| CPC H04L 63/145 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1433 (2013.01)] | 23 Claims |
|
1. A system for generating information security management packages through malware analysis, the system comprising:
at least one non-transitory storage device; and
at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured for:
receiving one or more trace log files from one or more artifact data collection computing systems, wherein the one or more trace log files comprise artifact data and metadata associated with a target malware;
parsing the artifact data and metadata to identify one or more relationships between the target malware and one or more malware artifacts;
based on parsing the artifact data and metadata, generating one or more nodes within a malware graph database, the one or more nodes comprising a target malware node associated with the target malware and one or more artifact nodes associated with the one or more malware artifacts, wherein the target malware node is connected to the one or more artifact nodes by one or more edges, wherein each edge defines a relationship between the target malware and one of the one or more malware artifacts; and
executing a coverage analysis of an information security management package usable for detecting a presence of the target malware, wherein executing the coverage analysis comprises:
based on the malware graph database, computing a coverage level for the information security management package; and
based on the coverage level, determining whether to update the information security package.
|