US2019199747A1PendingUtilityA1
Malware and exploit campaign detection system and method
Est. expirySep 11, 2033(~7.2 yrs left)· nominal 20-yr term from priority
G06F 21/566H04L 63/0272G06F 16/951H04L 63/1416H04L 63/1466H04L 63/1491G06F 21/53G06F 21/56
50
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A malware and exploit campaign detection system and method are provided that cannot be detected by the malware or exploit campaign. The system may provide threat feed data to the vendors that produce in-line network security and end point protection (anti virus) technologies. The system may also be used as a testing platform for 3rd party products. Due to the massive footprint of the system's cloud infrastructure and disparate network connections and geo-location obfuscation techniques, NSS can locate and monitor malware across the globe and provide detailed threat analysis for each specific region, as they often support and host different malware/cybercrime campaigns.
Claims
exact text as granted — not AI-modified1 . A malware and exploit campaign detection system, comprising:
a plurality of computer systems; a capture stack that is configured to issue a uniform resource locator to each computer system to download a piece of malicious code; a replay stack that is configured to test the piece of malicious code in a live environment and generate data about the replay of the piece of malicious code; a proxy stack that is configured to perform testing of the piece of malicious code without accessing the uniform resource locator; and a master hypervisor controller that controls the capture stack, the replay stack and the proxy stack.
2 . The system of claim 1 , wherein the capture stack, the replay stack and the proxy stack run in parallel.
3 . The system of claim 1 further comprising a zero day module that identifies zero day attacks.
4 . The system of claim 1 further comprising SQL servers configured to store data of the system.
5 . The system of claim 1 further comprising a transfer server.
6 . The system of claim 1 , wherein the capture stack is configured to create a copy of the piece of malicious code and catalogs operating system changes caused by the piece of malicious code.
7 . The system of claim 1 , wherein the capture stack is configured to capture communications with the plurality of computer systems.
8 . The system of claim 1 , wherein each stack is one or more server computers.
9 . The system of claim 8 , wherein each stack has a virtual machine.
10 . A malware and exploit campaign detection method, method comprising:
executing a capturing process, wherein the capturing process issues a uniform resource locator to each computer system to download a piece of malicious code; executing a replay process, wherein the reply process tests the piece of malicious code in a live environment and generates data about the replay of the piece of malicious code; executing a proxying process, the proxying process performs testing of the piece of malicious code without accessing the uniform resource locator; and controlling, using a master hypervisor controller, the capture process, the replay process and the proxy process.
11 . The method of claim 10 further comprising executing the capture process, the replay process and the proxy process in parallel.
12 . The method of claim 10 further comprising identifying, using a zero day module, zero day attacks.
13 . The method of claim 10 , wherein executing the capturing process further comprises creating a copy of the piece of malicious code and cataloging operating system changes caused by the piece of malicious code.
14 . The method of claim 10 , wherein executing the capturing process further comprises capturing communications with the plurality of computer systems.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.