-
公开(公告)号:US09792196B1
公开(公告)日:2017-10-17
申请号:US14930385
申请日:2015-11-02
Applicant: FIREEYE, INC.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prshanth Mohan , Hui Xue
CPC classification number: G06F11/3604 , G06F11/28 , G06F11/36 , G06F11/3612 , G06F11/362 , G06F11/3664 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , G06N5/04 , G06N99/005 , H04L63/12 , H04L63/1433
Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
Patent Agency Ranking
公开(公告)号:US10296437B2
公开(公告)日:2019-05-21
申请号:US15785208
申请日:2017-10-16
Applicant: FireEye, Inc.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prashanth Mohan , Hui Xue
IPC: G06F11/28 , G06F11/36 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/57 , H04L29/06 , G06N5/04 , G06N99/00
Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
3.发明授权公开(公告)号:US10181029B1
公开(公告)日:2019-01-15
申请号:US15816996
申请日:2017-11-17
Applicant: FireEye, Inc.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Adrian Matthew Mettler
Abstract: A method for hardening in the field code of mobile software applications is described that includes receiving, by a cloud service framework, an application via a user interface over a network. The method also includes generating, by the cloud service framework, a representation of the code of the application and determining, by the cloud service framework, changes to code of the application based at least in part on the representation, wherein the changes to the code preclude the application from performing one or more unwanted behaviors. The method also includes instrumenting, by a static instrumentation unit within the cloud service framework, the application with the changes to the code to create an instrumented application that does not perform the one or more unwanted behaviors.
-
公开(公告)号:US09824209B1
公开(公告)日:2017-11-21
申请号:US13775172
申请日:2013-02-23
Applicant: FireEye, Inc.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Adrian Matthew Mettler
CPC classification number: G06F21/54
Abstract: A method is described that includes receiving an application and creating a representation of the application that describes states and state transitions of the application. The method further includes receiving a description of unwanted behaviors of the application. The method further includes using the description and the representation to determine actions to be added to the application and locations within the application where the actions are to be performed. The method also includes instrumenting the application with the actions in the locations to create an instrumented application that does not perform the unwanted behaviors.
-
公开(公告)号:US20180121316A1
公开(公告)日:2018-05-03
申请号:US15785208
申请日:2017-10-16
Applicant: FireEye, Inc.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prashanth Mohan , Hui Xue
CPC classification number: G06F11/3604 , G06F11/28 , G06F11/36 , G06F11/3612 , G06F11/362 , G06F11/3664 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , G06N5/04 , G06N99/005 , H04L63/12 , H04L63/1433
Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
-
6.发明授权公开(公告)号:US09176843B1
公开(公告)日:2015-11-03
申请号:US13775168
申请日:2013-02-23
Applicant: FireEye, Inc.
Inventor: Osman Abdoul Ismael , Dawn Song , Ashar Aziz , Noah Johnson , Prashanth Mohan , Hui Xue
CPC classification number: G06F11/3604 , G06F11/28 , G06F11/36 , G06F11/3612 , G06F11/362 , G06F11/3664 , G06F21/50 , G06F21/53 , G06F21/54 , G06F21/56 , G06F21/563 , G06F21/566 , G06F21/577 , G06F2221/033 , G06N5/04 , G06N99/005 , H04L63/12 , H04L63/1433
Abstract: A method is described that includes receiving an application and generating a representation of the application that describes specific states of the application and specific state transitions of the application. The method further includes identifying a region of interest of the application based on rules and observations of the application's execution. The method further includes determining specific stimuli that will cause one or more state transitions within the application to reach the region of interest. The method further includes enabling one or more monitors within the application's run time environment and applying the stimuli. The method further includes generating monitoring information from the one or more monitors. The method further includes applying rules to the monitoring information to determine a next set of stimuli to be applied to the application in pursuit of determining whether the region of interest corresponds to improperly behaving code.
Abstract translation: 描述了一种方法,其包括接收应用并生成描述应用的特定状态和应用的特定状态转换的应用的表示。 该方法还包括基于应用程序执行的规则和观察来识别应用程序的感兴趣区域。 该方法还包括确定将导致应用程序内的一个或多个状态转换到达感兴趣区域的特定刺激。 该方法还包括启用应用程序运行时环境中的一个或多个监视器并应用刺激。 该方法还包括从一个或多个监视器生成监视信息。 该方法还包括将规则应用于监视信息以确定要应用于应用程序的下一组刺激,以便确定感兴趣的区域是否对应于不正常行为的代码。
-
-
-
-
-
Search Results
6
records
(took 0.015 seconds)
