Method and apparatus for detecting malware in network traffic
US8370932B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 23, 2008 |
| Grant date | Feb 5, 2013 |
| Priority date | — |
| Expiry date | Nov 25, 2029 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus for detecting malware in network traffic is described. One embodiment executes, in an emulation environment, an executable file as it is being received serially over a network, execution beginning once a block of data including an entry point of the executable file has been received, execution halting whenever an instruction in the executable file references data not yet received and resuming once the data not yet received has been received, execution ceasing upon satisfaction of a termination condition; examining the emulation environment for indications that the executable file includes malware; and taking corrective action responsive to the results of examining the emulation environment for indications that the executable file includes malware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.