SYSTEMS AND METHODS FOR VIRTUALIZATION AND EMULATION ASSISTED MALWARE DETECTION
    2.
    发明公开
    SYSTEMS AND METHODS FOR VIRTUALIZATION AND EMULATION ASSISTED MALWARE DETECTION 审中-公开
    系统和虚拟化方法,并协助有害程序识别仿真

    公开(公告)号:EP3093762A1

    公开(公告)日:2016-11-16

    申请号:EP16167215.9

    申请日:2012-11-05

    申请人: Cyphort, Inc.

    摘要: Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

    摘要翻译: 虚拟化和仿真启用恶意软件检测的系统和方法进行了描述。 在一些实施例中,一种方法包括拦截到对象,实例化和在虚拟化环境中处理的对象时,跟踪对象的操作,而虚拟化环境内的处理,检测与该对象相关联的可疑行为,响应在模拟环境中实例化所检测到的 可疑行为,处理,记录到的响应,和跟踪仿真环境内的对象的操作,检测所述虚拟化环境中的物体的跟踪的操作之间的发散到仿真环境中的对象的跟踪操作,重新实例化 虚拟化的环境中,提供从所述模拟环境中的虚拟化环境中的对象中的记录的响应,监视所述虚拟化环境的重新实例化内的对象的操作,从被监视的操作识别不可信的动作,并产生AR 扩展端口关于目标的鉴定不信任的行动。

    SYSTEMS AND METHODS FOR VIRTUALIZATION AND EMULATION ASSISTED MALWARE DETECTION
    3.
    发明公开
    SYSTEMS AND METHODS FOR VIRTUALIZATION AND EMULATION ASSISTED MALWARE DETECTION 有权
    系统和虚拟化方法,并协助有害程序识别仿真

    公开(公告)号:EP2774038A1

    公开(公告)日:2014-09-10

    申请号:EP12844780.2

    申请日:2012-11-05

    申请人: Cyphort Inc.

    IPC分类号: G06F11/00

    摘要: Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

    SYSTEMS AND METHODS FOR VIRTUALIZED MALWARE DETECTION
    5.
    发明公开
    SYSTEMS AND METHODS FOR VIRTUALIZED MALWARE DETECTION 审中-公开
    系统和虚拟化的恶意软件检测方法

    公开(公告)号:EP2774039A1

    公开(公告)日:2014-09-10

    申请号:EP12845692.8

    申请日:2012-11-05

    申请人: Cyphort Inc.

    IPC分类号: G06F11/00

    摘要: Systems and methods for virtualization and emulation malware enabled detection are described. In some embodiments, a method comprises intercepting an object, instantiating and processing the object in a virtualization environment, tracing operations of the object while processing within the virtualization environment, detecting suspicious behavior associated with the object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of the object within the virtualization environment to the traced operations of the object within the emulation environment, re-instantiating the virtualization environment, providing the recorded response from the emulation environment to the object in the virtualization environment, monitoring the operations of the object within the re-instantiation of the virtualization environment, identifying untrusted actions from the monitored operations, and generating a report regarding the identified untrusted actions of the object.

    SYSTEMS AND METHODS FOR MALWARE DETECTION AND MITIGATION
    7.
    发明公开
    SYSTEMS AND METHODS FOR MALWARE DETECTION AND MITIGATION 审中-公开
    系统公司VERFAHREN ZUM ERKENNEN UNDABSCHWÄCHENVON SCHADPROGRAMMEN

    公开(公告)号:EP3111331A2

    公开(公告)日:2017-01-04

    申请号:EP15752327.5

    申请日:2015-02-24

    申请人: Cyphort Inc.

    IPC分类号: G06F12/14 G06F11/00

    摘要: Systems and methods for monitoring malware events in a computer networking environment are described. The systems and methods including the steps of identifying a plurality of suspect objects comprising data about network transactions or computer operations suspected of being linked to a security risk; transmitting the suspect objects to an inspection service operating on one or more general purpose digital computers; transmitting said digital information to an analytical service operating on one or more general purpose digital computers; transmitting said one or more scores to a correlation facility which aggregates a plurality of scores, optionally with other information about each suspect objects, into the form of aggregate data representing one or more aggregate features of a plurality of suspect objects; and generating an infection verification pack comprising routines which, when run on an end-point machine within the computer networking environment, will mitigate a suspected security threat.

    摘要翻译: 描述了在计算机网络环境中监视恶意软件事件的系统和方法。 所述系统和方法包括以下步骤:识别多个可疑对象,包括关于网络交易或涉嫌与安全风险相关联的计算机操作的数据; 将可疑对象传送到在一个或多个通用数字计算机上运行的检查服务,其中检查服务使用多种检查方法来检查可疑对象,以产生关于由嫌疑对象构成的潜在威胁的性质的数字信息; 将所述数字信息发送到在一个或多个通用数字计算机上操作的分析服务,其中所述分析服务执行多个分析算法,以根据其安全威胁对每个可疑对象的一个​​或多个分数对所述可疑对象进行分类; 将所述一个或多个分数发送到相关设施,所述相关设施将可选择地将关于每个可疑对象的其他信息聚集多个分数转换为表示多个可疑对象的一个​​或多个聚合特征的聚合数据的形式; 以及生成包括例程的感染验证包(IVP),当在所述计算机联网环境中的终点机器上运行时,将减轻可疑的安全威胁。

    SYSTEM AND METHOD FOR VERIFYING AND DETECTING MALWARE
    8.
    发明公开
    SYSTEM AND METHOD FOR VERIFYING AND DETECTING MALWARE 审中-公开
    系统VERFAHREN ZUR VERIFIZIERUNG UND ERKENNUNG VON MALWARE

    公开(公告)号:EP3111330A1

    公开(公告)日:2017-01-04

    申请号:EP15752643.5

    申请日:2015-02-24

    申请人: Cyphort Inc.

    IPC分类号: G06F11/00

    摘要: A system configured to detect malware is described. The system including an infection verification pack configured to perform behavior detonation; identify a malware object based on machine-learning; and select one or more persistent artifacts of the malware on the target system based on one or more algorithms applied to behavior traces of the malware object to select one or more persistent artifacts of the malware on the target system.

    摘要翻译: 描述了配置为检测恶意软件的系统。 该系统包括被配置为执行行为引爆的感染验证包; 基于机器学习识别恶意软件对象; 并且基于应用于恶意软件对象的行为痕迹的一个或多个算法来选择目标系统上的恶意软件的一个或多个持久工件,以选择目标系统上的恶意软件的一个或多个持久工件。