| Abstract: Embodiments of the invention describe systems and methods for malicious
software detection and analysis. A binary executable comprising
obfuscated malware on a host device may be received, and incident data
indicating a time when the binary executable was received and identifying
processes operating on the host device may be recorded. The binary
executable is analyzed via a scalable plurality of execution
environments, including one or more non-virtual execution environments
and one or more virtual execution environments, to generate runtime data
and deobfuscation data attributable to the binary executable. At least
some of the runtime data and deobfuscation data attributable to the
binary executable is stored in a shared database, while at least some of
the incident data is stored in a private, non-shared database. |
| Filed: 3/5/2014 |
| Application Number: 14/198366 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Attribution for Derwent World Patents Index Records published on Sandia ® Clarivate. All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |