专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US11637857B1 System and method for detecting malicious traffic using a virtual machine configured with a select software environment 有权
公开(公告)号：US11637857B1
公开(公告)日：2023-04-25
申请号：US16791933
申请日：2020-02-14
申请人： FireEye, Inc.
发明人： Ashar Aziz
IPC分类号： G06F21/00 , H04L9/40 , G06F9/455
摘要： A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.

2. 发明授权

US11381578B1 Network-based binary file extraction and analysis for malware detection 有权
公开(公告)号：US11381578B1
公开(公告)日：2022-07-05
申请号：US14481801
申请日：2014-09-09
申请人： FireEye, Inc.
发明人： Jayaraman Manni , Ashar Aziz , Fengmin Gong , Upendran Loganathan , Muhammad Amin
IPC分类号： H04L29/06 , G06N20/00 , H04L9/40
摘要： A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

3. 发明授权

US09954890B1 Systems and methods for analyzing PDF documents 有权
公开(公告)号：US09954890B1
公开(公告)日：2018-04-24
申请号：US15256367
申请日：2016-09-02
申请人： FireEye, Inc.
发明人： Stuart Gresley Staniford , Ashar Aziz
IPC分类号： H04L29/06 , G06F21/56
CPC分类号： H04L63/145 , G06F21/562 , G06F21/566 , G06F2221/033 , H04L63/1408 , H04L63/1416 , H04L63/1491 , H04L2463/144
摘要： A system and method for detecting malicious activity within a Portable Document Format (PDF) document. The system includes a parser and one or more virtual machines. The parser that, when executed by a hardware processor, examines one or more portions of the PDF document to determine if one or more suspicious characteristics indicative of malicious network content are included in the one or more examined portions of the PDF document. The examined portion(s) in total are less than an entirety of the PDF document. The virtual machine(s) are adapted to receive the PDF document in response to the one or more examined portions of the PDF document being determined to include one or more suspicious characteristics indicative of malicious network content. The virtual machine(s) to process at least the one or more examined portions of the PDF document so as to determine whether the PDF document includes malicious network content.

4. 发明授权

US09946568B1 Micro-virtualization architecture for threat-aware module deployment in a node of a network environment 有权
公开(公告)号：US09946568B1
公开(公告)日：2018-04-17
申请号：US15009664
申请日：2016-01-28
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： G06F9/455 , G06F9/50
CPC分类号： G06F21/552 , G06F9/45533 , G06F9/45558 , G06F9/5027 , G06F21/53 , G06F21/629 , G06F2009/45587
摘要： A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

5. 发明授权

US09838411B1 Subscriber based protection system 有权
公开(公告)号：US09838411B1
公开(公告)日：2017-12-05
申请号：US15369714
申请日：2016-12-05
申请人： FireEye, Inc.
发明人： Ashar Aziz
IPC分类号： H04L29/06 , G06F9/455 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/1425 , G06F9/45537 , G06F9/45558 , G06F21/53 , G06F21/55 , G06F21/554 , G06F21/56 , G06F21/566 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/034 , H04L63/0227 , H04L63/10 , H04L63/101 , H04L63/1408 , H04L63/1416 , H04L63/1433 , H04L63/145 , H04L63/1491 , H04L63/20
摘要： A system features one or more network devices communicatively coupled to a management system. Configured to receive a portion of the network traffic, a first network device features one or more virtual machines that, based on a subscribed protection level, (i) perform network activities in response to a processing of the received portion of the analyzed network traffic, (ii) monitor behaviors of the one or more virtual machines during processing of the portion of the analyzed network traffic, (iii) determine whether the behaviors are anomalous, and (iv) generate an identifier for the portion of the analyzed network traffic associated with monitored behaviors being anomalous. The management system controls a setting of the protection level for the first network device to alter a frequency of receipt of identifiers associated with analyzed network traffic from a second network device of the one or more network devices different from the first network device.

6. 发明授权

US09792196B1 Framework for efficient security coverage of mobile software applications 有权
公开(公告)号：US09792196B1
公开(公告)日：2017-10-17
申请号：US14930385
申请日：2015-11-02
申请人： FIREEYE, INC.
发明人： Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prshanth Mohan , Hui Xue
IPC分类号： G06F21/00 , G06F11/36 , G06N99/00 , G06F21/54 , G06F21/57 , G06F21/56 , G06F21/53 , H04L29/06
CPC分类号： G06F11/3604 , G06F11/28 , G06F11/36 , G06F11/3612 , G06F11/362 , G06F11/3664 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , G06N5/04 , G06N99/005 , H04L63/12 , H04L63/1433
摘要： A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.

7. 发明授权

US09740857B2 Threat-aware microvisor 有权
公开(公告)号：US09740857B2
公开(公告)日：2017-08-22
申请号：US14229533
申请日：2014-03-28
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： G06F21/00 , G06F21/55 , G06F9/455 , G06F21/62 , G06F21/53
CPC分类号： G06F21/552 , G06F9/45533 , G06F9/45558 , G06F9/5027 , G06F21/53 , G06F21/629 , G06F2009/45587
摘要： A threat-aware microvisor is configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing on a node of a network environment. The microvisor may be embodied as a module disposed or layered beneath (underlying) an operating system kernel executing on the node to thereby control privileges (i.e., access permissions) to kernel resources, such as one or more central processing units (CPUs), network interfaces, memory, and/or devices, of the node. Illustratively, the microvisor may be configured to control access to one or more of the resources in response to a request by an operating system process to access the resource.

