Patent · US Active

System and method for analysis of a memory dump associated with a potentially malicious content suspect

US10198574B1 · kind B1 · utility

149Cited by

199References

24Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Emmanuel Thioux · Santa Cruz, US
Muhammad Amin · Fremont, US
Osman Abdoul Ismael · Palo Alto, US

Key dates

Filing date	May 27, 2016
Grant date	Feb 5, 2019
Priority date	—
Expiry date	Jun 19, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/033
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A network device for detecting malware is described. The network device features a memory storage device and a controller. The controller operating in cooperation with one or more virtual machines that are based on software modules stored within the memory storage device. The controller is configured to (i) monitor behaviors of at least a first virtual machine of the one or more virtual machines processing data received over a network, (ii) identify at least one anomalous behavior that includes either a communication anomaly or an execution anomaly, and (iii) detect, based on the identified at least one anomalous behavior, a presence of malware in the first virtual machine in response to identifying the at least one anomalous behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.