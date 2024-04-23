Versa Networks has patented a method to automatically detect and generate countermeasures for malware. By running a virtual machine with a monitoring subsystem and classifier, malware can be detected in samples. A countermeasure compiler generates executable files to inoculate or disinfect infected computers. The system monitors various processes and files for malware detection. GlobalData’s report on Versa Networks gives a 360-degree view of the company including its patenting strategy. Buy the report here.

According to GlobalData’s company profile on Versa Networks, Virtual private networks was a key innovation area identified from patents. Versa Networks's grant share as of February 2024 was 90%. Grant share is based on the ratio of number of grants to total number of patents.

Automatic malware detection and countermeasure generation in virtual machines

Source: United States Patent and Trademark Office (USPTO). Credit: Versa Networks Inc

A recently granted patent (Publication Number: US11914711B2) outlines a method and system for detecting and countering malware in a virtual machine environment. The method involves running a virtual machine with an operating system equipped with a monitoring subsystem that generates event data based on various events within the virtual machine. A classifier is then used to detect malware based on these events, with a countermeasure compiler generating a countermeasure to the detected malware. The countermeasure is stored as an executable file that, when executed on a computer, can inoculate the computer from infection by the malware or remove the malware entirely. The monitoring subsystem and classifier are configured to monitor specific processes, files, and registry entries within the operating system to identify and respond to malware effectively.



Furthermore, the system described in the patent includes a memory storing a precompiled template with executable code and a resource data section, a processor running the virtual machine and associated components, and a countermeasure compiler that generates a countermeasure based on event data from the monitoring subsystem. The countermeasure, stored as an executable file, can be executed on a computer to protect it from malware infection. The system's monitoring subsystem and classifier operate within the kernel of the operating system, monitoring and detecting malware based on specific actions taken by the malware sample. Additionally, the system includes a classifier bitmap with event identifiers to enhance malware detection capabilities, ensuring comprehensive protection against malicious software.

