Malicious content analysis with multi-version application support within single operating environment
US10025927B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 17, 2017 |
| Grant date | Jul 17, 2018 |
| Priority date | — |
| Expiry date | Apr 17, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45591
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Techniques for efficient malicious content detection in plural versions of a software application are described. According to one embodiment, the computerized method includes installing a plurality of different versions of a software application concurrently within a virtual machine and selecting a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine. Next, one or more software application versions of the subset of the plurality of versions of the software application are processed to access a potentially malicious content suspect within the virtual machine, without switching to another virtual machine. The behaviors of the potentially malicious content suspect during processing by the one or more software application versions are monitored to detect behaviors associated with a malicious attack. Thereafter, information associated with the detected behaviors pertaining to a malicious attack is stored, and an alert with respect to the malicious attack is issued.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.