| CPC H04L 63/1416 (2013.01) [G06F 18/214 (2023.01); G06N 20/00 (2019.01); H04L 63/102 (2013.01); H04L 63/1433 (2013.01); H04L 63/1466 (2013.01)] | 20 Claims |
|
1. A system for conducting cyberthreat analytics on a submitted object to determine whether the object is malicious, comprising:
a cloud platform configured to host resources including cloud processing resources and cloud storage resources; and
a cybersecurity system to analyze one or more received objects included as part of a submission received from a subscriber after authentication of the subscriber and verification that the subscriber is authorized to perform one or more tasks associated with the submission, wherein the cybersecurity system comprises
an interface to receive the submission including the one or more objects for analysis,
administrative control logic including (i) a credential management module being configured to generate a first credential assigned to the subscriber associated with the submission, and (ii) an auto-scaling module to generate analytic engines based on computing instances hosted by the cloud platform, and
an object evaluation logic configured to receive a data sample from the administrative control logic, the data sample being a portion of the submission that comprises the one or more received objects and context information associated with the one or more received objects, the object evaluation logic includes a cyberthreat analytic module that comprises the analytic engines each directed to a different analysis approach in analyzing the one or more received objects for malware,
wherein the analytic engines comprise a combination of two or more of any of (1) a static analytic engine to conduct an analysis on content of an object of the one or more received objects and generate results including observed features represented by characteristics of the object and the context information associated with the object; (2) a dynamic analytic engine to execute the object and generate results including features represented by observed behaviors of the dynamic analytic engine along with context information accompanying the observed features; (3) a machine learning analytic engine to submit the object as input into a trained machine-learning model and generates results including features represented by insights derived from the machine-learning model and accompanying context information; and (4) an emulation analytic engine to conduct reproduction of operations representing an execution of the object and generate results including features represented by behaviors captured during emulation and accompanying context information.
|