Automated analysis pipeline determination in a malware analysis environment
A current selection of previously identified malicious files is identified. The selection includes identified malicious files in multiple formats that are tested by a malware analysis environment. Each specific malicious file is opened multiple times, using multiple versions of one or more correspon...
Gespeichert in:
| Hauptverfasser: | , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | A current selection of previously identified malicious files is identified. The selection includes identified malicious files in multiple formats that are tested by a malware analysis environment. Each specific malicious file is opened multiple times, using multiple versions of one or more corresponding program(s). The behavior of each malicious file is analyzed as it is opened with each version of the corresponding program(s). Based on observed behavior of malicious files as they are opened, the exploitability of each version of each program is determined and ranked. The malware analysis environment uses a specific number of versions of each program to test submitted files for maliciousness, in order from more exploitable to less so, based on the ranking. The specific number of versions of a given program to use is generally less than the total available number of versions, thereby reducing the time and computing resources spent per file. |
|---|