CLOUD BASED JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION

Organization Name

SONICWALL INC.

Inventor(s)

Aleksandr Dubrovsky of Los Altos CA (US)

Soumyadipta Das of Bangalor (IN)

Senthilkumar Gopinathan Cheetancheri of Fremont CA (US)

CLOUD BASED JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240012907 titled 'CLOUD BASED JUST IN TIME MEMORY ANALYSIS FOR MALWARE DETECTION

Simplified Explanation

Methods and apparatus described in this patent application involve the use of a cloud computing device to perform various tasks without the knowledge of the application program it is injected into. These tasks include deep packet inspection of computer data and identification of content ratings associated with the data. The technique allows for the monitoring of actions performed by program code included in received data sets and the detection of malware through exception handling and memory allocation tracking. Additionally, access to content associated with malware or inappropriate content ratings can be blocked.

• Cloud computing device can perform tasks transparently to the application program it is injected into
• Deep packet inspection (DPI) can be performed on computer data
• Content rating associated with computer data can be identified
• Data sets with executable code can be received via packetized communications or other means
• Processors executing instrumentation code can monitor actions performed by program code in received data sets
• Malware can be detected through exception handling and memory allocation tracking
• Access to content associated with malware or inappropriate content ratings can be blocked

Potential Applications:

• Enhancing security in cloud computing environments
• Protecting against malware and inappropriate content in data sets
• Monitoring and analyzing program code behavior in real-time

Problems Solved:

• Detection and prevention of malware in received data sets
• Identification and blocking of content with inappropriate ratings
• Ensuring the security and integrity of cloud computing environments

Benefits:

• Improved security and protection against malware and inappropriate content
• Real-time monitoring and analysis of program code behavior
• Enhanced control and management of cloud computing environments

Original Abstract Submitted

methods and apparatus consistent with the present disclosure may be performed by a cloud computing device may use instrumentation code that remains transparent to an application program that the instrumentation code has been injected into, may perform deep packet inspection (dpi) on computer data, or identify a content rating associated with computer data. in certain instances, data sets that include executable code may be received via packetized communications or be received via other means, such as, receiving a file from a data store. the present technique allows one or more processors executing instrumentation code to monitor actions performed by the program code included in a received data set. malware can be detected using exception handling to track memory allocations of the program code included in the received data set. furthermore, access to content associated with malware, potential malware, or with inappropriate content ratings may be blocked.