SYSTEM, APPARATUS AND METHOD FOR AUTOMATICALLY VERIFYING EXPLOITS WITHIN SUSPECT OBJECTS AND HIGHLIGHTING THE DISPLAY INFORMATION ASSOCIATED WITH THE VERIFIED EXPLOITS
First Claim
1. A threat detection system, comprising:
- an intrusion protection system (IPS) logic configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects;
a virtual execution logic configured to automatically verify whether any of the suspicious objects is an exploit, the virtual execution logic including at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits.
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a threat detection system is integrated with intrusion protection system (IPS) logic and virtual execution logic. The IPS logic is configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects. The second plurality of objects is a subset of the first plurality of objects and is lesser or equal in number to the first plurality of objects. The virtual execution logic is configured to automatically verify whether any of the suspicious objects is an exploit. The virtual execution logic comprises at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits.
240 Citations
25 Claims
-
1. A threat detection system, comprising:
-
an intrusion protection system (IPS) logic configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects; a virtual execution logic configured to automatically verify whether any of the suspicious objects is an exploit, the virtual execution logic including at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An electronic device comprising:
-
a processor; and a memory coupled to the processor, the memory including (1) an intrusion protection system (IPS) logic to detect characteristics of a plurality of objects being indicative of an exploit, the plurality of objects include at least a first object and a second object, and (2) one or more virtual machines configured to virtually process content within the first object and monitor for anomalous behaviors during the virtual processing that are indicative of exploits so as to automatically verify whether the first object is an exploit. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A computerized method comprising:
-
receiving a first plurality of objects by intrusion protection system (IPS) logic; filtering the first plurality of objects by the IPS logic to identify a second plurality of objects as suspicious objects, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects; automatically verify, by a virtual execution logic, that a first subset of suspicious objects from the second plurality of objects are exploits, the virtual execution logic including at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits; and generating a display that prioritizes information associated with exploits uncovered based on virtual processing of the first subset of suspicious objects. - View Dependent Claims (24, 25)
-
Specification