-
公开(公告)号:US09536091B2
公开(公告)日:2017-01-03
申请号:US13925737
申请日:2013-06-24
申请人: FireEye, Inc.
CPC分类号: G06F21/566 , G06F21/554 , G06F21/567 , H04L63/1416 , H04L63/145
摘要: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
摘要翻译: 根据一个实施例,系统包括一个或多个计数器; 比较逻辑; 以及通信地耦合到所述一个或多个计数器和所述比较逻辑的一个或多个硬件处理器。 一个或多个硬件处理器被配置为实例化适于分析所接收的内容的一个或多个虚拟机,其中所述一个或多个虚拟机被配置为监视由在处理内容期间进行的一个或多个事件引起的延迟,并且识别 该内容包括恶意软件,如果延迟超过第一个时间段。
-
公开(公告)号:US11297074B1
公开(公告)日:2022-04-05
申请号:US16459536
申请日:2019-07-01
申请人: FireEye, Inc.
摘要: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.
-
公开(公告)号:US10467414B1
公开(公告)日:2019-11-05
申请号:US15943406
申请日:2018-04-02
申请人: FireEye, Inc.
发明人: Darien Kindlund , Julia Wolf , James Bennett
摘要: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.
-
公开(公告)号:US09565202B1
公开(公告)日:2017-02-07
申请号:US13801573
申请日:2013-03-13
申请人: FIREEYE, INC.
发明人: Darien Kindlund , Julia Wolf , James Bennett
CPC分类号: G06F21/566 , G06F21/53 , G06F21/561 , G06F21/562 , G06F21/565 , G06F21/567 , G06F2221/033 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1441 , H04L63/145
摘要: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed within a virtual machine that simulates a target operating environment associated with the malicious content suspect. A packet inspection is performed on outbound network traffic initiated by the malicious content suspect to determine whether the outbound network traffic matches a predetermined network traffic pattern. An alert is generated indicating that the malicious content suspect should be declared as malicious, in response to determining that the outbound network traffic matches the predetermined network traffic pattern.
摘要翻译: 本文描述了用于检测渗滤内容物的技术。 根据一个实施例,在虚拟机内执行恶意内容疑犯,该虚拟机模拟与恶意内容疑犯相关联的目标操作环境。 对由恶意内容怀疑发起的出站网络流量进行分组检查,以确定出站网络流量是否匹配预定的网络流量模式。 响应于确定出站网络流量与预定网络流量模式匹配,产生指示恶意内容可疑应被声明为恶意的警报。
-
公开(公告)号:US10341363B1
公开(公告)日:2019-07-02
申请号:US14981765
申请日:2015-12-28
申请人: FireEye, Inc.
摘要: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory includes a detection module that, when executed, conducts an analysis of a received object to determine if the received object is associated with a malicious attack. The detection module is configurable, and thus, certain capabilities can be enabled, disabled or modified. The analysis is to be altered upon receipt of a configuration file that includes information to alter one or more rules controlling the analysis conducted by the detection module.
-
6.发明授权公开(公告)号:US09934381B1
公开(公告)日:2018-04-03
申请号:US15425954
申请日:2017-02-06
申请人: FireEye, Inc.
发明人: Darien Kindlund , Julia Wolf , James Bennett
CPC分类号: G06F21/566 , G06F21/53 , G06F21/561 , G06F21/562 , G06F21/565 , G06F21/567 , G06F2221/033 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1425 , H04L63/1441 , H04L63/145
摘要: Techniques for detecting exfiltration content are described herein. According to one embodiment, a malicious content suspect is executed and a packet inspection of outbound network traffic is performed by a packet inspector running within the virtual machine. Occurring before the outbound network traffic leaving the virtual machine, the packet inspector determines whether a portion of outbound network traffic matches one or more portions of predetermined network traffic patterns or signatures. If so, a determination is made whether the outbound network traffic includes at least one environmental property of the virtual machine that is unique or almost unique to the virtual machine. If so, migration of the outbound network traffic outside of the virtual machine is precluded and an alert is transmitted. The alert includes the malicious content suspect that is attempting to perform an exfiltration of data.
