SYSTEMS AND METHODS FOR DYNAMIC CLOUD-BASED MALWARE BEHAVIOR ANALYSIS
First Claim
1. A cloud-based method, comprising:
- receiving known malware signatures at one or more nodes in a cloud-based system;
monitoring one or more users inline through the one or more nodes in the cloud-based system for regular traffic processing comprising malware detection and preclusion;
determining unknown content from a user of the one or more users is suspicious of being malware;
sending the unknown content to a behavioral analysis system for an offline analysis; and
receiving updated known malware signatures based on the offline analysis.
2 Assignments
0 Petitions
Accused Products
Abstract
A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content.
-
Citations
19 Claims
-
1. A cloud-based method, comprising:
-
receiving known malware signatures at one or more nodes in a cloud-based system; monitoring one or more users inline through the one or more nodes in the cloud-based system for regular traffic processing comprising malware detection and preclusion; determining unknown content from a user of the one or more users is suspicious of being malware; sending the unknown content to a behavioral analysis system for an offline analysis; and receiving updated known malware signatures based on the offline analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A behavioral analysis system for detecting malware from a cloud-based system, comprising:
-
a network interface; a data store; a processor communicatively coupled to the network interface and the data store; memory storing instructions that, when executed, cause the processor to; receive new content from the cloud-based system via the network interface for an offline analysis thereof; store the new content and track activity on the new content in the data store; perform the offline analysis comprising a static analysis and a dynamic analysis; determine whether the new content is malware based on the offline analysis; and update the cloud-based system regarding the offline analysis and whether the new content is malware. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A cloud-based security system, comprising:
-
a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; and wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content. - View Dependent Claims (17, 18, 19)
-
Specification