Dynamic content activation for automated analysis of embedded objects

摘要

According to one embodiment, a threat detection platform is integrated with at least one virtual machine that automatically performs a dynamic analysis of a received document object and monitors the processing during the dynamic analysis. The dynamic analysis includes a detection of embedded objects and may automatically process the embedded objects, while maintaining a context of the embedding, within the virtual machine processing the document object. The virtual machine may monitor the processing of both the document object and the embedded object. The results of the processing may be analyzed to determine whether the document object includes malware and/or a threat level of the document object.

主权项

1. A non-transitory computer readable storage medium having stored thereon logic that, upon execution by one or more processors implemented within a network device, performs operations during processing of a first object in a virtual machine, comprising:
launching the first object in the virtual machine; querying a document object model corresponding to an object-type of the first object to determine whether an embedded object is included in the first object; responsive to querying the document object model, receiving metadata associated with the embedded object, the metadata including an object-type of the embedded object; responsive to determining the object-type of the embedded object is one of a predetermined set of object-types based on the metadata, processing the embedded object in the virtual machine; and determining whether at least one of the first object or the embedded object is malicious.