Malicious content analysis with multi-version application support within single operating environment
US9626509B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 13, 2013 |
| Grant date | Apr 18, 2017 |
| Priority date | — |
| Expiry date | Mar 13, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45591
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Techniques for efficient and effective malicious content detection in plural versions of a software application are described herein. According to one embodiment, multiple versions of a software application are concurrently within a virtual machine (VM) executed within a data processing system. For each of the versions of the software application, a corresponding one of the versions is invoked to access a malicious content suspect within the VM without switching to another VM. The behaviors of each of the versions of the software application in response to the malicious content suspect is monitored to detect anomalous behavior indicative of malicious content in the malicious content suspect during execution of any of the versions of the software application. The detected anomalous behaviors, and, associated therewith, a version number corresponding to each of the versions of the software application whose execution resulted in the anomalous behavior are stored. An alert with respect to any indicated malicious content is issued.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.