| CPC G06F 21/565 (2013.01) [G06F 11/1448 (2013.01); G06F 21/53 (2013.01); G06F 21/554 (2013.01); G06F 2201/84 (2013.01); G06F 2221/033 (2013.01)] | 19 Claims |
|
1. A method for selecting files for malware analysis, the method comprising:
identifying, in a cloud network, a backup of a client machine;
extracting, from the backup, at least one file of a given file type;
determining whether to include the at least one file in a sandbox of the cloud network by performing a static analysis of the at least one file, wherein the static analysis comprises determining a likelihood of the at least one file being malicious and comparing the likelihood to a threshold likelihood;
in response to determining that the likelihood exceeds the threshold likelihood, selecting the at least one file for inclusion in the sandbox, wherein the sandbox is a software environment that isolates the at least one file from other files in the backup;
monitoring, for a period of time, a behavior of the at least one file in the sandbox by performing a dynamic analysis of the at least one file, wherein the dynamic analysis comprises classifying a given file as malicious or non-malicious;
when determining that the at least one file is malicious based on the dynamic analysis, performing a remediation action on the at least one file; and
when determining that the at least one file is not classified as malicious over the period of time based on the dynamic analysis, removing the at least one file from the sandbox.
|