8. 发明申请

US20160301703A1 SYSTEMS AND METHODS FOR COMPUTER WORM DEFENSE 有权
标题翻译：计算机防御系统与方法
公开(公告)号：US20160301703A1
公开(公告)日：2016-10-13
申请号：US15090563
申请日：2016-04-04
申请人： FireEye, Inc.
发明人： Ashar Aziz
IPC分类号： H04L29/06 , G06F21/53 , G06F9/455
CPC分类号： H04L63/1425 , G06F9/45537 , G06F9/45558 , G06F21/53 , G06F21/55 , G06F21/554 , G06F21/56 , G06F21/566 , G06F2009/45587 , G06F2009/45591 , G06F2009/45595 , G06F2221/034 , H04L63/0227 , H04L63/10 , H04L63/101 , H04L63/1408 , H04L63/1416 , H04L63/1433 , H04L63/145 , H04L63/1491 , H04L63/20
摘要： A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. In various embodiments, the computer worm may be transported from a production network, where the computer worm is not readily identifiable, to an alternate network in the worm sensor where the computer worm may be readily identifiable. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.
摘要翻译：计算机蠕虫防御系统包括由管理系统捆绑在一起的多个遏制系统。每个收容系统部署在单独的通信网络上，并包含蠕虫传感器和阻塞系统。在各种实施例中，计算机蠕虫可以从计算机蠕虫不易识别的生产网络传输到蠕虫传感器中的可替代网络，其中计算机蠕虫可以容易地被识别。由一个遏制系统的蠕虫传感器产生的计算机蠕虫标识符不仅可以被提供给相同遏制系统的阻塞系统，而且还可以由管理系统分配给其他遏制系统的阻塞系统。

9. 发明授权

US09430646B1 Distributed systems and methods for automatically detecting unknown bots and botnets 有权
标题翻译：用于自动检测未知机器人和僵尸网络的分布式系统和方法
公开(公告)号：US09430646B1
公开(公告)日：2016-08-30
申请号：US13830573
申请日：2013-03-14
申请人： FireEye, Inc.
发明人： Atif Mushtaq , Todd Rosenberry , Ashar Aziz , Ali Islam
IPC分类号： G06F11/00 , G06F21/56 , G06F21/57
CPC分类号： G06F21/554 , G06F21/566 , G06F21/567 , G06F21/57 , H04L63/1416 , H04L63/145
摘要： Techniques may automatically detect bots or botnets running in a computer or other digital device by detecting command and control communications, called “call-backs,” from malicious code that has previously gained entry into the digital device. Callbacks are detected using a distributed approach employing one or more local analyzers and a central analyzer. The local analyzers capture packets of outbound communications, generate header signatures, and analyze the captured packets using various techniques. The techniques may include packet header signature matching against verified callback signatures, deep packet inspection. The central analyzer receives the header signatures and related header information from the local analyzers, may perform further analysis (for example, on-line host reputation analysis); determines using a heuristics analysis whether the signatures correspond to callbacks; and generally coordinates among the local analyzers.
摘要翻译：技术可以通过从先前已经进入数字设备的恶意代码中检测到称为“回叫”的命令和控制通信来自动检测在计算机或其他数字设备中运行的机器人或僵尸网络。使用采用一个或多个本地分析器和中央分析器的分布式方法来检测回调。本地分析仪捕获出站通信的数据包，生成报头签名，并使用各种技术分析捕获的数据包。这些技术可以包括针对经验证的回叫签名的分组报头签名匹配，深度分组检查。中央分析仪从本地分析仪接收标题签名和相关标题信息，可以进行进一步分析（例如在线主机信誉分析）; 使用启发式分析确定签名是否对应于回调; 并且通常在本地分析仪之间进行协调。

10. 发明申请

US20160006756A1 TRUSTED THREAT-AWARE MICROVISOR 有权
标题翻译：有魅力的威胁微软
公开(公告)号：US20160006756A1
公开(公告)日：2016-01-07
申请号：US14602023
申请日：2015-01-21
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , G06F21/50 , G06F21/57 , G06F21/577 , G06F21/60 , H04L29/06877 , H04L29/06884
摘要： A trusted threat-aware microvisor may be deployed as a module of a trusted computing base (TCB) that also includes a root task module configured to cooperate with the microvisor to load and initialize one or more other modules executing on a node of a network environment. The root task may cooperate with the microvisor to allocate one or more kernel resources of the node to those other modules. As a trusted module of the TCB, the microvisor may be configured to enforce a security policy of the TCB that, e.g., prevents alteration of a state related to security of the microvisor by a module of or external to the TCB. The security policy of the TCB may be implemented by a plurality of security properties of the microvisor. Trusted (or trustedness) may therefore denote a predetermined level of confidence that the security property is demonstrated by the microvisor.
摘要翻译：可信赖的威胁感知微管理器可以被部署为可信计算基础（TCB）的模块，该可信计算基础（TCB）还包括根任务模块，该根任务模块被配置为与微管理程序协作以加载和初始化在网络环境的节点上执行的一个或多个其他模块。根任务可以与微管理程序合作，以将节点的一个或多个内核资源分配给那些其他模块。作为TCB的可信模块，微管理器可以被配置为强制TCB的安全策略，其例如防止由TCB的模块或外部的模块改变与微管理器的安全性有关的状态。 TCB的安全策略可以由微管理器的多个安全属性来实现。因此，可信任（或可信度）可以表示微安道具证明安全属性的预定的置信水平。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式