System, Apparatus and Method for Using Malware Analysis Results to Drive Adaptive Instrumentation of Virtual Machines to Improve Exploit Detection
First Claim
Patent Images
1. A computerized method comprising:
- determining, by a virtual machine being executed by hardware circuitry, an event during malware analysis of an object associated with content under analysis; and
dynamically altering a virtual machine instrumentation of the virtual machine by the hardware circuitry based on information associated with the event.
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, an electronic device comprises a memory to store information and a processor. The processor is adapted to receive information associated with content such as network traffic, to process the stored information and to conduct operations on the content. These operations may comprise determining, by a virtual machine processed by the processor, an occurrence of an event during malware analysis of an object associated with the content, and dynamically altering a virtual machine instrumentation of the virtual machine based on information associated with the event.
303 Citations
24 Claims
-
1. A computerized method comprising:
-
determining, by a virtual machine being executed by hardware circuitry, an event during malware analysis of an object associated with content under analysis; and dynamically altering a virtual machine instrumentation of the virtual machine by the hardware circuitry based on information associated with the event. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An electronic device comprising:
-
a memory to store information; a processor adapted to receive information associated with network traffic, the processor to process the stored information and conduct operations on the network traffic, the operations comprise (i) determining, by a virtual machine processed by the processor, an occurrence of an event during malware analysis of an object associated with content under analysis, and (ii) dynamically altering a virtual machine instrumentation of the virtual machine based on information associated with the event. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification