US 11,893,117 B2
Software package analysis for detection of malicious properties
Ory Segal, Tel Aviv (IL); Yuri Shapira, Holon (IL); Avraham Shulman, Tel Aviv (IL); Benny Nissimov, Givatain (IL); and Shaked Yosef Zin, Tel Aviv-Jaffa (IL)
Assigned to Twistlock Ltd., Herzliya (IL)
Filed by Twistlock Ltd., Herzliya (IL)
Filed on May 20, 2022, as Appl. No. 17/664,250.
Application 17/664,250 is a continuation of application No. 16/847,374, filed on Apr. 13, 2020, granted, now 11,372,978.
Prior Publication US 2022/0277081 A1, Sep. 1, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06F 21/53 (2013.01)
CPC G06F 21/572 (2013.01) [G06F 21/53 (2013.01); G06F 21/566 (2013.01); G06F 21/577 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
loading a first application with known behavior into a controlled execution environment;
importing a software package into the first application;
based on first criteria for detecting behaviors that deviate from the known behavior of the first application, evaluating behavior patterns recorded during execution of the loaded first application having the imported software package;
based on determining that one or more behaviors recorded in the behavior patterns satisfy one or more of the first criteria, determining that the one or more behaviors correspond to deviations from the known behavior of the first application and are attributable to the software package;
computing a score indicative of trustworthiness of the software package based on scores assigned to the one or more behaviors; and
based on evaluating the score computed for the software package, determining that the software package is malicious.