System and method for detecting malware in a stream of bytes
First Claim
Patent Images
1. A system comprising:
- a hardware unit executing a first process and a second, different, process;
the first process configured to;
receive a stream of bytes,select a first offset,cause the second process to execute the stream of bytes from the first offset, andmonitor an execution of the stream of bytes by the second process; and
the second process configured to;
execute the stream of bytes from the first offset;
wherein the first process is configured to perform at least one of;
start execution of the second process, stop execution of the second process and resume execution of the second process, and wherein the first process is further configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method may include a first unit configured to receive a stream of bytes, cause a second unit to execute the stream of bytes from a selected first offset, and monitor an execution of the stream of bytes by the second unit. A second unit may be configured to execute the stream of bytes from the selected offset. The first unit may be configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware.
21 Citations
21 Claims
-
1. A system comprising:
-
a hardware unit executing a first process and a second, different, process; the first process configured to; receive a stream of bytes, select a first offset, cause the second process to execute the stream of bytes from the first offset, and monitor an execution of the stream of bytes by the second process; and the second process configured to; execute the stream of bytes from the first offset; wherein the first process is configured to perform at least one of;
start execution of the second process, stop execution of the second process and resume execution of the second process, and wherein the first process is further configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes a malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a stream of bytes by a first unit, the first unit including a memory and a controller; selecting, by the first unit, a first offset; causing, by the first unit, a second, different unit to execute the stream of bytes from the selected first offset wherein the second unit includes a memory and a controller; monitoring, by the first unit, an execution of the stream of bytes by the second unit; and determining, based on the execution of the stream of bytes, whether or not the stream of bytes includes malware; wherein the first unit is configured to perform at least one of;
start execution of the second unit, stop execution of the second unit and resume execution of the second unit, and wherein the first unit is further configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes malware.- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
selecting, a first offset in a byte stream; causing a first unit including a memory and a controller to execute the byte stream from the selected first offset; monitoring, by a second, different unit including a memory and a controller, an execution of the byte stream; and determining, by the second unit and based on a result of the execution, whether or not the stream of bytes includes malware; wherein the first unit is configured to perform at least one of;
start execution of the second unit, stop execution of the second unit and resume execution of the second unit, and wherein the first unit is further configured to determine, based on the execution of the stream of bytes, whether or not the stream of bytes includes malware.
-
Specification