Systems and methods for malware attack prevention
First Claim
Patent Images
1. A malware attack prevention method comprising:
- copying a first network data from a communication network;
configuring a replayer to dynamically modify one or more session variables and simulate behavior of a device responsible for transmission of the first network data on the communication network, the replayer to transmit modified first network data including at least a portion of the copied first network data and the one or more session variables to a virtual machine;
before determining whether the at least the portion of the copied first network data is indicative of a malware attack, transmitting the modified first network data to the virtual machine, the virtual machine being configured to receive the modified first network data and provide a response thereto;
analyzing the response by the virtual machine to the modified first network data to determine whether at least the portion of the copied first network data is indicative of a malware attack; and
intercepting a second network data based on determining that at least the portion of the copied first network data is indicative of a malware attack.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for malware attack prevention are provided. Network data is copied from a communication network. It is then determined if a possible malware attack is within the copied network data. The network data is intercepted based on the determination. The network data is then analyzed to identify a malware attack.
608 Citations
90 Claims
-
1. A malware attack prevention method comprising:
-
copying a first network data from a communication network; configuring a replayer to dynamically modify one or more session variables and simulate behavior of a device responsible for transmission of the first network data on the communication network, the replayer to transmit modified first network data including at least a portion of the copied first network data and the one or more session variables to a virtual machine; before determining whether the at least the portion of the copied first network data is indicative of a malware attack, transmitting the modified first network data to the virtual machine, the virtual machine being configured to receive the modified first network data and provide a response thereto; analyzing the response by the virtual machine to the modified first network data to determine whether at least the portion of the copied first network data is indicative of a malware attack; and intercepting a second network data based on determining that at least the portion of the copied first network data is indicative of a malware attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
9. A malware attack prevention system comprising:
a controller including a digital device that is configured to receive a copy of a first network data from a communication network, the controller comprising; a scheduler to initiate configuration of a virtual machine, the virtual machine configured to, at least in part, correspond in functionality to a destination device targeted to receive the copied first network data; and an analysis environment configured to simulate transmission of the first network data to determine whether at least a portion of the copied first network data is indicative of a malware attack based on monitored behavior of the virtual machine, the analysis environment comprises a replayer configured to dynamically modify one or more session variables and simulate behavior of a device responsible for transmission of the first network data on the communication network, the replayer to further transmit modified first network data including at least the portion of the copied first network data and the one or more modified session variables to a virtual machine, the virtual machine configured to receive the modified first network data before the system determines whether at least the portion of the copied first network data is indicative of a malware attack, the virtual machine being further configured to provide a response to the modified first network data, and an interception module configured to intercept second network data upon determining that at least the portion of the copied first network data is indicative of a malware attack. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
18. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executable by a processor within a first digital device for performing operations for malware prevention comprising:
-
receiving first network data from a communication network; dynamically modifying the first network data by a replayer, the replayer to simulate behavior of a device responsible for transmission of the first network data on the communication network; transmitting the modified first network data to a virtual machine, the virtual machine being configured to receive the modified first network data and provide a response thereto; analyzing the response by the virtual machine to the modified first network data to determine whether the modified first network data is indicative of a malware attack; and intercepting second network data based on determining that the modified first network data is indicative of a malware attack. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executable by a processor for performing operations for malware prevention comprising:
-
receiving network data from a communication network; dynamically modifying the network data by a replayer, the replayer to simulate behavior of a device responsible for transmission of the network data on the communication network; transmitting the modified network data to a virtual machine that is configured to, at least in part, correspond in functionality to a device targeted to receive the network data, the virtual machine being configured to receive the modified network data and provide a response thereto while processing the modified network data; analyzing the response by the virtual machine to the modified network data to determine whether the modified network data is indicative of a malware attack; and intercepting subsequent network data based on determining that the modified network data is indicative of a malware attack. - View Dependent Claims (25, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A computerized method comprising:
-
receiving a first network data from a communication network; configuring a replayer to dynamically modify session variables and simulate behavior of a device responsible for transmission of the first network data on the communication network, the replayer to transmit modified first network data including at least a portion of the first network data and one or more modified session variables to a virtual machine; before determining whether the first network data is indicative of a malware attack, transmitting the modified first network data to the virtual machine, the virtual machine being configured to receive the modified first network data and provide a response based on a processing of the modified first network data within the virtual machine; and analyzing the response by the virtual machine to the modified first network data to determine whether at least the portion of the first network data is indicative of a malware attack. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
-
-
73. A system comprising:
-
a controller including a digital device that is configured to receive first network data from a communication network, the controller comprising; a scheduler to initiate configuration of a virtual machine, the virtual machine being configured, at least in part, to correspond in functionality to a destination device targeted to receive the first network data; and an analysis environment configured to simulate transmission of the first network data to determine whether the first network data is indicative of a malware attack based on monitored behavior of the virtual machine, the analysis environment comprises a replayer configured to dynamically modify one or more session variables and simulate behavior of a device responsible for transmission of the first network data on the communication network, the replayer to further transmit modified first network data including at least a portion of the first network data and the one or more modified session variables to a virtual machine, and the virtual machine configured to receive the modified first network data before the system determines whether at least the portion of the first network data is indicative of a malware attack, the virtual machine being further configured to provide a response to the modified first network data while being processed in the virtual machine. - View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90)
-
Specification