×

Selective system call monitoring

  • US 9,690,606 B1
  • Filed: 03/25/2015
  • Issued: 06/27/2017
  • Est. Priority Date: 03/25/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method performed by a network appliance, comprising:

  • determining, by the network appliance including one or more hardware processors, whether a detected system call, which is generated by a process that is executing an object within a virtual machine, belongs to a first class of system calls by at leasthalting operations by the virtual machine in response to the detected system call,determining that there exists a prescribed level of likelihood that the process is associated with a malicious attack that identifies the process is suspicious,responsive to determining that the process is not suspicious, comparing the identifier for the detected system call to each identifier for a first plurality of system calls that are part of the first class of system calls, and subsequently determining that the process is associated with a malicious attack by determining that the detected system call belongs to the first class of system calls upon successfully comparing the identifier for the detected system call to a first identifier for one of the first class of system calls; and

    providing information associated with the system call to virtualized device hardware in response to determining that the system call is associated with the first class of system calls.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×