System, Apparatus And Method For Using Malware Analysis Results To Drive Adaptive Instrumentation Of Virtual Machines To Improve Exploit Detection
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a computerized method operates by configuring a virtual machine operating within an electronic device with a first instrumentation for processing of a suspicious object. In response to detecting a type of event during processing of the suspicious object within the virtual machine, the virtual machine is automatically reconfigured with a second instrumentation that is different from the first instrumentation in efforts to achieve reduced configuration time and/or increased effectiveness in exploit detection.
131 Citations
52 Claims
-
1-26. -26. (canceled)
-
27. A computerized method comprising:
-
configuring a virtual machine operating within an electronic device with a first instrumentation for processing of a suspicious object; and in response to detecting a type of event during processing of the suspicious object within the virtual machine, automatically reconfiguring the virtual machine with a second instrumentation different than the first instrumentation. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A system for detecting malware, comprising:
-
a processor; and a persistent storage communicatively coupled to the processor, the persistent storage comprises a virtual machine operating in accordance with a first instrumentation for processing of a suspicious object, and instrumentation control logic executed by the processor, the instrumentation control logic to automatically reconfigure the virtual machine with a second instrumentation different than the first instrumentation in response to detecting a type of event during processing of the suspicious object within the virtual machine. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification