US 9,811,658 B2
Selectively capturing video in a virtual environment based on application behavior
Paul Michael Martini, San Diego, CA (US); and Peter Anthony Martini, San Diego, CA (US)
Assigned to iboss, Inc., San Diego, CA (US)
Filed by iBoss, Inc., San Diego, CA (US)
Filed on Jul. 28, 2015, as Appl. No. 14/811,800.
Claims priority of provisional application 62/030,043, filed on Jul. 28, 2014.
Prior Publication US 2016/0026798 A1, Jan. 28, 2016
Int. Cl. G06F 11/00 (2006.01); G06F 21/53 (2013.01); H04L 29/06 (2006.01); G06F 21/55 (2013.01); G06F 9/455 (2006.01); G06F 21/56 (2013.01)
CPC G06F 21/53 (2013.01) [G06F 9/455 (2013.01); G06F 9/45558 (2013.01); G06F 21/552 (2013.01); G06F 21/566 (2013.01); H04L 63/14 (2013.01); H04L 63/1408 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/033 (2013.01); G06F 2221/034 (2013.01)] 21 Claims
OG exemplary drawing
 
1. A computer-implemented method executed by one or more processors for selectively capturing video signals of malicious software applications in a virtual machine environment, the method comprising:
executing a software application within the virtual machine environment, wherein the virtual machine environment provides emulated hardware resources to the executing software application, wherein one of the emulated hardware resources is a virtual display adaptor emulating a physical display adaptor to the executing software application;
during execution of the software application, detecting one or more actions specified by a malicious application policy being performed by the software application within the virtual machine environment, the malicious application policy specifying one or more actions that will trigger video capture in the virtual machine environment executing the software application;
initiating capture, by the virtual display adaptor of the virtual machine environment, of a video data of behavior of a user interface of the execution of the software application that is executing within the virtual machine environment; and
analyzing the captured video data for actions the software application is attempting to perform, and how the software application will present itself to a user, in order to determine whether the software application is a malicious application.