System and method for offloading packet processing and static analysis operations
First Claim
1. A system, comprising:
- analysis circuitry including a first processing unit and a first memory communicatively coupled to the first processing unit, the first memory including a filtering logic configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as objects of interest, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects; and
detection circuitry communicatively coupled to and remotely located from the analysis circuitry, the detection circuitry includes (i) a second processing unit being different from the first processing unit and (ii) a second memory communicatively coupled to the second processing unit, the second memory including a virtual execution logic to process content within at least a first object of the second plurality of objects, the virtual execution logic being further configured to monitor for behaviors, during the processing of the first object, and determine whether any of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack.
7 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a system features analysis circuitry and detection circuitry. The analysis circuitry features a first processing unit and a first memory that includes a filtering logic configured to produce a second plurality of objects from a received first plurality of objects. The second plurality of objects is a subset of the first plurality of objects. The detection circuitry is communicatively coupled to and remotely located from the analysis circuitry. The detection circuitry includes a second processing unit and a second memory. The second memory includes a virtual execution logic to process content within at least a first object of the second plurality of objects. The virtual execution logic is configured to monitor for behaviors, during the processing of the first object, and determine whether any or all of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack.
-
Citations
22 Claims
-
1. A system, comprising:
-
analysis circuitry including a first processing unit and a first memory communicatively coupled to the first processing unit, the first memory including a filtering logic configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as objects of interest, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects; and detection circuitry communicatively coupled to and remotely located from the analysis circuitry, the detection circuitry includes (i) a second processing unit being different from the first processing unit and (ii) a second memory communicatively coupled to the second processing unit, the second memory including a virtual execution logic to process content within at least a first object of the second plurality of objects, the virtual execution logic being further configured to monitor for behaviors, during the processing of the first object, and determine whether any of the monitored behaviors correspond to activities indicative that the first object is associated with a malicious attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
analysis circuitry including a first processing unit and a first memory communicatively couple to the first processing unit, the first memory including a static analysis logic that, when executed by the first processing unit, determines whether at least the first object of a plurality of objects includes one or more characteristics associated with a malicious attack; and detection circuitry communicatively coupled to and remotely located from the analysis circuitry, the detection circuitry includes a second processing unit being different from the first processing unit and a second memory communicatively coupled to the second processing unit, the second memory including a virtual execution logic that, when executed by the second processing unit, processes at least the first object of the plurality of objects and monitors for behaviors during the processing of the first object that suggests the first object is associated with a malicious attack. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computerized method comprising:
-
receiving network traffic by analysis circuitry that extracts one or more objects from the network traffic; performing an analysis, by the analysis circuitry, on each of the one or more objects to determine whether at least a first object of the one or more objects has characteristics associated with a malicious attack; transmitting information associated with the object to detection circuitry remotely located from the analysis circuitry via a transmission medium; and subsequent to the transmitting of the information associated with the object to the detection circuitry, performing a virtual analysis of the information associated with the object by the detection circuitry, the virtual analysis includes monitoring for behaviors during execution of the object that identify the object is associated with a malicious attack, the virtual analysis being conducted by the detection circuitry being separate from the analysis circuitry. - View Dependent Claims (21, 22)
-
Specification