专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09912698B1 Malicious content analysis using simulated user interaction without user involvement 有权
公开(公告)号：US09912698B1
公开(公告)日：2018-03-06
申请号：US14804086
申请日：2015-07-20
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Muhammad Amin , Darien Kindlund , Alex Pilipenko , Michael Vincent
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , G06F21/53 , G06F21/56 , G06F21/566 , H04L63/1408 , H04L63/1416
摘要： Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.

2. 发明授权

US09438623B1 Computer exploit detection using heap spray pattern matching 有权
标题翻译：使用堆喷雾模式匹配的计算机利用检测
公开(公告)号：US09438623B1
公开(公告)日：2016-09-06
申请号：US14311035
申请日：2014-06-20
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Sai Vashisht , Michael Vincent
IPC分类号： G06F17/30 , H04N7/16 , H04L29/06
CPC分类号： H04L63/1466 , G06F21/52
摘要： According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically to detect potential shellcode at a first storage location within a region of memory allocated for an application, conduct a first search at one or more storage locations prior to the first storage location within the region of allocated memory for at least one or more patterns, conduct a second search at one or more storage locations subsequent to the first storage location within the region of allocated memory for at least one or more patterns, detect a first pattern at one or more storage locations prior to the first storage location within the region of allocated memory, and detect a second pattern at one or more storage locations subsequent to the first storage location with the region of allocated memory, wherein at least one of the first pattern or the second pattern is absent from a predefined list of patterns.
摘要翻译：根据一个实施例，威胁检测系统与至少一个动态分析引擎集成。动态分析引擎被配置为自动地检测分配给应用的存储器区域内的第一存储位置处的潜在shellcode，在分配的存储器区域内的第一存储位置之前的一个或多个存储位置处进行第一次搜索，至少一个或多个图案，对于至少一个或多个图案，在分配的存储器的区域内的第一存储位置之后的一个或多个存储位置处进行第二次搜索，在第一图案之前的一个或多个存储位置检测第一图案在分配的存储器的区域内的第一存储位置，并且在所分配的存储器的区域之后的第一存储位置之后的一个或多个存储位置处检测第二模式，其中第一模式或第二模式中的至少一个不存在于预定义的模式列表。

3. 发明授权

US11297074B1 Dynamically remote tuning of a malware content detection system 有权
公开(公告)号：US11297074B1
公开(公告)日：2022-04-05
申请号：US16459536
申请日：2019-07-01
申请人： FireEye, Inc.
发明人： Michael Vincent , Emmanuel Thioux , Sai Vashisht , Darien Kindlund
IPC分类号： G06F21/00 , H04L29/06
摘要： According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.

4. 发明授权

US10713362B1 Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses 有权
公开(公告)号：US10713362B1
公开(公告)日：2020-07-14
申请号：US15912474
申请日：2018-03-05
申请人： FireEye, Inc.
发明人： Michael Vincent , Ali Mesdaq , Emmanuel Thioux , Abhishek Singh , Sai Vashisht
IPC分类号： G06F21/56 , H04L29/06
摘要： A method of detecting malware in a specimen of computer content or network traffic is described. The method features conducting a first analysis on the specimen in accordance with a first plurality of analyses and an order of the first plurality of analyses. A second analysis is conducted on the specimen different than the first analysis type. Thereafter, further analyses on the specimen may be altered by modifying information associated with the first plurality of analyses or the order of the first plurality of analyses in response to feedback information based on results from at least the first analysis. The modified information changes a malware analysis of the specimen from being conducted in accordance with the first plurality of analyses to being conducted in accordance with a second plurality of analyses different in analysis type or in order of analyses than the first plurality of analyses.

5. 发明授权

US10198574B1 System and method for analysis of a memory dump associated with a potentially malicious content suspect 有权
公开(公告)号：US10198574B1
公开(公告)日：2019-02-05
申请号：US15167636
申请日：2016-05-27
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Muhammad Amin , Osman Abdoul Ismael
IPC分类号： G06F21/53 , G06F21/56 , G06F9/455
摘要： A network device for detecting malware is described. The network device features a memory storage device and a controller. The controller operating in cooperation with one or more virtual machines that are based on software modules stored within the memory storage device. The controller is configured to (i) monitor behaviors of at least a first virtual machine of the one or more virtual machines processing data received over a network, (ii) identify at least one anomalous behavior that includes either a communication anomaly or an execution anomaly, and (iii) detect, based on the identified at least one anomalous behavior, a presence of malware in the first virtual machine in response to identifying the at least one anomalous behavior.

