Invention Grant
US09171160B2 Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses
有权
采用智能静态,仿真和动态分析的动态自适应框架和方法对恶意软件进行分类
- Patent Title: Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses
- Patent Title (中): 采用智能静态,仿真和动态分析的动态自适应框架和方法对恶意软件进行分类
-
Application No.: US14042420Application Date: 2013-09-30
-
Publication No.: US09171160B2Publication Date: 2015-10-27
- Inventor: Michael Vincent , Ali Mesdaq , Emmanuel Thioux , Abhishek Singh , Sai Vashisht
- Applicant: Michael Vincent , Ali Mesdaq , Emmanuel Thioux , Abhishek Singh , Sai Vashisht
- Applicant Address: US CA Milpitas
- Assignee: FireEye, Inc.
- Current Assignee: FireEye, Inc.
- Current Assignee Address: US CA Milpitas
- Agency: Rutan & Tucker LLP
- Agent William W. Schaal
- Main IPC: G06F21/56
- IPC: G06F21/56 ; H04L29/06
Abstract:
Techniques for malware detection are described herein. According to one aspect, control logic determines an analysis plan for analyzing whether a specimen should be classified as malware, where the analysis plan identifies at least first and second analyses to be performed. Each of the first and second analyses identified in the analysis plan including one or both of a static analysis and a dynamic analysis. The first analysis is performed based on the analysis plan to identify suspicious indicators characteristics related to processing of the specimen. The second analysis is performed based on the analysis plan to identify unexpected behaviors having processing or communications anomalies. A classifier determines whether the specimen should be classified as malicious based on the static and dynamic analyses. The analysis plan, the indicators, the characteristics, and the anomalies are stored in a persistent memory.
Public/Granted literature
Information query
