首页>
外国专利>
Retroactive identification of previously unknown malware based on network traffic analysis from a sandbox environment
Retroactive identification of previously unknown malware based on network traffic analysis from a sandbox environment
展开▼
机译:根据沙盒环境中的网络流量分析,追溯识别以前未知的恶意软件
展开▼
页面导航
摘要
著录项
相似文献
摘要
Techniques are provided for retroactively identifying malware programs when new signatures become available that later match network traffic previously obtained from the sandbox environment. An exemplary method comprises obtaining a plurality of packet capture files comprising previously captured network communications of malware programs that previously executed in a sandbox environment, wherein each of the packet capture files are associated with a corresponding malware program that generated the network communications; obtaining signatures indicative of at least one malware program; comparing the signatures to the packet capture files; and retroactively identifying a given malware program as malware if a signature matches a given packet capture file associated with the given malware program. A plurality of malware samples that were previously unidentified are optionally correlated with the given malware program based on a scan of additional packet capture files for the signature that matched the given packet capture file.
展开▼