CA3005314A1 - Systems and methods for detection of malicious code in runtime generated code - Google Patents

Systems and methods for detection of malicious code in runtime generated code Download PDF

Info

Publication number
CA3005314A1
CA3005314A1 CA3005314A CA3005314A CA3005314A1 CA 3005314 A1 CA3005314 A1 CA 3005314A1 CA 3005314 A CA3005314 A CA 3005314A CA 3005314 A CA3005314 A CA 3005314A CA 3005314 A1 CA3005314 A1 CA 3005314A1
Authority
CA
Canada
Prior art keywords
code
generated code
runtime generated
memory
runtime
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA3005314A
Other languages
English (en)
French (fr)
Inventor
Udi Yavo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fortinet Inc
Original Assignee
Ensilo Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ensilo Ltd filed Critical Ensilo Ltd
Publication of CA3005314A1 publication Critical patent/CA3005314A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CA3005314A 2015-12-08 2016-09-07 Systems and methods for detection of malicious code in runtime generated code Abandoned CA3005314A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201562264404P 2015-12-08 2015-12-08
US62/264,404 2015-12-08
PCT/IL2016/050987 WO2017098495A1 (en) 2015-12-08 2016-09-07 Systems and methods for detection of malicious code in runtime generated code

Publications (1)

Publication Number Publication Date
CA3005314A1 true CA3005314A1 (en) 2017-06-15

Family

ID=57113519

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3005314A Abandoned CA3005314A1 (en) 2015-12-08 2016-09-07 Systems and methods for detection of malicious code in runtime generated code

Country Status (8)

Country Link
US (1) US20170161498A1 (enExample)
EP (1) EP3387579A1 (enExample)
JP (1) JP6837064B2 (enExample)
CA (1) CA3005314A1 (enExample)
IL (1) IL259878B (enExample)
SG (1) SG11201804085SA (enExample)
TW (1) TWI791418B (enExample)
WO (1) WO2017098495A1 (enExample)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9916448B1 (en) * 2016-01-21 2018-03-13 Trend Micro Incorporated Detection of malicious mobile apps
US10275595B2 (en) * 2016-09-29 2019-04-30 Trap Data Security Ltd. System and method for characterizing malware
TWI668592B (zh) * 2017-07-28 2019-08-11 中華電信股份有限公司 Method for automatically determining the malicious degree of Android App by using multiple dimensions
US10977368B1 (en) * 2017-12-27 2021-04-13 Ca Technologies, Inc. Detecting malware based on memory allocation patterns
US11238017B2 (en) * 2018-01-30 2022-02-01 Salesforce.Com, Inc. Runtime detector for data corruptions
US11609984B2 (en) * 2018-02-14 2023-03-21 Digital Guardian Llc Systems and methods for determining a likelihood of an existence of malware on an executable
US11481376B2 (en) 2018-06-19 2022-10-25 Salesforce, Inc. Platform for handling data corruptions
JP7672041B2 (ja) 2019-06-26 2025-05-07 久利寿 帝都 情報処理方法および情報処理システム
US11681804B2 (en) 2020-03-09 2023-06-20 Commvault Systems, Inc. System and method for automatic generation of malware detection traps
CN112199274B (zh) * 2020-09-18 2022-05-03 北京大学 基于V8引擎的JavaScript动态污点跟踪方法及电子装置
US11709675B2 (en) 2020-10-30 2023-07-25 Apple Inc. Software verification of dynamically generated code
CN112579094B (zh) * 2020-12-15 2024-05-14 上海赛可出行科技服务有限公司 一种基于模板代码匹配的轻量级热修复方法
CN113868655B (zh) * 2021-09-29 2025-07-11 北京天融信网络安全技术有限公司 木马查杀方法、装置、电子设备及计算机可读存储介质
US20230252162A1 (en) * 2022-02-10 2023-08-10 Cisco Technology, Inc. Application Vulnerability Score Based on Stack Traces
US12219070B2 (en) 2022-04-01 2025-02-04 Vectra Ai, Inc. Method, product, and system for generating detection signatures based on attack paths in a computer network identified using a software representation that embodies network configuration and policy data for security management using detection signature templates
US12212585B2 (en) 2022-04-01 2025-01-28 Vectra Ai, Inc. Method, product, and system for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management
US12477001B2 (en) 2022-04-01 2025-11-18 Vectra Ai, Inc. Method, product, and system for analyzing attack paths in computer network generated using a software representation that embodies network configuration and policy data for security management
EP4254865B1 (en) * 2022-04-01 2024-12-18 Vectra AI, Inc. Method, product, and system for network security management using software representation that embodies network configuration and policy data
US12328322B2 (en) 2022-04-01 2025-06-10 Vectra Ai, Inc. Method, product, and system for network security management using software representation that embodies network configuration and policy data
US20240056481A1 (en) 2022-08-09 2024-02-15 Commvault Systems, Inc. Data storage management system integrating cyber threat deception

