Optimization of computing resources through monitoring and manipulating availabilty
US-2015350047-A1 · Dec 3, 2015 · US
Emulating expected network communications to applications in a virtual machine environment
US9904781B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9904781-B2 |
| Application number | US-201514811812-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 28, 2015 |
| Priority date | Jul 28, 2014 |
| Publication date | Feb 27, 2018 |
| Grant date | Feb 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example method includes executing a software application within the virtual machine environment; during execution of the software application, detecting a network request sent from the software application within the virtual machine environment, the network request formatted according to a particular network protocol; in response to detecting the network request: determining an expected response to the network request based on at least one of information included in the network request or the particular network protocol; and providing the expected response to the software application within the virtual machine environment.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented method executed by one or more processors for analyzing software applications within a virtual machine environment, the method comprising: receiving a software application that is to be tested for identification of maliciousness; identifying the software application as malicious; in response to identifying the software application as malicious, initiating execution of the software application within the virtual machine environment in order to observe behavior of the software application that has previously been identified as malicious, wherein the virtual machine environment is in data communication with a network monitor, and wherein the virtual machine environment is configured to route all communication addressed outside of the virtual machine environment to the network monitor; during execution of the software application, detecting, by the network monitor, a network request sent from the software application within the virtual machine environment, the network request formatted according to a particular network protocol; in response to detecting the network request: generating, by the network monitor, an expected response to the network request based on at least one of information included in the network request or the particular network protocol; and providing, by the network monitor, the expected response to the software application within the virtual machine environment, wherein the expected response provided to the software application within the virtual machine environment is configured to prolong execution of the software application. 2. The method of claim 1 , wherein the particular network protocol is Hypertext Transfer Protocol (HTTP). 3. The method of claim 2 , wherein the network request is an HTTP POST request, and the expected response is an HTTP 200 OK response. 4. The method of claim 2 , wherein the network request is an HTTP GET request, and the expected response is an HTTP 200 OK response and includes a data payload generated based on the information included in the network request. 5. The method of claim 1 , wherein the particular network protocol is a peer-to-peer network protocol. 6. The method of claim 5 , wherein the particular network protocol is BitTorrent, the network request is a first Peer Bitfield message, and the expected response is a second Peer Bitfield message. 7. The method of claim 5 , wherein the particular network protocol is BitTorrent, the network request is a Peer Request message, and the expected response is a Peer Piece message. 8. The method of claim 1 , wherein the particular network protocol is The Onion Router (TOR) Hidden Service Protocol. 9. The method of claim 8 , wherein the network request is a TOR CREATE request, and the expected response is a TOR CREATED response. 10. The method of claim 1 , wherein the network request is a first request and the expected response is a first response, the method further comprising: detecting a second request sent from the software application within the virtual machine environment, wherein the second request is different from the first request and is formatted according to the particular network protocol; in response to detecting the second request: determining a second response to the second request based on at least one of information included in the first request, information included in the second request, or the particular network protocol; and providing the second response to the software application within the virtual machine environment. 11. A system comprising: one or more processors configured to execute computer program instructions; and computer storage media encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations comprising: receiving a software application that is to be tested for identification of maliciousness; identifying the software application as malicious; in response to identifying the software application as malicious, initiating execution of the software application within the virtual machine environment in order to observe behavior of the software application that has previously been identified as malicious, wherein the virtual machine environment is in data communication with a network monitor, and wherein the virtual machine environment is configured to route all communication addressed outside of the virtual machine environment to the network monitor; during execution of the software application, detecting, by the network monitor, a network request sent from the software application within the virtual machine environment, the network request formatted according to a particular network protocol; in response to detecting the network request: generating, by the network monitor, an expected response to the network request based on at least one of information included in the network request or the particular network protocol; and providing, by the network monitor, the expected response to the software application within the virtual machine environment, wherein the expected response provided to the software application within the virtual machine environment is configured to prolong execution of the software application. 12. The system of claim 11 , wherein the particular network protocol is Hypertext Transfer Protocol (HTTP). 13. The system of claim 12 , wherein the network request is an HTTP POST request, and the expected response is an HTTP 200 OK response. 14. The system of claim 12 , wherein the network request is an HTTP GET request, and the expected response is an HTTP 200 OK response and includes a data payload generated based on the information included in the network request. 15. The system of claim 11 , wherein the particular network protocol is a peer-to-peer network protocol. 16. The system of claim 15 , wherein the particular network protocol is BitTorrent, the network request is a first Peer Bitfield message, and the expected response is a second Peer Bitfield message. 17. The system of claim 15 , wherein the particular network protocol is BitTorrent, the network request is a Peer Request message, and the expected response is a Peer Piece message. 18. The system of claim 11 , wherein the particular network protocol is The Onion Router (TOR) Hidden Service Protocol. 19. The system of claim 18 , wherein the network request is a TOR CREATE request, and the expected response is a TOR CREATED response. 20. A non-transitory computer storage media encoded with computer program instructions that, when executed by one or more processors, cause a computer device to perform operations comprising: receiving a software application that is to be tested for identification of maliciousness; identifying the software application as malicious; in response to identifying the software application as malicious, initiating execution of the software application within the virtual machine environment in order to observe behavior of the software application that has previously been identified as malicious, wherein the virtual machine environment is in data communication with a network monitor, and wherein the virtual machine environment is configured to route all communication addressed outside of the virtual machine environment to the network monitor; during execution of the software application, detecting, by the network monitor, a network request sent from the software application within the virtual machine environment, the network request formatted accordin
Assignees
Inventors
Classifications
Test or assess software · CPC title
Isolation or security of virtual machine instances · CPC title
Hypervisor-specific management and integration aspects · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
for detecting or protecting against malicious traffic · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9904781B2 cover?
- One example method includes executing a software application within the virtual machine environment; during execution of the software application, detecting a network request sent from the software application within the virtual machine environment, the network request formatted according to a particular network protocol; in response to detecting the network request: determining an expected res…
- Who is the assignee on this patent?
- Iboss Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).