Systems and methods for malware attack detection and identification

摘要

Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system can comprise a controller. The controller can comprise an analysis environment configured to transmit network data to a virtual machine, flag input values associated with the network data from untrusted sources, monitor the flagged input values within the virtual machine, identify an outcome of one or more instructions that manipulate the flagged input values, and determine if the outcome of the one or more instructions comprise an unauthorized activity.

主权项

1. A malware detection and identification system, comprising:
a controller comprising an analysis environment including a virtual machine, the analysis environment being configured to
receive a copy of network data by the virtual machine of the analysis environment, flag input values associated with (i) the copy of the network data from one or more untrusted sources or (ii) the copy of the network data that comprises suspicious network data as determined prior to analysis by the virtual machine,monitor the flagged input values during execution by the virtual machine of one or more instructions that manipulate the flagged input values within the virtual machine,identify an outcome of the one or more instructions by tracking each of the one or more instructions, anddetermine whether the identified outcome of the one or more instructions comprises a redirection in control flow during execution by the virtual machine of the one or more instructions to (i) access a memory location containing the copy of the network data or (ii) a standard library function, the redirection in the control flow constituting an unauthorized activity.