专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US10198574B1 System and method for analysis of a memory dump associated with a potentially malicious content suspect 有权
公开(公告)号：US10198574B1
公开(公告)日：2019-02-05
申请号：US15167636
申请日：2016-05-27
申请人： FireEye, Inc.
发明人： Emmanuel Thioux , Muhammad Amin , Osman Abdoul Ismael
IPC分类号： G06F21/53 , G06F21/56 , G06F9/455
摘要： A network device for detecting malware is described. The network device features a memory storage device and a controller. The controller operating in cooperation with one or more virtual machines that are based on software modules stored within the memory storage device. The controller is configured to (i) monitor behaviors of at least a first virtual machine of the one or more virtual machines processing data received over a network, (ii) identify at least one anomalous behavior that includes either a communication anomaly or an execution anomaly, and (iii) detect, based on the identified at least one anomalous behavior, a presence of malware in the first virtual machine in response to identifying the at least one anomalous behavior.

2. 发明授权

US09946568B1 Micro-virtualization architecture for threat-aware module deployment in a node of a network environment 有权
公开(公告)号：US09946568B1
公开(公告)日：2018-04-17
申请号：US15009664
申请日：2016-01-28
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： G06F9/455 , G06F9/50
CPC分类号： G06F21/552 , G06F9/45533 , G06F9/45558 , G06F9/5027 , G06F21/53 , G06F21/629 , G06F2009/45587
摘要： A micro-virtualization architecture deploys a threat-aware microvisor as a module of a virtualization system configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing in a memory of a node in a network environment. The micro-virtualization architecture organizes the memory as a user space and kernel space, wherein the microvisor executes in the kernel space of the architecture, while the operating system processes, an operating system kernel, a virtual machine monitor (VMM) and its spawned virtual machines (VMs) execute in the user space. Notably, the microvisor executes at the highest privilege level of a central processing unit of the node to virtualize access to kernel resources. The operating system kernel executes under control of the microvisor at a privilege level lower than a highest privilege level of the microvisor. The VMM and its spawned VMs execute at the highest privilege level of the microvisor.

3. 发明授权

US09792196B1 Framework for efficient security coverage of mobile software applications 有权
公开(公告)号：US09792196B1
公开(公告)日：2017-10-17
申请号：US14930385
申请日：2015-11-02
申请人： FIREEYE, INC.
发明人： Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prshanth Mohan , Hui Xue
IPC分类号： G06F21/00 , G06F11/36 , G06N99/00 , G06F21/54 , G06F21/57 , G06F21/56 , G06F21/53 , H04L29/06
CPC分类号： G06F11/3604 , G06F11/28 , G06F11/36 , G06F11/3612 , G06F11/362 , G06F11/3664 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , G06N5/04 , G06N99/005 , H04L63/12 , H04L63/1433
摘要： A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.

4. 发明授权

US09740857B2 Threat-aware microvisor 有权
公开(公告)号：US09740857B2
公开(公告)日：2017-08-22
申请号：US14229533
申请日：2014-03-28
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： G06F21/00 , G06F21/55 , G06F9/455 , G06F21/62 , G06F21/53
CPC分类号： G06F21/552 , G06F9/45533 , G06F9/45558 , G06F9/5027 , G06F21/53 , G06F21/629 , G06F2009/45587
摘要： A threat-aware microvisor is configured to facilitate real-time security analysis, including exploit detection and threat intelligence, of operating system processes executing on a node of a network environment. The microvisor may be embodied as a module disposed or layered beneath (underlying) an operating system kernel executing on the node to thereby control privileges (i.e., access permissions) to kernel resources, such as one or more central processing units (CPUs), network interfaces, memory, and/or devices, of the node. Illustratively, the microvisor may be configured to control access to one or more of the resources in response to a request by an operating system process to access the resource.

5. 发明授权

US09495180B2 Optimized resource allocation for virtual machines within a malware content detection system 有权
标题翻译：为恶意软件内容检测系统内的虚拟机优化资源分配
公开(公告)号：US09495180B2
公开(公告)日：2016-11-15
申请号：US13892193
申请日：2013-05-10
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael
IPC分类号： G06F9/455 , G06F21/56 , G06F9/50
CPC分类号： G06F9/455 , G06F9/45558 , G06F9/5011 , G06F21/56 , G06F21/566 , G06F2009/45562 , G06F2009/45579 , G06F2009/45583 , G06F2009/45587
摘要： According to one embodiment, a computerized method comprises operations of instantiating a first virtual machine instance and a second virtual machine instance to run concurrently with the first virtual machine instance. The first virtual machine instance provides a first virtual operating environment while the second virtual machine instance is adapted to share the resources allocated to the first virtual machine instance. The second virtual machine instance is further adapted to allocate additional resources upon conducting a Copy-On Write operation.
摘要翻译：根据一个实施例，计算机化方法包括实例化第一虚拟机实例和第二虚拟机实例以与第一虚拟机实例同时运行的操作。第一虚拟机实例提供第一虚拟操作环境，而第二虚拟机实例适于共享分配给第一虚拟机实例的资源。第二虚拟机实例还适用于在进行复写写入操作时分配附加资源。

6. 发明申请

US20160006756A1 TRUSTED THREAT-AWARE MICROVISOR 有权
标题翻译：有魅力的威胁微软
公开(公告)号：US20160006756A1
公开(公告)日：2016-01-07
申请号：US14602023
申请日：2015-01-21
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： H04L29/06
CPC分类号： H04L63/1441 , G06F21/50 , G06F21/57 , G06F21/577 , G06F21/60 , H04L29/06877 , H04L29/06884
摘要： A trusted threat-aware microvisor may be deployed as a module of a trusted computing base (TCB) that also includes a root task module configured to cooperate with the microvisor to load and initialize one or more other modules executing on a node of a network environment. The root task may cooperate with the microvisor to allocate one or more kernel resources of the node to those other modules. As a trusted module of the TCB, the microvisor may be configured to enforce a security policy of the TCB that, e.g., prevents alteration of a state related to security of the microvisor by a module of or external to the TCB. The security policy of the TCB may be implemented by a plurality of security properties of the microvisor. Trusted (or trustedness) may therefore denote a predetermined level of confidence that the security property is demonstrated by the microvisor.
摘要翻译：可信赖的威胁感知微管理器可以被部署为可信计算基础（TCB）的模块，该可信计算基础（TCB）还包括根任务模块，该根任务模块被配置为与微管理程序协作以加载和初始化在网络环境的节点上执行的一个或多个其他模块。根任务可以与微管理程序合作，以将节点的一个或多个内核资源分配给那些其他模块。作为TCB的可信模块，微管理器可以被配置为强制TCB的安全策略，其例如防止由TCB的模块或外部的模块改变与微管理器的安全性有关的状态。 TCB的安全策略可以由微管理器的多个安全属性来实现。因此，可信任（或可信度）可以表示微安道具证明安全属性的预定的置信水平。

7. 发明授权

US09159035B1 Framework for computer application analysis of sensitive information tracking 有权
标题翻译：敏感信息跟踪计算机应用分析框架
公开(公告)号：US09159035B1
公开(公告)日：2015-10-13
申请号：US13775170
申请日：2013-02-23
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Dawn Song , Phung-Te Ha , Peter J. Gilbert , Hui Xue
IPC分类号： G06F15/18 , G06N99/00
CPC分类号： G06F21/562 , G06F9/45558 , G06F11/3466 , G06F21/552 , G06F21/60 , G06F2009/4557 , G06F2221/033 , G06F2221/2101 , G06N99/005
摘要： A method is described that involves generating one or more machine learned rules with a machine learning system. The method also involves generating a representation of an application that describes various states and state transitions of the application. The method also involves referring to the one or more machine learned rules and the representation to identify a region of interest of the application. The method also involves configuring one or more monitors for the application to be enabled in a run time environment of the application. The method also involves setting conditions of the application within the run time environment to drive the application's execution to the region of interest. The method also involves observing behaviors of the application and determining whether the region of interest corresponds to improperly behaving code.
摘要翻译：描述了一种涉及利用机器学习系统生成一个或多个机器学习规则的方法。该方法还涉及生成描述应用程序的各种状态和状态转换的应用程序的表示。该方法还涉及引用一个或多个机器学习规则和表示以识别应用的兴趣区域。该方法还涉及为在应用的运行时环境中启用的应用配置一个或多个监视器。该方法还涉及在运行时环境内设置应用程序的条件，以将应用程序的执行驱动到感兴趣的区域。该方法还涉及观察应用程序的行为，并确定感兴趣的区域是否对应于行为不正确的代码。

