Morgan Stanley
Distributed system for file analysis and malware detection

Abstract:

A system for receiving and indexing files transmitted on a network, comprising one or more intermediate agents, each connecting a network sensor to a source collection subsystem, an analysis subsystem, an indexing subsystem, and one or more databases. The system detects that a file has been transmitted via the network, offers transmission from an intermediate agent to the source collection subsystem after a deduplication process at the intermediate agent, transmits the file from the intermediate agent to the source collection subsystem after another deduplication process at the source collection subsystem, transmits the file from the source collection subsystem to the analysis subsystem, performs structural analysis of characteristics of the file within the analysis subsystem; and stores the file and results of the structural analysis in an indexed form in the one or more databases.