Systems and Methods for Detecting Malicious PDF Network Content
First Claim
1. A method for detecting malicious portable document format (PDF) network content, comprising:
- examining at least a portion of received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the at least a portion of PDF network content; and
wherein if the at least a portion of PDF network content is determined to include one or more suspicious characteristics indicative of malicious network content, providing the at least a portion of PDF network content to one or more virtual machines to verify the inclusion of malicious network content in the at least a portion of PDF network content.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting malicious PDF network content are provided herein. According to some embodiments, the methods may include at least the steps of examining received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the PDF network content, providing PDF network content determined to include at least one suspicious characteristic to one or more virtual machines, and analyzing responses received from the one or more virtual machines to verify the inclusion of malicious network content in the PDF network content determined to include at least one suspicious characteristic.
-
Citations
30 Claims
-
1. A method for detecting malicious portable document format (PDF) network content, comprising:
-
examining at least a portion of received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the at least a portion of PDF network content; and wherein if the at least a portion of PDF network content is determined to include one or more suspicious characteristics indicative of malicious network content, providing the at least a portion of PDF network content to one or more virtual machines to verify the inclusion of malicious network content in the at least a portion of PDF network content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for detecting malicious portable document format (PDF) network content, comprising:
-
a computing processor; a data access component configured to intercept PDF network content from a network; and logic configured to control the computing processor to perform a method for detecting malicious portable document format (PDF) network content including; examining at least a portion of intercepted PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the at least a portion of PDF network content; and wherein if the at least a portion of PDF network content is determined to include one or more suspicious characteristics indicative of malicious network content, providing the at least a portion of PDF network content to one or more virtual machines to verify the inclusion of malicious network content in the PDF network content. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to perform a method for detecting malicious portable document format (PDF) network content that includes:
-
examining at least a portion of received PDF network content to determine if one or more suspicious characteristics indicative of malicious network content are included in the at least a portion of PDF network content; and wherein if the at least a portion of PDF network content is determined to include one or more suspicious characteristics indicative of malicious network content, providing the at least a portion of PDF network content to one or more virtual machines to verify the inclusion of malicious network content in the PDF network content.
-
Specification