< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Method And System For Generating Cognitive Security Intelligence For Detecting And Preventing Malwares

Abstract: This disclosure relates to method and system for generating cognitive security intelligence for detecting and preventing malwares. In one embodiment, the method includes monitoring instructions being executed by a processor of a computing system, determining events triggered and activities performed by the execution of the instructions, correlating the events and the activities to determine a sequence of events and activities, and mapping the sequence of events and activities with a topographical threat map to detect a pattern match corresponding to a malware. The topographical threat map is event and activity behavior map of a number of categories of malwares, and is built based on a cognitive analysis using deep learning which may also be enriched with external knowledge or historic knowledge. The method further includes effecting a remedial measure, upon detecting the pattern match, to prevent the malware by constructing remedial instructions to be executed by the processor. FIG. 2

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
22 December 2017
Publication Number
26/2019
Publication Type
INA
Invention Field
COMPUTER SCIENCE
Status
Email
bangalore@knspartners.com
Parent Application
Patent Number
Legal Status
Grant Date
2023-12-27
Renewal Date

Applicants

WIPRO LIMITED
Doddakannelli, Sarjapur Road, Bangalore 560035, Karnataka, India.

Inventors

1. SRIDHAR GOVARDHAN
# 17, Palani Mudaliar Street Ulsoor, Bangalore -560008, Karnataka, India.

Specification

Claims:WE CLAIM
1. A method of generating cognitive security intelligence for detecting and preventing a malware in a computing system, the method comprising:
monitoring, by a cognitive security device implemented in the computing system, instructions being executed by a processor of the computing system;
determining, by the cognitive security device, a plurality of events triggered by the execution of the instructions and a plurality of activities performed by the execution of the instructions;
correlating, by the cognitive security device, the plurality of events and the plurality of activities to determine a sequence of events and activities;
mapping, by the cognitive security device, the sequence of events and activities with a topographical threat map to detect a pattern match corresponding to the malware, wherein the topographical threat map is event and activity behavior map of a plurality of categories of malwares, and is built based on a cognitive analysis of at least one of external knowledge, or historic knowledge; and
upon detecting the pattern match corresponding to the malware, effecting, by the cognitive security device, a remedial measure to prevent the malware by constructing remedial instructions to be executed by the processor.

2. The method of claim 1, wherein monitoring the instructions being executed by the processor further comprises replicating machine code instructions being executed by the processor.

3. The method of claim 1, wherein the plurality of events comprises at least one of device processes, device services, or registry.

4. The method of claim 1, wherein the plurality of activities comprises activities performed on at least one of memory, data, files, folders, or system configuration.

5. The method of claim 1, wherein detecting the pattern match comprises determining whether the sequence of events and activities is analogous to a sequence of event and activities demonstrated by the malware using the topographical threat map.

6. The method of claim 1, wherein mapping further comprises:
dynamically determining a security risk score and a security threat zone for a set of events from the plurality of events and a set of activities from the plurality of activities; and
predicting a security threat based on the security risk score and the security threat zone.

7. The method of claim 6, wherein effecting the remedial measure comprises effecting the remedial measure based on the predicted security threat.

8. The method of claim 1, wherein the remedial measure comprises at least one of suspending the instructions being executed by the processor, suspending the plurality of events, blocking the plurality of activities, or undoing the changes made by the malware.

9. The method of claim 1, wherein the malware is a ransomware having no pre-configured signature in the cognitive security device.

10. A computing system, comprising:
a cognitive security device for generating cognitive security intelligence for detecting and preventing a malware in the computing system, the cognitive security device comprising at least one processor and a computer-readable medium storing instructions that, when executed by the at least one processor, cause the at least one processor to perform operations comprising:
monitoring instructions being executed by a processor of the computing system;
determining a plurality of events triggered by the execution of the instructions and a plurality of activities performed by the execution of the instructions;
correlating the plurality of events and the plurality of activities to determine a sequence of events and activities;
mapping the sequence of events and activities with a topographical threat map to detect a pattern match corresponding to the malware, wherein the topographical threat map is event and activity behavior map of a plurality of categories of malwares, and is built based on a cognitive analysis of at least one of external knowledge, or historic knowledge; and
upon detecting the pattern match corresponding to the malware, effecting a remedial measure to prevent the malware by constructing remedial instructions to be executed by the processor.

11. The system of claim 10, wherein monitoring the instructions being executed by the processor of the computing system further comprises replicating machine code instructions being executed by the processor of the computing system.

