Patent · US Active

System and method for IPS and VM-based detection of suspicious objects

US9756074B2 · kind B2 · utility

156Cited by

213References

23Claims

0Family size

Assignee

FireEye, Inc. · US

Inventors

Ashar Aziz · Kendall, US
Muhammad Amin · Fremont, US
Osman Abdoul Ismael · Palo Alto, US
Zheng Bu · Fremont, US

Key dates

Filing date	Mar 27, 2014
Grant date	Sep 5, 2017
Priority date	—
Expiry date	Mar 27, 2034

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/145
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A threat detection system is integrated with intrusion protection system (IPS) logic and virtual execution logic is shown. The IPS logic is configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects. The second plurality of objects is a subset of the first plurality of objects and is lesser or equal in number to the first plurality of objects. The virtual execution logic is configured to automatically verify whether any of the suspicious objects is an exploit. The virtual execution logic comprises at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.