Susceptible environment detection system
First Claim
1. A computerized method, comprising:
- analyzing a plurality of information sources to determine context information with respect to an object, wherein at least a first information source of the plurality of information sources comprises configuration information determined from a client device;
generating one or more software profiles based on the context information, the one or more software profiles being used to provision one or more virtual machines of a dynamic analysis logic system;
generating one or more work orders corresponding to the one or more software profiles;
assigning a priority order to the one or more work orders;
scheduling each of the one or more virtual machines to conduct, in accordance with the assigned priority order, a dynamic analysis of the object;
performing the one or more dynamic analyses of the object by the one or more virtual machines that produce results, each result from a dynamic analysis of the one or more dynamic analyses identifies a susceptible software environment including a susceptible software profile and one or more anomalous behaviors of the object during processing;
classifying the object as malware based, at least part, on the results of the one or more dynamic analyses; and
generating an alert comprising details determined at least in part from the results of the one or more dynamic analyses.
5 Assignments
0 Petitions
Accused Products
Abstract
A computerized technique wherein a received object is analyzed using a plurality of information sources to determine context information, wherein one information source comprises configuration information determined from a client device. One or more software profiles are generated based on the context information in order to provision one or more virtual machines of a dynamic analysis logic system. One or more work orders are generated based on the one or more software profiles. A priority order is assigned to the one or more software profiles. A dynamic analysis is scheduled based on the work orders and the assigned priority order to determine one or more susceptible software environments, and an alert is generated comprising information to update one or more susceptible environments in real time.
727 Citations
20 Claims
-
1. A computerized method, comprising:
-
analyzing a plurality of information sources to determine context information with respect to an object, wherein at least a first information source of the plurality of information sources comprises configuration information determined from a client device; generating one or more software profiles based on the context information, the one or more software profiles being used to provision one or more virtual machines of a dynamic analysis logic system; generating one or more work orders corresponding to the one or more software profiles; assigning a priority order to the one or more work orders; scheduling each of the one or more virtual machines to conduct, in accordance with the assigned priority order, a dynamic analysis of the object; performing the one or more dynamic analyses of the object by the one or more virtual machines that produce results, each result from a dynamic analysis of the one or more dynamic analyses identifies a susceptible software environment including a susceptible software profile and one or more anomalous behaviors of the object during processing; classifying the object as malware based, at least part, on the results of the one or more dynamic analyses; and generating an alert comprising details determined at least in part from the results of the one or more dynamic analyses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system configured to analyze an object, comprising:
-
one or more processors; a memory communicatively coupled to the one or more processors, the memory to store logic that, when executed by the one or more processors, to generate one or more software profiles based on the context information, the one or more software profiles being used to provision one or more virtual machines of a dynamic analysis logic system; generate one or more work orders corresponding to the one or more software profiles; assign a priority order to the one or more work orders; schedule each of the one or more virtual machines to conduct, in accordance with the assigned priority order, a dynamic analysis of the object; perform the one or more dynamic analyses of the object by the one or more virtual machines that produce results, each result from a dynamic analysis of the one or more dynamic analyses identifies a susceptible software environment including a susceptible software profile and one or more anomalous behaviors of the object during processing; classify the object as malware based, at least part, on the results of the one or more dynamic analyses; and generate an alert comprising details determined at least in part from the results of the one or more dynamic analyses. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification