专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US09910988B1 Malware analysis in accordance with an analysis plan 有权
公开(公告)号：US09910988B1
公开(公告)日：2018-03-06
申请号：US14922024
申请日：2015-10-23
申请人： FIREEYE, INC.
发明人： Michael Vincent , Ali Mesdaq , Emmanuel Thioux , Abhishek Singh , Sal Vashisht
IPC分类号： G06F21/56 , H04L29/06
CPC分类号： G06F21/566 , G06F21/562 , G06F2221/034 , H04L63/1416 , H04L63/145
摘要： Techniques for malware detection are described. Herein, a system, which detects malware in a received specimen, comprises a processor and a memory. Communicatively coupled to the processor, the memory comprises a controller that controls analysis of the specimen for malware in accordance with an analysis plan. The memory further comprises (a) a static analysis module that performs at least a first static analysis to identify a suspicious indicator of malware and at least partially determine that the specimen includes a packed object; (b) an emulation analysis module that emulates operations associated with processing of the specimen by a software application or library, including unpacking an object of the specimen when the specimen is determined by the static analysis module to include the packed object, and monitors one or more behaviors of the specimen during the emulated operations; and a classifier that determines whether the specimen should be classified as malicious.

12. 发明授权

US09594912B1 Return-oriented programming detection 有权
标题翻译：面向返回的编程检测
公开(公告)号：US09594912B1
公开(公告)日：2017-03-14
申请号：US14311014
申请日：2014-06-20
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Yichong Lin
IPC分类号： G06F21/57 , G06F12/02
CPC分类号： G06F21/577 , G06F12/023 , G06F21/566 , G06F2212/1052 , G06F2221/033
摘要： According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically detect a function call by an application, responsive to detecting the function call, analyze contents located at one or more addresses located within a portion of memory allocated for the application, and, based on the analysis, determine whether one or more objects included in received network traffic is associated with a return-oriented programming (ROP) exploit.
摘要翻译：根据一个实施例，威胁检测系统与至少一个动态分析引擎集成。动态分析引擎被配置为响应于检测到功能调用来自动检测应用的功能调用，分析位于分配给应用的存储器的一部分内的一个或多个地址处的内容，并且基于该分析，确定包括在接收到的网络流量中的一个或多个对象是否与返回导向编程（ROP）利用相关联。

13. 发明授权

US09223972B1 Dynamically remote tuning of a malware content detection system 有权
标题翻译：动态远程调整恶意软件内容检测系统
公开(公告)号：US09223972B1
公开(公告)日：2015-12-29
申请号：US14231216
申请日：2014-03-31
申请人： FireEye, Inc.
发明人： Michael Vincent , Emmanuel Thioux , Sai Vashisht , Darien Kindlund
IPC分类号： G06F21/00 , G06F21/56
CPC分类号： G06F21/566
摘要： According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.
摘要翻译：根据一个实施例，一种装置包括处理器和存储器。通信地耦合到处理器，存储器包括一个或多个检测模块，每个检测模块是可配置为启用，禁用或修改相应的检测模块的能力的软件。第一检测模块，当由处理器执行时，检测模块执行包括对接收到的对象的分析的第一能力，以确定所接收的对象是否与恶意攻击相关联。在接收到比形成第一检测模块的软件大得多的配置文件的配置文件中可以改变分析，并且包括用于改变控制第一能力的一个或多个规则的信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式