Systems and Methods for Detecting Malicious Network Content
First Claim
Patent Images
1. A method for detecting malicious network content, comprising:
- inspecting one or more packets of network content;
identifying a suspicious characteristic of the network content;
determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic;
identifying the network content as suspicious if the score satisfies a threshold value;
executing a virtual machine to process the suspicious network content; and
analyzing a response of the virtual machine to detect malicious network content.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content.
-
Citations
26 Claims
-
1. A method for detecting malicious network content, comprising:
-
inspecting one or more packets of network content; identifying a suspicious characteristic of the network content; determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic; identifying the network content as suspicious if the score satisfies a threshold value; executing a virtual machine to process the suspicious network content; and analyzing a response of the virtual machine to detect malicious network content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for detecting malicious network content, comprising:
-
a computing processor; a data access component configured to intercept one or more packets of network content from a network; and logic configured to control the computing processor to perform a method comprising inspecting the one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the probability score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
-
26. A computer readable storage medium having stored thereon instructions executable by a processor for performing a method, the method comprising:
-
inspecting one or more packets of network content; identifying a suspicious characteristic of the network content; determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic; identifying the network content as suspicious if the score satisfies a threshold value; executing a virtual machine to process the suspicious network content; and analyzing a response of the virtual machine to detect malicious network content.
-
Specification