8. 发明申请

US20150199531A1 EXPLOIT DETECTION SYSTEM WITH THREAT-AWARE MICROVISOR 有权
标题翻译：具有威胁微观检测器的开发检测系统
公开(公告)号：US20150199531A1
公开(公告)日：2015-07-16
申请号：US14229580
申请日：2014-03-28
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael , Ashar Aziz
IPC分类号： G06F21/62 , G06F9/455
CPC分类号： G06F21/552 , G06F9/45533 , G06F9/45558 , G06F9/5027 , G06F21/53 , G06F21/629 , G06F2009/45587
摘要： An exploit detection system deploys a threat-aware microvisor to facilitate real-time security analysis, including exploit detection and threat intelligence, of an operating system process executing on a node of a network environment. The microvisor may be organized as a main protection domain representative of the operating system process. In response to the process attempting to access a kernel resource for which it does not have permission, a capability violation may be generated at the main protection domain of the microvisor and a micro-virtual machine (VM) may be spawned as a container configured to encapsulate the process. The main protection domain may then be cloned to create a cloned protection domain that is representative of the process and that is bound to the spawned micro-VM. Capabilities of the cloned protection domain may be configured to be more restricted than the capabilities of the main protection domain with respect to access to the kernel resource. The restricted capabilities may be configured to generate more capability violations than those generated by the capabilities of the main protection domain and, in turn, enable further monitoring of the process as it attempts to access the kernel resource.
摘要翻译：利用检测系统部署威胁感知的微型管理器，以便于在网络环境的节点上执行的操作系统进程的实时安全性分析（包括漏洞检测和威胁智能）。微管理器可以被组织为代表操作系统进程的主要保护域。响应于尝试访问其没有权限的内核资源的过程，可以在微管理器的主保护域处生成能力冲突，并且可以将微虚拟机（VM）作为容器被配置为封装过程。然后可以克隆主要保护域，以创建代表该过程并且绑定到产生的微型VM的克隆保护域。克隆的保护域的能力可以被配置为比主保护域在访问内核资源方面的能力更受限制。受限的功能可以被配置为产生比由主保护域的能力产生的更多的能力违规，并且进而在进程尝试访问内核资源时进一步监视进程。

9. 发明授权

US11089057B1 System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits 有权
公开(公告)号：US11089057B1
公开(公告)日：2021-08-10
申请号：US16679030
申请日：2019-11-08
申请人： FireEye, Inc.
发明人： Ashar Aziz , Muhammad Amin , Osman Abdoul Ismael , Zheng Bu
IPC分类号： H04L29/06 , G06F21/56 , G06F9/455 , G06F21/53
摘要： According to one embodiment, a threat detection system comprising an intrusion protection system (IPS) logic, a virtual execution logic and a reporting logic is shown. The IPS logic is configured to receive a first plurality of objects and analyze the first plurality of objects to identify a second plurality of objects as potential exploits, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects. The virtual execution logic including at least one virtual machine configured to process content within each of the second plurality of objects and monitor for anomalous behaviors during the processing that are indicative of exploits to classify that a first subset of the second plurality of objects includes one or more verified exploits. The reporting logic configured to provide a display of exploit information associated with the one or more verified exploits.

10. 发明授权

US10528726B1 Microvisor-based malware detection appliance architecture 有权
公开(公告)号：US10528726B1
公开(公告)日：2020-01-07
申请号：US15943357
申请日：2018-04-02
申请人： FireEye, Inc.
发明人： Osman Abdoul Ismael
IPC分类号： G06F21/00 , G06F21/55 , G06F9/455
摘要： A threat-aware microvisor may be deployed in a malware detection appliance architecture and execute on a malware detection system (MDS) appliance to provide exploit and malware detection within a network environment. The microvisor may underlie an operating system kernel of the MDS appliance and execute in kernel space of the architecture to control access to kernel resources of the appliance for any operating system process. A type 0 virtual machine monitor may be disposed over the microvisor and execute in user space of the architecture as a pass-through module configured to expose the kernel resources of the appliance to the operating system kernel. One or more hypervisors, e.g., type 1 VMM, may be further disposed over the microvisor and execute in user space of the architecture under control of the microvisor to support execution of one or more guest operating systems inside one or more full virtual machines.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式