Systems and methods for virtualization and emulation assisted malware detection
US9519781B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 3, 2011 |
| Grant date | Dec 13, 2016 |
| Priority date | — |
| Expiry date | Nov 3, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/144
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods for virtualization and emulation assisted malware detection are described. In some embodiments, a method comprises intercepting an object; instantiating and processing the object in a virtualization environment; tracing operations of the object while processing within the virtualization environment; detecting suspicious behavior associated with the object; instantiating an emulation environment in response to the detected suspicious behavior; processing, recording responses to, and tracing operations of the object within the emulation environment; detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment; re-instantiating the virtualization environment; providing the recorded response from the emulation environment to the object in the virtualization environment; monitoring the operations of the object within the re-instantiation of the virtualization environment; identifying untrusted actions from the monitored operations; and generating a report regarding the identified untrusted actions of the object.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.