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
GB2396227B (en) * 2002-12-12 2006-02-08 Messagelabs Ltd Method of and system for heuristically detecting viruses in executable code
US7984304B1 (en) * 2004-03-02 2011-07-19 Vmware, Inc. Dynamic verification of validity of executable code
US8176554B1 (en) * 2008-05-30 2012-05-08 Symantec Corporation Malware detection through symbol whitelisting
US20110191848A1 (en) * 2010-02-03 2011-08-04 Microsoft Corporation Preventing malicious just-in-time spraying attacks
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법
US20120331303A1 (en) * 2011-06-23 2012-12-27 Andersson Jonathan E Method and system for preventing execution of malware
CN102819697B (zh) * 2011-12-26 2015-07-22 哈尔滨安天科技股份有限公司 一种基于线程反编译的多平台恶意代码检测方法和系统
TWI528216B (zh) * 2014-04-30 2016-04-01 財團法人資訊工業策進會 隨選檢測惡意程式之方法、電子裝置、及使用者介面

Also Published As

Publication number Publication date
IL259878A (en) 2018-07-31
SG11201804085SA (en) 2018-06-28
JP6837064B2 (ja) 2021-03-03
US20170161498A1 (en) 2017-06-08
IL259878B (en) 2021-07-29
TWI791418B (zh) 2023-02-11
JP2019502197A (ja) 2019-01-24
WO2017098495A1 (en) 2017-06-15
EP3387579A1 (en) 2018-10-17
TW201721497A (zh) 2017-06-16

Similar Documents

Publication Publication Date Title
US20170161498A1 (en) Systems and methods for detection of malicious code in runtime generated code
US11841966B2 (en) Inhibiting memory disclosure attacks using destructive code reads
Pappas et al. Transparent {ROP} exploit mitigation using indirect branch tracing
Pewny et al. Control-flow restrictor: Compiler-based CFI for iOS
Bletsch et al. Mitigating code-reuse attacks with control-flow locking
Petroni Jr et al. Automated detection of persistent kernel control-flow attacks
Davidson et al. ILR: Where'd My Gadgets Go?
US20190114401A1 (en) On device structure layout randomization for binary code to enhance security through increased entropy
CN109255235B (zh) 基于用户态沙箱的移动应用第三方库隔离方法
EP3864545B1 (en) Dynamic memory protection
US20220258955A1 (en) Non-disruptive mitigation of malware attacks
Hawkins et al. Dynamic canary randomization for improved software security
Willems et al. Reverse code engineering—state of the art and countermeasures
Rein Drive: Dynamic runtime integrity verification and evaluation
Kittel et al. Code validation for modern os kernels
Wan et al. Defending application cache integrity of android runtime
Kuzuno et al. Mitigation of kernel memory corruption using multiple kernel memory mechanism
Pappas Defending against return-oriented programming
Hizver et al. Cloud-based application whitelisting
Nie et al. Xede: Practical exploit early detection
EP4310707B1 (en) System and method for detecting malicious code by an interpreter in a computing device
US20250077198A1 (en) Exploit prevention based on generation of random chaotic execution context
Kittel Code and Data Integrity of Modern Operating Systems
Gionta Prevention and detection of memory compromise
Benninger Maitland: analysis of packed and encrypted malware via paravirtualization extensions

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20210901

EEER Examination request

Effective date: 20210901

EEER Examination request

Effective date: 20210901

EEER Examination request

Effective date: 20210901

EEER Examination request

Effective date: 20210901

FZDE Discontinued

Effective date: 20240221