Skip to Content
Find More Like This
Return to Search

Malware detection and analysis

United States Patent

March 22, 2016
View the Complete Patent at the US Patent & Trademark Office
Sandia National Laboratories - Visit the Intellectual Property Management and Licensing Website
Embodiments of the invention describe systems and methods for malicious software detection and analysis. A binary executable comprising obfuscated malware on a host device may be received, and incident data indicating a time when the binary executable was received and identifying processes operating on the host device may be recorded. The binary executable is analyzed via a scalable plurality of execution environments, including one or more non-virtual execution environments and one or more virtual execution environments, to generate runtime data and deobfuscation data attributable to the binary executable. At least some of the runtime data and deobfuscation data attributable to the binary executable is stored in a shared database, while at least some of the incident data is stored in a private, non-shared database.
Chiang; Ken (San Francisco, CA), Lloyd; Levi (Livermore, CA), Crussell; Jonathan (Pleasanton, CA), Sanders; Benjamin (Dublin, CA), Erickson; Jeremy Lee (Fremont, CA), Fritz; David Jakob (Fort Collins, CO)
Sandia Corporation (Albuquerque, NM)
14/ 198,366
March 5, 2014
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH This invention was developed with Government support under Contract No. DE-AC04-94AL85000 between Sandia Corporation and the U.S. Department of Energy. The U.S. Government has certain rights in this invention.