Patent
Electronic message analysis for malware detection
TLDR
In this paper, an electronic message is analyzed for malware contained in the message and the analysis may include replaying the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message, if the replayed URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.Abstract:
An electronic message is analyzed for malware contained in the message. Text of an electronic message may be analyzed to detect and process malware content in the electronic message itself. The present technology may analyze an electronic message and attachments to electronic messages to detect a uniform resource location (URL), identify whether the URL is suspicious, and analyze all suspicious URLs to determine if they are malware. The analysis may include re-playing the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message. If the re-played URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.read more
Citations
More filters
Patent
Detecting Malicious Network Content
TL;DR: In this paper, a system consisting of a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable devices, a controller configured to send data associated with the devices, an analysis module to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the devices storing the malware.
Patent
Systems and Methods for Scheduling Analysis of Network Content for Malware
Stuart Staniford,Ashar Aziz +1 more
TL;DR: In this paper, a method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network contents, determining a score related to a probability that the network content includes malicious network contents based on at least the suspicious characteristic, identifying the content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content and analyzing a response of the virtual machine.
Patent
Behavioral scanning of mobile applications
TL;DR: In this article, a behavioral analysis of a mobile application is performed to determine whether the application is malicious or not, and various user interactions are simulated in an emulated environment to activate many possible resulting behaviors of an application.
Patent
Optimized resource allocation for virtual machines within a malware content detection system
TL;DR: In this article, a virtual machine instance provides a first virtual operating environment while the second VM instance is adapted to share the resources allocated to the first VM instance, which is further adapted to allocate additional resources upon conducting Copy-On Write operation.
Patent
System and method for detecting malicious links in electronic messages
Vinay K. Pidathala,Henry Uyeno +1 more
TL;DR: In this paper, any known URL links are removed from the URL links based on a list of known link signatures, and a link analysis is performed on the URL link based on link heuristics to determine whether the link link is suspicious.
References
More filters
Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
Book
Computer Security
TL;DR: This new edition of this self-study guide includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection.
Journal ArticleDOI
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
TL;DR: ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine, and enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
TL;DR: Three classes of attacks which exploit fundamentally problems with the reliability of passive protocol analysis are defined--insertion, evasion and denial of service attacks--and how to apply these three types of attacks to IP and TCP protocol analysis is described.
Proceedings ArticleDOI
Polygraph: automatically generating signatures for polymorphic worms
TL;DR: Polygraph as mentioned in this paper is a signature generation system that successfully produces signatures that match polymorphic worms by using multiple disjoint content substrings, which correspond to protocol framing, return addresses, and poorly obfuscated code.