Techniques for securely performing reputation based analysis using virtualization
First Claim
Patent Images
1. A computer implemented method for performing reputation based analysis comprising:
- detecting a specified activity associated with a virtual client, wherein the activity includes at least one of;
spawning a process, analysis of a file, and file system activity, wherein detecting a specified activity comprises utilizing a network proxy of a virtualization platform to monitor one or more activities of a virtual client of the virtualization platform;
determining, using at least one computer processor, a reputation associated with the specified activity; and
performing an action associated with the determined reputation, wherein performing an action associated with the determined reputation comprises;
determining a score based on the determined reputation;
identifying a location of the determined score in at least one range; and
performing an action associated with the at least one range.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for securely performing reputation based analysis using virtualization are disclosed. In one particular exemplary embodiment, the techniques may be realized as a computer implemented method for performing reputation based analysis comprising detecting a specified activity associated with a virtual client, determining a reputation associated with the specified activity, and performing an action associated with the determined reputation.
103 Citations
18 Claims
-
1. A computer implemented method for performing reputation based analysis comprising:
-
detecting a specified activity associated with a virtual client, wherein the activity includes at least one of;
spawning a process, analysis of a file, and file system activity, wherein detecting a specified activity comprises utilizing a network proxy of a virtualization platform to monitor one or more activities of a virtual client of the virtualization platform;determining, using at least one computer processor, a reputation associated with the specified activity; and performing an action associated with the determined reputation, wherein performing an action associated with the determined reputation comprises; determining a score based on the determined reputation; identifying a location of the determined score in at least one range; and performing an action associated with the at least one range. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An article of manufacture for performing reputation based analysis, the article of manufacture comprising:
-
at least one non-transitory processor readable storage medium; and instructions carried on the at least one medium; wherein the instructions are configured to be readable from the at least one medium by at least one processor and thereby cause the at least one processor to operate so as to; detect a specified activity associated with a virtual client, wherein the activity includes at least one of;
spawning a process, analysis of a file, and file system activity, wherein detecting a specified activity comprises utilizing a network proxy of a virtualization platform to monitor one or more activities of a virtual client of the virtualization platform;determine a reputation associated with the specified activity; and perform an action associated with the determined reputation, wherein performing an action associated with the determined reputation comprises; determining a score based on the determined reputation; identifying a location of the determined score in at least one range; and performing an action associated with the at least one range.
-
-
14. A system providing reputation based analysis comprising:
one or more processors configured to; detect a specified activity associated with a virtual client, wherein the activity includes at least one of;
spawning a process, analysis of a file, and file system activity, wherein the one or more processors are configured to detect the specified activity by utilizing a network proxy of a virtualization platform to monitor one or more activities of a virtual client of the virtualization platform;determine a reputation associated with the specified activity; and perform an action associated with the determined reputation, wherein performing an action associated with the determined reputation comprises; determining a score based on the determined reputation; identifying a location of the determined score in at least one range; and performing an action associated with the at least one range. - View Dependent Claims (15, 16, 17, 18)
Specification