Palo Alto Networks, Inc.
CONTEXT-BASED ANALYSIS OF APPLICATIONS

Abstract:

Evaluating samples is disclosed. A sample is received. A system component dependency graph is built for the sample. The system component dependency graph includes a plurality of nodes and at least one edge. A first node included in the plurality of nodes is one of: (1) a system component, (2) an indirect call component, or (3) a system event. The edge is an indirect call instruction. A verdict for the sample is determined based at least in part on the system component dependency graph.