Systems and methods for analyzing zero-day attacks

A computer-implemented method for analyzing zero-day attacks may include 1) identifying, within a database of known security vulnerabilities, disclosure timing information that indicates when a security vulnerability was publicly disclosed, 2) correlating a file with the security vulnerability by se...

Full description

Saved in:
Bibliographic Details
Main Authors DUMITRAS TUDOR, YUMER LEYLYA
Format Patent
LanguageEnglish
Published 13.10.2015
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:A computer-implemented method for analyzing zero-day attacks may include 1) identifying, within a database of known security vulnerabilities, disclosure timing information that indicates when a security vulnerability was publicly disclosed, 2) correlating a file with the security vulnerability by searching a database of file activity for at least one file that is associated with an attack that exploits the security vulnerability, 3) identifying, within the database of file activity, activity timing information indicating timing of one or more activities that involve the file and that occurred on endpoint computing devices before the security vulnerability was publicly disclosed, and 4) comparing the disclosure timing information with the activity timing information to investigate a potential zero-day attack that exploits the security vulnerability. Various other methods, systems, and computer-readable media are also disclosed.
Bibliography:Application Number: US201313901977