying the target as being associated with the malware based on the presence of the one or more markers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A malware detection system, comprising:
-
a processor; and a memory for storing executable instructions, the instructions being executed by the processor to create a behavioral sandbox environment where a target is inspected for malware, the behavioral sandbox environment using a plurality of forensic analyzers that are each configured to; apply a domain specific language to the target; detect a set of temporal sequences and temporal events of the target; determine a presence of one or more markers within the set of temporal sequences and temporal events that are indicative of the malware; and detect malware presence based on the presence of the one or more markers. - View Dependent Claims (21, 22, 23, 24)
-
Specification