6. 发明授权

US09355247B1 File extraction from memory dump for malicious content analysis 有权
标题翻译：从内存转储中提取文件进行恶意内容分析
公开(公告)号：US09355247B1
公开(公告)日：2016-05-31
申请号：US13801545
申请日：2013-03-13
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Muhammad Amin , Osman Ismael
IPC分类号： G06F21/55
CPC分类号： G06F21/55 , G06F21/53 , G06F21/564
摘要： Techniques for malicious content detection using memory dump are described herein. According to one embodiment, a monitoring module is configured to monitor activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of one or more predetermined events triggered by the malicious content suspect, a memory dump module is configured to generate a memory dump of the malicious content suspect. An analysis module is configured to analyze the memory dump to determine whether the malicious content suspect should be declared as malicious based on a set of one or more rules.
摘要翻译：本文描述了使用存储器转储进行恶意内容检测的技术。根据一个实施例，监视模块被配置为监视在沙箱操作环境内执行的恶意内容嫌疑人的活动。响应于检测到由恶意内容可疑者触发的一个或多个预定事件，存储器转储模块被配置为生成恶意内容可疑者的存储器转储。分析模块被配置为分析内存转储以基于一组或多个规则来确定恶意内容是否应该被宣告为恶意的。

7. 发明授权

US10848521B1 Malicious content analysis using simulated user interaction without user involvement 有权
公开(公告)号：US10848521B1
公开(公告)日：2020-11-24
申请号：US15912455
申请日：2018-03-05
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Muhammad Amin , Darien Kindlund , Alex Pilpenko , Michael Vincent
IPC分类号： H04L29/06 , G06F21/56 , G06F21/53
CPC分类号： H04L63/20 , G06F21/53 , G06F21/56 , G06F21/566 , H04L63/1408 , H04L63/1416
摘要： Techniques for detecting malicious content using simulated user interactions are described herein. In one embodiment, a monitoring module monitors activities of a malicious content suspect executed within a sandboxed operating environment. In response to detection of a predetermined event triggered by the malicious content suspect requesting a user action on a graphical user interface (GUI) presented by the malicious content suspect, simulating, a user interaction module simulates a user interaction with the GUI without user intervention. An analysis module analyzes activities of the malicious content suspect in response to the simulated user interaction to determine whether the malicious content suspect should be declared as malicious.

8. 发明授权

US10515214B1 System and method for classifying malware within content created during analysis of a specimen 有权
公开(公告)号：US10515214B1
公开(公告)日：2019-12-24
申请号：US14922030
申请日：2015-10-23
申请人： FIREEYE, INC.
发明人： Michael Vincent , Ali Mesdaq , Emmanuel Thioux , Abhishek Singh , Sal Vashisht
IPC分类号： G06F12/14 , G06F11/30 , G06F21/56 , H04L29/06
摘要： According to one embodiment, a system of detecting malware in a specimen of computer content or network traffic comprises a processor and a memory. The memory includes a first analysis logic and a second analysis logic that may be executed by the processor. Upon execution, the first analysis logic performs a static analysis in accordance with an analysis plan to identify one or more suspicious indicators associated with malware and one or more characteristics related to processing of the specimen. The second analysis logic performs a second analysis in accordance with the analysis plan by processing of the specimen in a virtual machine and monitoring for one or more unexpected behaviors during virtual processing of the specimen in the virtual machine. The analysis plan may be altered based on the results of one of the analyzes.

9. 发明授权

US09973531B1 Shellcode detection 有权
公开(公告)号：US09973531B1
公开(公告)日：2018-05-15
申请号：US14311000
申请日：2014-06-20
申请人： FireEye, Inc.
发明人： Emmanuel Thioux
IPC分类号： H04L29/06 , G06F9/455
CPC分类号： H04L63/1466 , G06F9/45558 , G06F2009/45587
摘要： According to one embodiment, a threat detection system is integrated with at least a dynamic analysis engine. The dynamic analysis engine is configured to automatically determine whether one or more objects included in received network traffic contains a heap spray attack. Upon detection of a potential heap spray attack, the dynamic analysis engine may copy potential shellcode within an object included in the received network traffic, insert the copy of the potential shellcode into a second region of allocated memory and analyze the execution of the potential shellcode to determine whether characteristics associated with an exploit are present.

10. 发明授权

US10341363B1 Dynamically remote tuning of a malware content detection system 有权
公开(公告)号：US10341363B1
公开(公告)日：2019-07-02
申请号：US14981765
申请日：2015-12-28
申请人： FireEye, Inc.
发明人： Michael Vincent , Emmanuel Thioux , Sai Vashisht , Darien Kindlund
IPC分类号： G06F21/00 , H04L29/06
摘要： According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式