Patent · US Active

Detecting malicious network content using virtual environment components

US8793787B2 · kind B2 · utility

307Cited by

113References

69Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Osman Abdoul Ismael · Palo Alto, US
Samuel Yie · Fremont, US
Jayaraman Manni · San Jose, US
Muhammad Amin · Fremont, US
Bahman Mahbod · Saratoga, US

Key dates

Filing date	Jan 23, 2009
Grant date	Jul 29, 2014
Priority date	—
Expiry date	Apr 26, 2031

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Malicious network content is identified based on the behavior of one or more virtual environment components which process network content in a virtual environment. Network content can be monitored and analyzed using a set of heuristics. The heuristics identify suspicious network content communicated over a network. The suspicious network content can further be analyzed in a virtual environment that includes one or more virtual environment components. Each virtual environment component is configured to mimic live environment components, for example a browser application component or an operating system component. The suspicious network content is replayed in the virtual environment using one or more of the virtual environment components. The virtual environment component behavior is analyzed in view of an expected behavior to identify malicious network content. The malicious network content is then identified and processed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.