Detection efficacy of virtual machine-based analysis with application specific events
US9916440B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 12, 2016 |
| Grant date | Mar 13, 2018 |
| Priority date | — |
| Expiry date | Feb 20, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computerized system and method is described for classifying objects as malicious by processing the objects in a virtual environment and monitoring behaviors during processing by one or more monitors, where the monitoring is conducted in an electronic device that is different than the electronic device within which an analysis of attributes of the objects is conducted beforehand. The monitors may monitor and record selected sets of process operations and capture associated process parameters, which describe the context in which the process operations were performed. By recording the context of process operations, the system and method described herein improves the intelligence of classifications and consequently reduces the likelihood of incorrectly identifying objects as malware or vice versa.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.