Patent · US Active

System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers

US9398028B1 · kind B1 · utility

176Cited by

204References

59Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Shrikrishna Karandikar · Fremont, US
Muhammad Amin · Fremont, US
Shivani Deshpande · Fremont, US
Yasir Khalid · Fremont, US

Key dates

Filing date	Jun 26, 2014
Grant date	Jul 19, 2016
Priority date	—
Expiry date	Jun 26, 2034

Classification

Technology area (CPC G)Physics
CPC primaryG06F2009/45595
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In an embodiment, a dynamic analysis engine is configured to receive an identifier associated with a source for network traffic including at least one object having at least a prescribed probability of being associated with an exploit. Deployed within a detection cloud, the dynamic analysis engine comprises one or more virtual machines and monitoring logic. The virtual machines are adapted to virtually process the identifier by establishing a communication session with a server hosting a website accessible by the identifier. In communication with the virtual machines, the monitoring logic is adapted to detect anomalous behaviors by the virtual machines during the communication session with the server.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.