US 9,811,659 B1
Systems and methods for time-shifted detection of security threats
Daniel Asheghian, Los Gatos, CA (US)
Assigned to Symantec Corporation, Mountain View, CA (US)
Filed by Symantec Corporation, Mountain View, CA (US)
Filed on Aug. 25, 2015, as Appl. No. 14/834,988.
Int. Cl. G06F 21/00 (2013.01); G06F 21/55 (2013.01); H04L 29/06 (2006.01); G06F 17/30 (2006.01); G06F 11/00 (2006.01); G06F 12/14 (2006.01); G06F 12/16 (2006.01)
CPC G06F 21/552 (2013.01) [G06F 17/30073 (2013.01); H04L 63/1416 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method for time-shifted detection of security threats, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
collecting, from a computing system, history data that describes activity of the computing system during a past time period;
archiving the history data in association with the past time period;
identifying, by a software security system that protects the computing system, a potential security threat to the computing system that:
was unknown to the software security system during the past time period;
is not currently present on the computing system; and
wherein the potential security threat comprises a security threat caused by malicious activity that removed evidence of the malicious activity before the software security became aware of the potential threat; and
in response to identifying the potential security threat, replaying the history data through the software security system to enable the software security system to determine whether the computing system was affected by the potential security threat during the past time period.