SYSTEMS AND METHODS FOR MALWARE ANALYSIS OF NETWORK TRAFFIC
First Claim
1. A non-transitory machine-readable storage device including instructions stored thereon that, when executed by processing circuitry of a machine, configure the processing circuitry to perform operations comprising:
- copying application layer data traffic to create copied application layer data traffic;
forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic;
determining whether the copied application layer data traffic includes a specified property; and
in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic.
8 Assignments
0 Petitions
Accused Products
Abstract
Generally discussed herein are systems, devices, and methods for malware analysis. In one or more embodiments, a method can include copying application layer data traffic to create copied application layer data traffic, forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic, determining whether the copied application layer data traffic includes a specified property, and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic.
-
Citations
20 Claims
-
1. A non-transitory machine-readable storage device including instructions stored thereon that, when executed by processing circuitry of a machine, configure the processing circuitry to perform operations comprising:
-
copying application layer data traffic to create copied application layer data traffic; forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic; determining whether the copied application layer data traffic includes a specified property; and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for malware analysis performed by one or more hardware processors, the method comprising:
-
copying application layer data traffic to create copied application layer data traffic; forwarding at least a portion of the application layer data traffic to a destination client prior to a malware analysis of corresponding copied application layer data traffic; determining whether the copied application layer data traffic includes a specified property; and in response to a determination that the copied application layer data traffic includes the specified property, storing the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a first hardware module communicatively situated between an originating client and a destination client, the first hardware module to; copy the application layer data traffic to create copied application layer data traffic; forward at least a portion of the application layer data traffic to the destination client prior to a malware analysis of corresponding copied application layer data traffic; determine whether the copied application layer data traffic includes a specified property; and in response to a determination that the copied application layer data traffic includes the specified property, store the copied application layer data traffic determined to include the specified property for subsequent malware analysis, the stored copied application layer data traffic including context data of the copied application layer data traffic; and a second hardware module to perform a malware analysis on the stored copied application layer data traffic. - View Dependent Claims (19, 20)
-
Specification