-
公开(公告)号:US11637859B1
公开(公告)日:2023-04-25
申请号:US17461925
申请日:2021-08-30
申请人: FireEye, Inc.
摘要: A system for detecting whether a file including content is associated with a cyber-attack is described. The content may include an executable file for example. The system includes an intelligence-driven analysis subsystem and a computation analysis subsystem. The intelligence-driven analysis subsystem is configured to (i) receive the file, (ii) inspect and compute features of the file for indicators associated with a cyber-attack, and (iii) produce a first output representing the detected indicators. The computational analysis subsystem includes an artificial neural network to (i) receive a network input being a first representation of at least one section of binary code from the file as input, and (ii) process the first representation of the section to produce a second output. The first output and the second output are used in determination a classification assigned to the file.
-
公开(公告)号:US11637857B1
公开(公告)日:2023-04-25
申请号:US16791933
申请日:2020-02-14
申请人: FireEye, Inc.
发明人: Ashar Aziz
摘要: A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.
-
公开(公告)号:US11632392B1
公开(公告)日:2023-04-18
申请号:US16840584
申请日:2020-04-06
申请人: FireEye, Inc.
发明人: Alexander Otvagin
摘要: As described, a cloud-based enrollment service is configured to advertise features and capabilities of clusters performing malware analyses within a cloud-based malware detection system. Upon receiving an enrollment request message, including tenant credentials associated with a sensor having an object to be analyzed for malware, the cloud-based enrollment service is configured to use the tenant credentials to authenticate the sensor and determine a type of subscription assigned to the sensor. Thereafter, the cloud-based enrollment service is further configured to transmit an enrollment response message including a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system. The advertised features and capabilities includes information to enable the sensor to establish direct communications with the selected cluster.
-
公开(公告)号:US11558401B1
公开(公告)日:2023-01-17
申请号:US16353982
申请日:2019-03-14
申请人: FireEye, Inc.
发明人: Sai Vashisht , Sumer Deshpande , Sushant Paithane , Rajeev Menon
摘要: A computerized method for analyzing an object is disclosed. The computerized method includes performing, by a first cybersecurity system, a first malware analysis of the object, wherein a first context information is generated by the first cybersecurity system based on the first malware analysis. The first context information includes at least origination information of the object. Additionally, a second cybersecurity system, obtains the object and the first context information and performs a second malware analysis of the object to determine a verdict indicating maliciousness of the object. The second malware analysis is based at least in part on the first context information. The second cybersecurity system generates and issues a report based on the second malware analysis, the report including the verdict.
-
公开(公告)号:US11381578B1
公开(公告)日:2022-07-05
申请号:US14481801
申请日:2014-09-09
申请人: FireEye, Inc.
摘要: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.
-
公开(公告)号:US11244044B1
公开(公告)日:2022-02-08
申请号:US16277907
申请日:2019-02-15
申请人: FireEye, Inc.
发明人: Amit Malik , Raghav Pande , Aakash Jain
摘要: According to one embodiment, a malware detection software being loaded into non-transitory computer readable medium for execution by a processor. The malware detection software comprises exploit detection logic, rule-matching logic, reporting logic and user interface logic. The exploit detection logic is configured to execute certain event logic with respect to a loaded module. The rule-matching logic includes detection logic that is configured to determine whether an access source is attempting to access a protected region and determine whether the access source is from a dynamically allocated memory. The reporting logic includes alert generating logic that is configured to generate an alert while the user interface logic is configured to notify a user or a network administrator of a potential cybersecurity attack.
-
公开(公告)号:US11201890B1
公开(公告)日:2021-12-14
申请号:US16370199
申请日:2019-03-29
申请人: FireEye, Inc.
IPC分类号: H04L9/00 , H04L29/06 , G06F16/901
摘要: A method for performing cyber-security analysis includes generating a semantic graph in which each object is represented as a node, and each event associated with an object is represented as an edge. A cyber-threat related alert, with an associated alert type, is received from a source. A first object from the plurality of objects is modified based on the alert. A plurality of threat scores, each associated with an object, are calculated, substantially concurrently, based on the alert type. Subsequently, a plurality of modified threat scores are determined for each object, based on: (1) the threat score for that object, (2) a connectivity of that object to each of the remaining objects within the semantic graph; and (3) the threat score for each remaining object from the plurality of objects. A subgraph of the semantic graph is identified based on normalized versions of the modified threat scores.
-
公开(公告)号:US11082436B1
公开(公告)日:2021-08-03
申请号:US16659461
申请日:2019-10-21
申请人: FireEye, Inc.
发明人: Muhammad Amin , Masood Mehmood , Ramaswamy Ramaswamy , Madhusudan Challa , Shrikrishna Karandikar
摘要: According to one embodiment, a system features a network security device and a cloud computing service. The network security device is configured to determine whether an object includes one or more characteristics associated with a malicious attack. The cloud computing service, communicatively coupled to and remotely located from the network security device, includes virtual execution logic that, upon execution by a processing unit deployed as part of the cloud computing service and after the network security device determining that the object includes the one or more characteristics associated with the malicious attack, processes the object and monitors for behaviors of at least the object suggesting the object is associated with a malicious attack.
-
9.
公开(公告)号:US11075930B1
公开(公告)日:2021-07-27
申请号:US16020896
申请日:2018-06-27
申请人: FireEye, Inc.
发明人: Jijo Xavier , Robert Venal
摘要: According to one embodiment, a system for detecting an email campaign includes feature extraction logic, pre-processing logic, campaign analysis logic and a reporting engine. The feature extraction logic obtains features from each of a plurality of malicious email messages received for analysis while the pre-processing logic generates a plurality of email representations that are arranged in an ordered sequence and correspond to the plurality of malicious email message. The campaign analysis logic determines the presence of an email campaign in response to a prescribed number of successive email representations being correlated to each other, where the results of the email campaign detection are provided to a security administrator via the reporting engine.
-
公开(公告)号:US10904286B1
公开(公告)日:2021-01-26
申请号:US15469400
申请日:2017-03-24
申请人: FireEye, Inc.
发明人: Rundong Liu
摘要: A computerized system and method to detect phishing cyber-attacks is described. The approach entails analyzing at least one displayable image of a webpage referenced by a URL associated with an email to ascertain whether the image, and thus the webpage and the email are part of a phishing cyber-attack.
-
-
-
-
-
-
-
-
-