首页>
外国专利>
MULTI-TIERED SANDBOX BASED NETWORK THREAT DETECTION
MULTI-TIERED SANDBOX BASED NETWORK THREAT DETECTION
展开▼
机译:基于多层沙盒的网络威胁检测
展开▼
页面导航
摘要
著录项
相似文献
摘要
Systems and methods for multi-tiered sandbox based network threat detection are provided. According to one embodiment, a file is received by a virtual sandbox appliance. The file is caused to exhibit a first set of behaviors by running the file within a virtualization application based environment of the virtual sandbox appliance. The virtualization application based environment acts as an intermediary between executable code, an operating system (OS) application programming interface (API), and an instruction set of a particular computer architecture. The file is further caused to exhibit a second set of behaviors by running the file within a container based environment of the virtual sandbox appliance. Differences, if any, between the first set of behaviors and the second set of behaviors are determined. Finally, the file is classified as malicious when the differences are greater than a predefined or configurable threshold.
展开▼