81 results about "Memory analysis" patented technology

The method of the present inventive concept is configured to utilize Operating System data structures related to memory-mapped binaries to reconstruct processes. These structures provide a system configured to facilitate the acquisition of data that traditional memory analysis tools fail to identify, including by providing a system configured to traverse a virtual address descriptor, determine a pointer to a control area, traverse a PPTE array, copy binary data identified in the PPTE array, generate markers to determine whether the binary data is compromised, and utilize the binary data to reconstruct a process.

A method for determining how a region of a data structure in an application evolves comprises the steps of: periodically traversing selected subgraphs of the region in the running application; locating structural changes in the subgraphs; using these structural changes to describe, characterize, and identify changes to the region as a whole; and reporting the region changes to an analysis agent. Determining how a region of a data structure evolves is a continuous and adaptive process. The process is made continuous and adaptive through several methods, including: identifying a set of desired updates; adjusting the period in between traversals based on whether the desired updates have been witnessed; and adjusting the frequency of sampling any one traversal based on whether that traversal has detected desired updates. Additionally, the method comprises updating qualitative and quantitative characterizations of the regions under analysis based on structural changes to the regions as whole.

A method for identifying a set of objects in a target application program comprises: receiving a plurality of samples of one or more object reference graphs, wherein each object reference graph comprises live objects and their references; deriving a plurality of data structures from the samples; determining a plurality of properties of each of the live objects in relation to data structures over time; combining the plurality of the properties of each live object; generating the object reference graph; generating a rank; and identifying suspicious regions that are likely to have leaks within the data structure. The method also comprises the identification of an initial set of highly-ranked candidate objects that are possible causes of at least one object leak, wherein the higher the ranking the smaller the identified set.

A method for identifying a set of objects in a target application program includes: receiving a plurality of samples of one or more object reference graphs, wherein each object reference graph includes live objects and their references; deriving a set of candidate data structures from the samples; collecting a plurality of properties of each of the live objects in relation to data structures over time; and using a mixture model, combining the plurality of the properties of each live object in a non-linear manner for ranking leak root candidates within each set of candidate data structures The method also includes the identification of an initial set of highly-ranked candidate objects that are possible causes of at least one object leak, wherein the higher the ranking the smaller the identified set.

A method for identifying co-evolving regions in the memory of a target application comprises the steps of: receiving information identifying a set of data structures that are evolving; and classifying the constituents of the data structures based on their likelihood to evolve in a single coherent manner. Classifying the constituents of the data structures based on their likelihood to evolve in a single coherent manner further comprises determining coherency by similarity of key structural features and data type of the constituents. The method also comprises qualitative and quantitative characterizations of the co-evolving regions based on their observed evolutions.

The invention relates to an emotional intelligent sound equipment system which is composed of sensors, a central processor, a big data platform, a temporary buffer memory analysis module and a database. The intelligent sound equipment system analyzes expressions and sounds of humans via the sensors and the central processor, and correct emotion information of the humans is obtained via artificialintelligence and big data technologies. The system can use different types of sensors to collect information and analyze big data, obtain correct emotions of the humans from different aspects by meansof technical tools as the emotion characteristic sample database and historical analysis of user information, and make natural and elegant interaction aimed at the corresponding emotion of the humans. Especially, the emotional intelligent sound equipment system uses different emotion characteristic databases to overcome disadvantages in the prior art, the human emotions are analyzed and identified more accurately, the system is very low in cost, and users can accept and use the system much conveniently.

The invention discloses a virtual machine-based dynamic introspection function-level virtual machine kernel detection system and method, and belongs to the field of cloud safety. The device compriseshardware which is used for providing hardware basis for a secure virtual machine, a target virtual machine and a virtual machine management layer; the secure virtual machine comprises a monitoring framework; the secure virtual machine interacts with the target virtual machine through the virtual machine management layer; the virtual machine management layer comprises a connection extraction module; and the extraction module is connected with each of the learning module and a monitoring module through page execution information. The method comprises the following steps of: starting a monitor, injecting a monitoring point to the target virtual machine by the extraction module, so as to ensure that the virtual machine management layer can monitor sub-functions in calling; carrying out staticanalysis by utilizing a static memory analysis method and dynamic tracking, so as to obtain subsequent sub-functions and carry out monitoring; and carrying out loop execution until system calling is returned. According to the system and method, execution information is modeled through three learning methods, so that integrity of kernel control flows is detected, and the kernel control flows are prevented from being detected and broken through by attackers.

The invention discloses an SSL / TLS network encryption communication information real-time decryption method based on memory analysis. The method comprises the following steps: monitoring a network encryption communication session key generation function and an encryption communication session ID generation function by using a process injection technology and an API Hook technology through an Agentto obtain an encryption communication session ID and a corresponding encryption key; obtaining a local IP address of the client through the Agent; encrypting the acquired encryption communication session ID, the network encryption communication session key and the local IP address of the client through a temporarily generated symmetric encryption key, and sending the encrypted data to a network decryption end; and after receiving the encrypted data, obtaining a local IP address of the client, the encryption communication session ID and a decryption key of the corresponding session, and decrypting and storing the corresponding network encryption communication session in real time. According to the invention, the extraction of the network communication encryption key and the real-time decryption of the network encryption communication content can be effectively realized, and the detection efficiency is improved.