| 主权项 |
1. A computer-implemented method for detecting exfiltration content, comprising:
executing, by a processor, a malicious content suspect within a virtual machine that simulates a target operating environment associated with the malicious content suspect; prior to outbound network traffic initiated by the malicious content suspect leaving the virtual machine, performing a packet inspection, by a packet inspector executed by the processor and running within the virtual machine, on the outbound network traffic, the packet inspection to determine whether a portion of the outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures; responsive to determining the portion of the outbound network traffic matches the one or more portions of predetermined network traffic patterns or signatures, determining whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique to the virtual machine; responsive to determining the outbound network traffic includes the at least one environmental property of the virtual machine that is unique to the virtual machine, precluding migration of the outbound network traffic outside of the virtual machine to avoid the malicious content suspect from (i) gaining access to other components or (ii) signaling that the packet inspection is being conducted; and generating an alert by a module executed by the processor, the alert indicating that the malicious content suspect is attempting to perform an exfiltration of data based on determining that the outbound network traffic includes the at least one unique environmental property of the virtual machine. |
