Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses

Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses

The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated exe...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Watson Andrew, Wawda Abubakar
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Watson Andrew
Wawda Abubakar
description The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9692773B1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9692773B1</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9692773B13</originalsourceid><addsrcrecordid>eNqNzDEOgkAQRmEaC6PeYS5AoSQSWo3GHq3JyP4Lmyw7ZGfFcHsx8QBWr_ny1pmpZ00YlDgYGpB6MUpWIjmDkJydXejIIKFNTkKOiXUpPdHz5CQqiSXrPJRewSB28vUD-zdHLE_2s0K32cqyV-x-3WR0vdzPtxyjNNCRWwSk5lFXx-pQlsVpX_xBPuAxP5g</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses</title><source>esp@cenet</source><creator>Watson Andrew ; Wawda Abubakar</creator><creatorcontrib>Watson Andrew ; Wawda Abubakar</creatorcontrib><description>The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2017</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170627&amp;DB=EPODOC&amp;CC=US&amp;NR=9692773B1$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76290</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170627&amp;DB=EPODOC&amp;CC=US&amp;NR=9692773B1$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Watson Andrew</creatorcontrib><creatorcontrib>Wawda Abubakar</creatorcontrib><title>Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses</title><description>The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2017</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNzDEOgkAQRmEaC6PeYS5AoSQSWo3GHq3JyP4Lmyw7ZGfFcHsx8QBWr_ny1pmpZ00YlDgYGpB6MUpWIjmDkJydXejIIKFNTkKOiXUpPdHz5CQqiSXrPJRewSB28vUD-zdHLE_2s0K32cqyV-x-3WR0vdzPtxyjNNCRWwSk5lFXx-pQlsVpX_xBPuAxP5g</recordid><startdate>20170627</startdate><enddate>20170627</enddate><creator>Watson Andrew</creator><creator>Wawda Abubakar</creator><scope>EVB</scope></search><sort><creationdate>20170627</creationdate><title>Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses</title><author>Watson Andrew ; Wawda Abubakar</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9692773B13</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2017</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Watson Andrew</creatorcontrib><creatorcontrib>Wawda Abubakar</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Watson Andrew</au><au>Wawda Abubakar</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses</title><date>2017-06-27</date><risdate>2017</risdate><abstract>The disclosed computer-implemented method for identifying detection-evasion behaviors of files undergoing malware analyzes may include (1) monitoring, by a plurality of monitor components related to an automated execution environment, a file that is undergoing a malware analysis in the automated execution environment, (2) detecting a suspicious discrepancy among the monitor components with respect to computing activity observed in connection with the malware analysis by (A) identifying a monitor component that has observed the computing activity in connection with the malware analysis and (B) identifying another monitor component that has not observed the computing activity in connection with the malware analysis, and then (3) determining, based at least in part on the suspicious discrepancy, that the file demonstrates a detection-evasion behavior that led to the other monitor component not observing the computing activity in connection with the malware analysis. Various other methods, systems, and computer-readable media are also disclosed.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9692773B1
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Systems and methods for identifying detection-evasion behaviors of files undergoing malware analyses
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-04T04%3A29%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Watson%20Andrew&rft.date=2017-06-27&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9692773B1%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true