Patent · US Active

Micro-virtual machine forensics and detection

US9922192B1 · kind B1 · utility

28Cited by

18References

24Claims

0Family size

Assignee

Bromium, Inc. · US

Inventors

Rahul Kashyap · Foster City, US
J. McEnroe Samuel Navaraj · Santa Clara, US
Baibhav Singh · Sunnyvale, US
Arun Passi · Sunnyvale, US
Rafal Wojtczuk · Warszawa, PL

Key dates

Filing date	Jul 24, 2015
Grant date	Mar 20, 2018
Priority date	—
Expiry date	Mar 14, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The execution of a process within a virtual machine (VM) may be monitored, and when a trigger event occurs, additional monitoring is initiated, including storing behavior data describing the real-time events taking place inside the VM. This behavior data may then be compared to information about the expected behavior of that type of process in order to determine whether malware has compromised the VM. The trigger event may be analyzed in relation to a set of heuristics, and based on the analysis, a data collection process may be initiated wherein the data comprises information about events occurring in the first virtual machine.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.