| 发明名称 |
SYSTEM, APPARATUS AND METHOD FOR AUTOMATICALLY VERIFYING EXPLOITS WITHIN SUSPECT OBJECTS AND HIGHLIGHTING THE DISPLAY INFORMATION ASSOCIATED WITH THE VERIFIED EXPLOITS |
| 摘要 |
According to one embodiment, a threat detection system is integrated with intrusion protection system (IPS) logic and virtual execution logic. The IPS logic is configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects. The second plurality of objects is a subset of the first plurality of objects and is lesser or equal in number to the first plurality of objects. The virtual execution logic is configured to automatically verify whether any of the suspicious objects is an exploit. The virtual execution logic comprises at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits. |
| 申请公布号 |
US2015186645(A1) |
申请公布日期 |
2015.07.02 |
| 申请号 |
US201414228073 |
申请日期 |
2014.03.27 |
| 申请人 |
FireEye, Inc. |
发明人 |
Aziz Ashar;Amin Muhammad;Ismael Osman Abdoul;Bu Zheng |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A threat detection system, comprising:
an intrusion protection system (IPS) logic configured to receive a first plurality of objects and filter the first plurality of objects by identifying a second plurality of objects as suspicious objects, the second plurality of objects being a subset of the first plurality of objects and being lesser or equal in number to the first plurality of objects; a virtual execution logic configured to automatically verify whether any of the suspicious objects is an exploit, the virtual execution logic including at least one virtual machine configured to virtually process content within the suspicious objects and monitor for anomalous behaviors during the virtual processing that are indicative of exploits. |
| 地址 |
Milpitas CA US |
