The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jul. 02, 2013
Filed:
Dec. 29, 2010
Alex Vaystikh, Hod HaSharon, IL;
Robert Polansky, Westwood, MA (US);
Samir Dilipkumar Saklikar, Bangalore, IN;
Liron Liptz, Even Yehuda, IL;
Alex Vaystikh, Hod HaSharon, IL;
Robert Polansky, Westwood, MA (US);
Samir Dilipkumar Saklikar, Bangalore, IN;
Liron Liptz, Even Yehuda, IL;
EMC Corporation, Hopkinton, MA (US);
Abstract
A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine. A control action is taken if the likelihood is sufficiently high.