12. The system of claim 10, wherein the plurality of events comprises at least one of device processes, device services, or registry, and wherein the plurality of activities comprises activities performed on at least one of memory, data, files, folders, or system configuration.

13. The system of claim 10, wherein detecting the pattern match comprises determining whether the sequence of events and activities is analogous to a sequence of event and activities demonstrated by the malware using the topographical threat map.

14. The system of claim 10, wherein mapping further comprises:
dynamically determining a security risk score and a security threat zone for a set of events from the plurality of events and a set of activities from the plurality of activities; and
predicting a security threat based on the security risk score and the security threat zone.

15. The system of claim 14, wherein effecting the remedial measure comprises effecting the remedial measure based on the predicted security threat.

16. The system of claim 10, wherein the remedial measure comprises at least one of suspending the instructions being executed by the processor, suspending the plurality of events, blocking the plurality of activities, or undoing the changes made by the malware.

17. The system of claim 10, wherein the malware is a ransomware having no pre-configured signature in the cognitive security device.

Dated this 22nd day of December, 2017

R Ramya Rao
IN/PA-1607
Of K&S Partners
Agent for the Applicant
, Description:TECHNICAL FIELD
This disclosure relates generally to information security, and more particularly to method and system for generating cognitive security intelligence for detecting and preventing malwares.

Documents

Application Documents

# Name Date
1 201741046343-STATEMENT OF UNDERTAKING (FORM 3) [22-12-2017(online)].pdf 2017-12-22
2 201741046343-REQUEST FOR EXAMINATION (FORM-18) [22-12-2017(online)].pdf 2017-12-22
3 201741046343-POWER OF AUTHORITY [22-12-2017(online)].pdf 2017-12-22
4 201741046343-FORM 18 [22-12-2017(online)].pdf 2017-12-22
5 201741046343-FORM 1 [22-12-2017(online)].pdf 2017-12-22
6 201741046343-DRAWINGS [22-12-2017(online)].pdf 2017-12-22
7 201741046343-DECLARATION OF INVENTORSHIP (FORM 5) [22-12-2017(online)].pdf 2017-12-22
8 201741046343-COMPLETE SPECIFICATION [22-12-2017(online)].pdf 2017-12-22
9 201741046343-REQUEST FOR CERTIFIED COPY [26-12-2017(online)].pdf 2017-12-26
10 201741046343-Proof of Right (MANDATORY) [07-02-2018(online)].pdf 2018-02-07
11 Correspondence by Agent_Form 1_09-02-2018.pdf 2018-02-09
12 201741046343-REQUEST FOR CERTIFIED COPY [09-03-2018(online)].pdf 2018-03-09
13 201741046343-PETITION UNDER RULE 137 [18-02-2021(online)].pdf 2021-02-18
14 201741046343-Information under section 8(2) [18-02-2021(online)].pdf 2021-02-18
15 201741046343-FORM 3 [18-02-2021(online)].pdf 2021-02-18
16 201741046343-FER_SER_REPLY [21-02-2021(online)].pdf 2021-02-21
17 201741046343-FER.pdf 2021-10-17
18 201741046343-US(14)-HearingNotice-(HearingDate-11-12-2023).pdf 2023-11-22
19 201741046343-POA [28-11-2023(online)].pdf 2023-11-28
20 201741046343-FORM 13 [28-11-2023(online)].pdf 2023-11-28
21 201741046343-Correspondence to notify the Controller [28-11-2023(online)].pdf 2023-11-28
22 201741046343-AMENDED DOCUMENTS [28-11-2023(online)].pdf 2023-11-28
23 201741046343-Written submissions and relevant documents [26-12-2023(online)].pdf 2023-12-26
24 201741046343-FORM-26 [26-12-2023(online)].pdf 2023-12-26
25 201741046343-FORM 3 [26-12-2023(online)].pdf 2023-12-26
26 201741046343-PatentCertificate27-12-2023.pdf 2023-12-27
27 201741046343-IntimationOfGrant27-12-2023.pdf 2023-12-27

Search Strategy

1 2020-08-1423-00-32E_14-08-2020.pdf

ERegister / Renewals

3rd: 19 Mar 2024

From 22/12/2019 - To 22/12/2020

4th: 19 Mar 2024

From 22/12/2020 - To 22/12/2021

5th: 19 Mar 2024

From 22/12/2021 - To 22/12/2022

6th: 19 Mar 2024

From 22/12/2022 - To 22/12/2023

7th: 19 Mar 2024

From 22/12/2023 - To 22/12/2024

8th: 18 Dec 2024

From 22/12/2024 - To 22/12/2025