Systems, methods, and media protecting a digital data processing device from attack
First Claim
Patent Images
1. A method for protecting a digital data processing device from attack, the method comprising:
- within a virtual environment in at least one hardware processor;
receiving at least one attachment to a first electronic mail;
executing the at least one attachment to the first electronic mail;
determining whether anomalous behavior occurs; and
generating feedback based on the execution of the at least one attachment to the first electronic mail when anomalous behavior is determined to have occurred;
receiving at least one attachment to a second electronic mail; and
based on the feedback and the at least one attachment to the second electronic mail, performing filtering on the second electronic mail.
0 Assignments
0 Petitions
Accused Products
Abstract
In accordance with some embodiments of the disclosed subject matter, systems, methods, and media for protecting a digital data processing device from attack are provided. For example, in some embodiments, a method for protecting a digital data processing device from attack is provided, that includes, within virtual environment: receiving at least one attachment to an electronic mail; and executing the at least one attachment; and based on the execution of the at least one attachment, determining whether anomalous behavior occurs.
-
Citations
57 Claims
-
1. A method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment in at least one hardware processor; receiving at least one attachment to a first electronic mail; executing the at least one attachment to the first electronic mail; determining whether anomalous behavior occurs; and generating feedback based on the execution of the at least one attachment to the first electronic mail when anomalous behavior is determined to have occurred; receiving at least one attachment to a second electronic mail; and based on the feedback and the at least one attachment to the second electronic mail, performing filtering on the second electronic mail. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for protecting a digital data processing device from attack, the system comprising:
at least one hardware processor that; provides a virtual environment that; receives at least one attachment to a first electronic mail; executes the at least one attachment to the first electronic mail; determines whether anomalous behavior occurs; and generates feedback based on the execution of the at least one attachment to the first electronic mail when anomalous behavior is determined to have occurred; receives at least one attachment to a second electronic mail; based on the feedback and the at least one attachment to the second electronic mail, performs filtering on the second electronic mail. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
35. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a computer, cause the computer to perform a method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment; receiving at least one attachment to a first electronic mail; executing the at least one attachment to the first electronic mail; determining whether anomalous behavior occurs; and generating feedback based on the execution of the at least one attachment to the first electronic mail when anomalous behavior is determined to have occurred; and receiving at least one attachment to a second electronic mail; and based on the feedback and the at least one attachment to the second electronic mail, performing filtering on the second electronic mail. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment in at least one hardware processor; receiving a first electronic mail including at least one hyperlink; executing the at least one hyperlink; determining whether anomalous behavior occurs by classifying behavior of the execution of the at least one hyperlink using a model built from at least normal data; and generating feedback based on the execution of the at least one hyperlink when anomalous behavior is determined to have occurred; receiving a second electronic mail including a second hyperlink; and based on the feedback, performing filtering on the second electronic mail.
-
-
53. A system for protecting a digital data processing device from attack, the system comprising:
at least one hardware processor that; provides a virtual environment; receives a first electronic mail including at least one hyperlink; executes the at least one hyperlink; determines whether anomalous behavior occurs by classifying behavior of the execution of the at least one hyperlink using a model built from at least normal data; and generates feedback based on the execution of the at least one hyperlink when anomalous behavior is determined to have occurred; receives a second electronic mail including a second hyperlink; and based on the feedback, performs filtering on the second electronic mail.
-
54. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a computer, cause the computer to perform a method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment; receiving a first electronic mail including at least one hyperlink; executing the at least one hyperlink; determining whether anomalous behavior occurs by classifying behavior of the execution of the at least one hyperlink using a model built from at least normal data; and generating feedback based on the execution of the at least one hyperlink when anomalous behavior is determined to have occurred; receiving a second electronic mail including a second hyperlink; and based on the feedback, performing filtering on the second electronic mail.
-
-
55. A method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment in at least one hardware processor; receiving a first electronic mail with a first payload; executing the first payload; determining whether anomalous behavior occurs; and generating feedback based on the execution of the first payload when anomalous behavior is determined to have occurred; receiving a second electronic mail with a second payload; determining that the second payload is identical to the first payload; and based on the feedback and in response to the determination that the second payload is identical to the first payload, filtering the second electronic mail.
-
-
56. A system for protecting a digital data processing device from attack, the system comprising:
at least one hardware processor that; provides a virtual environment; receives a first electronic mail with a first payload; executes the first payload; determines whether anomalous behavior occurs; and generates feedback based on the execution of the first payload when anomalous behavior is determined to have occurred; and receives a second electronic mail with a second payload; determines that the second payload is identical to the first payload; and based on the feedback and in response to the determination that the second payload is identical to the first payload, filters the second electronic mail.
-
57. A non-transitory computer-readable medium containing computer-executable instructions that, when executed by a computer, cause the computer to perform a method for protecting a digital data processing device from attack, the method comprising:
-
within a virtual environment; receiving a first electronic mail with a first payload; executing the first payload; determining whether anomalous behavior occurs; and generating feedback based on the execution of the first payload when anomalous behavior is determined to have occurred; and receiving a second electronic mail with a second payload; determining that the second payload is identical to the first payload; and based on the feedback and in response to the determination that the second payload is identical to the first payload, filtering the second electronic mail.
-
Specification