User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications
First Claim
Patent Images
1. A method for detecting anomalous behavior by an application software under test that suggest a presence of malware, comprising:
- conducting an analysis of operations of the application software for detecting an occurrence of one or more events;
generating a video of a display output produced by the operations of the application software; and
generating, for display on the electronic device contemporaneously with the video, a textual log including information associated with the one or more events,wherein display of the textual log is synchronized with display of successive display images of the video and illustrates the one or more events being monitored during the analysis of the operations of the application software and during display of the successive display images of the video.
5 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a method comprises conducting an analysis for anomalous behavior on application software and generating a video of a display output produced by the application software. The video is to be displayed on an electronic device contemporaneously with display of one or more events detected by the analysis being performed on the application software.
554 Citations
45 Claims
-
1. A method for detecting anomalous behavior by an application software under test that suggest a presence of malware, comprising:
-
conducting an analysis of operations of the application software for detecting an occurrence of one or more events; generating a video of a display output produced by the operations of the application software; and generating, for display on the electronic device contemporaneously with the video, a textual log including information associated with the one or more events, wherein display of the textual log is synchronized with display of successive display images of the video and illustrates the one or more events being monitored during the analysis of the operations of the application software and during display of the successive display images of the video. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting anomalous behavior by an application software under test that suggest a presence of malware, comprising:
-
conducting an analysis of operations of the application software for detecting an occurrence of one or more events, wherein each event corresponds to a test behavior; generating a video of a display output produced by the operations of the application software, the video comprises a plurality of display images having a sequence corresponding to an execution flow of the operations of the application software and being generated for display on an electronic device contemporaneously with display of the one or more events detected by the analysis; and generating, for display on the electronic device contemporaneously with the video, a textual log including a sequence of display objects, wherein each display object of the sequence of display objects represents a corresponding test behavior being analyzed to determine if the test behavior constitutes an anomalous behavior and the displayed sequence of display objects corresponds to the execution flow of the operations of the application software. - View Dependent Claims (14)
-
-
15. A method for detecting anomalous behavior by an application software under test that suggest a presence of malware, comprising:
-
conducting an analysis of operations of the application software for detecting an occurrence of one or more events; generating a video of a display output produced by the operations of the application software; and generating, for display on the electronic device contemporaneously with the video, a textual log that provides information as to when each event of the one or more events occurs within an execution flow of the operations of the application software, and, responsive to user input with respect to a select entry in the textual log, controlling the video so as to depict one or more display images for the video that corresponds to the select entry in the textual log. - View Dependent Claims (16, 17)
-
-
18. A method for detecting anomalous behavior by an application software under test that suggests a presence of malware, comprising:
-
conducting an analysis of operations of the application software for detecting an occurrence of one or more behaviors, wherein the analysis comprises (i) providing a displayed listing of a plurality of behaviors to be monitored, (ii) altering, in response to user interaction, an order of the plurality of behaviors within the listing, (iii) defining the order of processing of the plurality of behaviors during the analysis based at least in part on the order of the plurality of behaviors as displayed, and (iv) determining whether at least one of the plurality of behaviors is detected during analysis of the operations of the application software performed on the one or more virtual machines; and generating a video of a display output produced by the operations of the application software, the video being generated for display on an electronic device contemporaneously with display of the one or more events detected by the analysis. - View Dependent Claims (19)
-
-
20. A method for detecting anomalous behavior by an application software under test that suggests a presence of malware, comprising:
-
conducting an analysis of the application software for detecting an occurrence of one or more events during operations of the application software, wherein the conducting of the analysis for the occurrence of the one or more events comprises (i) performing operations of the application software on one or more virtual machines, and (ii) determining whether at least one of the one or more events is detected during analysis of the operations of the application software performed on the one or more virtual machines; generating a video of a display output produced by the operations of the application software; and generating, for display on the electronic device contemporaneously with the video, a textual log including a sequence of display objects, each display object corresponding to a particular event of the one or more events, wherein the video being indexed for play back, where playback of the video is controlled through user interaction starting at a segment of the video associated with an event of the one or more events selected by the user. - View Dependent Claims (21)
-
-
22. An apparatus for detecting anomalous behavior by an application software under test that suggests a presence of malware, the apparatus comprising:
-
a processor; and a first logic communicatively coupled to the processor, the first logic to (i) conduct an analysis of operations of the application software for an occurrence of one or more events, (ii) generate a video of a display output produced by the operations of the application software, and (iii) generate, for display contemporaneously with the video, a textual log synchronized with display of successive display images of the video to illustrate the one or more events being monitored during the analysis of the operations of the application software. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 43)
-
-
33. An apparatus for detecting anomalous behavior by an application software under test that suggests a presence of malware, the apparatus comprising:
-
a processor; and a first logic communicatively coupled to the processor, the first logic to (i) conduct an analysis of operations of the application software for an occurrence of one or more events, (ii) generate a video of a display output produced by the operations of the application software, (iii) generate, for display contemporaneously with the video, a textual log including information associated with the one or more events, the textual log provides information as to when each event of the one or more events occurs within an execution flow of the operations of the application software, and provides, during playback of the video, reciprocal graphic interaction between the displayed video and the displayed textual log responsive to user input. - View Dependent Claims (34)
-
-
35. A non-transitory storage medium to contain software that is configured to detect anomalous behavior that suggests a presence of malware within application software under analysis by performing, when executed by a processor, a plurality of operations, comprising:
-
conducting an analysis of operations of the application software for an occurrence of one or more events; and generating a video of a display output produced by the operations of the application software; and generating, for display on the electronic device contemporaneously with the video, a textual log including a sequence of display objects, each display object corresponding to a particular event of the one or more events, wherein the video being indexed for play back, where playback of the video is controlled through user interaction starting at a segment of the video associated with a behavior of the one or more behaviors selected by the user. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42)
-
-
44. A non-transitory storage medium to contain software that, when executed by a processor, performs one or more operations, comprising:
-
conducting an analysis of operations of the application software for an occurrence of one or more events; generating a video of a display output produced by the operations of the application software; generating, for display contemporaneously with the video, a textual log that provides information as to when each event of the one or more events occurs within an execution flow of the operations of the application software; and providing, during playback of the video, reciprocal graphic interaction between the displayed video and the displayed textual log responsive to user input. - View Dependent Claims (45)
-
Specification