-
公开(公告)号:US20160191547A1
公开(公告)日:2016-06-30
申请号:US14788450
申请日:2015-06-30
申请人: FireEye, Inc.
发明人: Asim Zafar , Eirij Qureshi , Darien Kindlund
CPC分类号: H04L63/1416 , G06F9/45558 , G06F21/53 , G06F21/552 , G06F2009/45562 , G06F2009/4557 , G06F2009/45587 , G06F2009/45591 , G06F2221/033 , H04L63/1425
摘要: According to one embodiment, a threat detection platform features a housing, a communication interface, a processor coupled to the communication interface, and a data store. The data store includes (i) an event log, (ii) a first virtual machine, and (iii) a second virtual machine. The first virtual machine is provisioned with a first guest image that is based on an instrumented software profile that includes a first software component and activity monitors configured for the first software component. The second virtual machine is provisioned with a second guest image that is based on a temporary software profile that includes a second software component that is a more recent version of the first software component and the activity monitors configured for the first software component.
摘要翻译: 根据一个实施例,威胁检测平台具有壳体,通信接口,耦合到通信接口的处理器和数据存储器。 数据存储包括(i)事件日志,(ii)第一虚拟机和(iii)第二虚拟机。 第一虚拟机被配备有第一客户映像,该第一客户映像基于具有被配置用于第一软件组件的第一软件组件和活动监视器的经测试的软件配置文件。 所述第二虚拟机被配备有基于临时软件配置文件的第二客户映像,所述临时软件配置文件包括作为第一软件组件的更新版本的第二软件组件和为所述第一软件组件配置的活动监视器。
-
公开(公告)号:US09223972B1
公开(公告)日:2015-12-29
申请号:US14231216
申请日:2014-03-31
申请人: FireEye, Inc.
CPC分类号: G06F21/566
摘要: According to one embodiment, an apparatus comprises a processor and memory. Communicatively coupled to the processor, the memory comprises one or more detection modules each being software that is configurable to enable, disable or modify capabilities for that corresponding detection module. A first detection module the detection modules, when executed by the processor, conducts a first capability including an analysis of a received object to determine if the received object is associated with a malicious attack. The analysis may be altered upon receipt of a configuration file that is substantially lesser in size than the software forming the first detection module and includes information to alter one or more rules controlling the first capability.
摘要翻译: 根据一个实施例,一种装置包括处理器和存储器。 通信地耦合到处理器,存储器包括一个或多个检测模块,每个检测模块是可配置为启用,禁用或修改相应的检测模块的能力的软件。 第一检测模块,当由处理器执行时,检测模块执行包括对接收到的对象的分析的第一能力,以确定所接收的对象是否与恶意攻击相关联。 在接收到比形成第一检测模块的软件大得多的配置文件的配置文件中可以改变分析,并且包括用于改变控制第一能力的一个或多个规则的信息。
-
公开(公告)号:US10335738B1
公开(公告)日:2019-07-02
申请号:US16140327
申请日:2018-09-24
申请人: FireEye, Inc.
IPC分类号: C02F1/44 , B01D61/06 , B01D61/02 , C02F103/08 , C02F5/08 , C02F3/12 , C02F1/76 , C02F1/66 , C02F1/52
摘要: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
-
公开(公告)号:US10083302B1
公开(公告)日:2018-09-25
申请号:US15394681
申请日:2016-12-29
申请人: FireEye, Inc.
CPC分类号: B01D61/06 , B01D61/022 , C02F1/44 , C02F1/52 , C02F1/66 , C02F1/76 , C02F3/1273 , C02F5/08 , C02F2103/08 , C02F2303/10 , C02F2303/18 , C02F2303/185 , G06F21/554 , G06F21/566 , G06F21/567 , G06F2221/033 , H04L63/1416 , H04L63/145 , Y02W10/15 , Y02W10/30
摘要: According to one embodiment, a system comprises one or more counters; comparison logic; and one or more hardware processors communicatively coupled to the one or more counters and the comparison logic. The one or more hardware processors are configured to instantiate one or more virtual machines that are adapted to analyze received content, where the one or more virtual machines are configured to monitor a delay caused by one or more events conducted during processing of the content and identify the content as including malware if the delay exceed a first time period.
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.022 秒)
