Optimized resource allocation for virtual machines within a malware content detection system
First Claim
1. A computerized method conducted by a system, comprising:
- determining software profile information of an operating environment targeted for received content;
responsive to determining that the system supports a first software profile that corresponds to the software profile information and a first virtual machine instance operating with the first software profile is currently running, instantiating a second virtual machine instance operating with the first software profile to conduct malware analysis on the received content, the second virtual machine instance being provided access to resources allocated for use by the first virtual machine instance; and
instantiating a third virtual machine instance that is based on a software profile that is different than the first software profile wherein the first software profile is associated with a first version of a particular application and the software profile is associated with a second version of the particular application that is different from the first version of the particular application, the third virtual machine instance being allocated resources that are not shared by the first virtual machine instance and the second virtual machine instance.
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a computerized method comprises operations of receiving incoming content propagating over a network and determining software profile information of an operating environment targeted for the incoming content. Responsive to determining that the system supports a first software profile that corresponds to the software profile information and a first virtual machine instance operating with the first software profile is currently running, a second virtual machine instance operating with the first software profile is instantiated for conducting a malware analysis on the incoming content. The second virtual machine instance is provided access to resources allocated for use by the first virtual machine instance.
748 Citations
42 Claims
-
1. A computerized method conducted by a system, comprising:
-
determining software profile information of an operating environment targeted for received content; responsive to determining that the system supports a first software profile that corresponds to the software profile information and a first virtual machine instance operating with the first software profile is currently running, instantiating a second virtual machine instance operating with the first software profile to conduct malware analysis on the received content, the second virtual machine instance being provided access to resources allocated for use by the first virtual machine instance; and instantiating a third virtual machine instance that is based on a software profile that is different than the first software profile wherein the first software profile is associated with a first version of a particular application and the software profile is associated with a second version of the particular application that is different from the first version of the particular application, the third virtual machine instance being allocated resources that are not shared by the first virtual machine instance and the second virtual machine instance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An electronic device for conducting an analysis for malware, comprising:
-
a network port adapted to receive incoming content; and a controller coupled to the network port, the controller to (i) determine software profile information of an operating environment targeted for the incoming content, and (ii) responsive to a determination that the electronic device supports a first software profile that corresponds to the software profile information and a first virtual machine instance operating with the first software profile is currently running, instantiate a second virtual machine instance operating with the first software profile to conduct malware analysis on the incoming content, the second virtual machine instance being provided access to resources allocated for use by the first virtual machine instance, wherein the resources include one or more memory pages within a memory implemented within the electronic device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An electronic device for conducting an analysis for malware, comprising:
-
a network port adapted to receive incoming content; and a controller coupled to the network port, the controller to (i) determine software profile information of an operating environment targeted for the incoming content, and (ii) responsive to a determination that the electronic device supports a first software profile that corresponds to the software profile information and a first virtual machine instance operating with the first software profile is currently running, instantiate a second virtual machine instance operating with the first software profile to conduct malware analysis on the incoming content, wherein the second virtual machine instance, operating concurrently with the first virtual machine instance, being provided access to resources allocated for use by the first virtual machine instance, and wherein a virtual machine threshold, representing a predetermined number of concurrently operating virtual machine instances, varies based on a number of software profiles supported by the electronic device. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory storage medium including software, deployed within and processed by an electronic device including a scheduler, that performs operations comprising:
-
determining software profile information of an operating environment targeted for received content; determining that the electronic device supports a first software profile based on the software profile information; responsive to determining that the electronic device supports the first software profile and a first virtual machine instance operating with the first software profile is currently running, instantiating a second virtual machine instance operating with the first software profile to conduct malware analysis on the received content, the second virtual machine instance being provided access to resources allocated for use by the first virtual machine instance; and instantiating a third virtual machine instance that is based on a software profile that is different than the first software profile, wherein the first software profile is associated with a first version of a particular application and the software profile is associated with a second version of the particular application that is different from the first version of the particular application, the third virtual machine instance being allocated resources that are not shared by the first virtual machine instance and the second virtual machine instance. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
Specification