Malicious content analysis with multi-version application support within single operating environment
First Claim
1. A method for detecting malicious content, comprising:
- installing a plurality of versions of a software application concurrently within a virtual machine, each of the plurality of versions of the software application being different from each other;
selecting, by logic being executed by a processor of a data processing system, a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine;
processing one or more software application versions of the subset of the plurality of versions of the software application to access a potentially malicious content suspect within the virtual machine, without switching to another virtual machine;
monitoring behaviors of the potentially malicious content suspect during processing by the one or more software application versions of the subset of the plurality of versions of the software application to detect behaviors associated with a malicious attack;
storing information associated with the detected behaviors that are associated with a malicious attack; and
issuing an alert with respect to the malicious attack.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for efficient malicious content detection in plural versions of a software application are described. According to one embodiment, the computerized method includes installing a plurality of different versions of a software application concurrently within a virtual machine and selecting a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine. Next, one or more software application versions of the subset of the plurality of versions of the software application are processed to access a potentially malicious content suspect within the virtual machine, without switching to another virtual machine. The behaviors of the potentially malicious content suspect during processing by the one or more software application versions are monitored to detect behaviors associated with a malicious attack. Thereafter, information associated with the detected behaviors pertaining to a malicious attack is stored, and an alert with respect to the malicious attack is issued.
737 Citations
47 Claims
-
1. A method for detecting malicious content, comprising:
-
installing a plurality of versions of a software application concurrently within a virtual machine, each of the plurality of versions of the software application being different from each other; selecting, by logic being executed by a processor of a data processing system, a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine; processing one or more software application versions of the subset of the plurality of versions of the software application to access a potentially malicious content suspect within the virtual machine, without switching to another virtual machine; monitoring behaviors of the potentially malicious content suspect during processing by the one or more software application versions of the subset of the plurality of versions of the software application to detect behaviors associated with a malicious attack; storing information associated with the detected behaviors that are associated with a malicious attack; and issuing an alert with respect to the malicious attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23, 24, 25, 26, 27, 28, 29, 30, 36, 37, 38, 39)
-
-
8. A malicious content detection system, comprising:
-
a processor; and a memory coupled to the processor, the memory to store instructions, including instructions that, when executed, cause the processor to install a plurality of versions of a software application concurrently within a virtual machine, each of the plurality of versions of the software application being different from each other, select a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine that is executed within the malicious content detection system, process one or more software application versions of the subset of the plurality of versions of the software application to access a potentially malicious content suspect within the virtual machine, without switching to another virtual machine, monitor behaviors of the potentially malicious content suspect during processing by each software application version of the subset of the plurality of versions of the software application to detect a behavior associated with a malicious attack, and issue an alert in response to detecting the malicious attack. - View Dependent Claims (9, 10, 11, 12, 13, 31, 32, 33, 40, 41, 42, 43)
-
-
14. A system, comprising:
-
a processor; and a memory communicatively coupled to the processor, the memory to store instructions that, when executed, cause the processor to perform operations, including install a plurality of versions of a software application within a virtual machine, each of the plurality of versions of the software application being different from each other, select a subset of the plurality of versions of the software application that are concurrently installed within the virtual machine, execute one or more software application versions of the subset of the plurality of versions of the software application concurrently to process a potentially malicious content suspect within the virtual machine, without switching to another virtual machine, monitor one or more behaviors of the potentially malicious content suspect during processing by each software application version of the subset of the plurality of versions of the software application to detect a behavior associated with a malicious attack, and issue an alert in response to detecting the malicious attack. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 34, 35, 44, 45, 46, 47)
-
Specification