CA3065306A1 - Real-time detection of and protection from malware and steganography in a kernel mode - Google Patents

Real-time detection of and protection from malware and steganography in a kernel mode Download PDF

Info

Publication number
CA3065306A1
CA3065306A1 CA3065306A CA3065306A CA3065306A1 CA 3065306 A1 CA3065306 A1 CA 3065306A1 CA 3065306 A CA3065306 A CA 3065306A CA 3065306 A CA3065306 A CA 3065306A CA 3065306 A1 CA3065306 A1 CA 3065306A1
Authority
CA
Canada
Prior art keywords
file
processor
malware
instructions
cause
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CA3065306A
Other languages
English (en)
French (fr)
Inventor
Stewart P. Macleod
Robert Pike
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cyemptive Technologies Inc
Original Assignee
Cyemptive Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyemptive Technologies Inc filed Critical Cyemptive Technologies Inc
Publication of CA3065306A1 publication Critical patent/CA3065306A1/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2038Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant with a single idle spare processing component
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CA3065306A 2017-05-30 2018-05-30 Real-time detection of and protection from malware and steganography in a kernel mode Pending CA3065306A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201762512659P 2017-05-30 2017-05-30
US62/512,659 2017-05-30
PCT/US2018/035205 WO2018222766A1 (en) 2017-05-30 2018-05-30 Real-time detection of and protection from malware and steganography in a kernel mode

Publications (1)

Publication Number Publication Date
CA3065306A1 true CA3065306A1 (en) 2018-12-06

Family

ID=64455580

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3065306A Pending CA3065306A1 (en) 2017-05-30 2018-05-30 Real-time detection of and protection from malware and steganography in a kernel mode

Country Status (6)

Country Link
US (3) US11575704B2 (enExample)
EP (1) EP3635603B1 (enExample)
JP (2) JP2020522808A (enExample)
CN (2) CN111095250A (enExample)
CA (1) CA3065306A1 (enExample)
WO (1) WO2018222766A1 (enExample)

Families Citing this family (95)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9860274B2 (en) 2006-09-13 2018-01-02 Sophos Limited Policy management
US10909239B2 (en) * 2017-06-29 2021-02-02 Webroot, Inc. Advanced file modification heuristics
US10885212B2 (en) 2017-09-12 2021-01-05 Sophos Limited Secure management of process properties
US10733290B2 (en) * 2017-10-26 2020-08-04 Western Digital Technologies, Inc. Device-based anti-malware
US11755758B1 (en) * 2017-10-30 2023-09-12 Amazon Technologies, Inc. System and method for evaluating data files
US10990975B2 (en) * 2017-11-08 2021-04-27 Paypal, Inc. Detecting malware by monitoring client-side memory stacks
US11010233B1 (en) 2018-01-18 2021-05-18 Pure Storage, Inc Hardware-based system monitoring
US11416612B2 (en) * 2018-03-16 2022-08-16 Acronis International Gmbh Protecting against malware code injections in trusted processes
US10846403B2 (en) * 2018-05-15 2020-11-24 International Business Machines Corporation Detecting malicious executable files by performing static analysis on executable files' overlay
RU2708355C1 (ru) * 2018-06-29 2019-12-05 Акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, противодействующих анализу в изолированной среде
JP7151219B2 (ja) * 2018-07-05 2022-10-12 株式会社リコー 組み込み機器、ウィルススキャンプログラム実行方法、プログラム
US11010469B2 (en) * 2018-09-13 2021-05-18 Palo Alto Networks, Inc. Preventing ransomware from encrypting files on a target machine
US10996990B2 (en) * 2018-11-15 2021-05-04 International Business Machines Corporation Interrupt context switching using dedicated processors
US11516247B2 (en) * 2018-12-11 2022-11-29 Acronis International Gmbh System and method for protecting network resources
US11681801B2 (en) 2019-01-14 2023-06-20 Dell Products L.P. Malicious code purification in graphics files
US11200316B2 (en) * 2019-01-14 2021-12-14 Dell Products L.P. System and method for malicious code purification of portable network graphics files
US11228910B2 (en) * 2019-01-25 2022-01-18 V440 Spó£Ka Akcyjna Mobile communication device and method of determining security status thereof
RU2716735C1 (ru) * 2019-03-29 2020-03-16 Акционерное общество "Лаборатория Касперского" Система и способ отложенной авторизации пользователя на вычислительном устройстве
CN110069936A (zh) * 2019-03-29 2019-07-30 合肥高维数据技术有限公司 一种木马隐写方法和检测方法
US12079285B2 (en) * 2019-05-24 2024-09-03 Nippon Telegraph And Telephone Corporation Training device, determination device, training method, determination method, training method, and determination program
CN110232261B (zh) * 2019-06-03 2021-05-11 浙江大华技术股份有限公司 包文件的操作方法、文件处理设备及具有存储功能的设备
US11782790B2 (en) * 2019-07-10 2023-10-10 Centurion Holdings I, Llc Methods and systems for recognizing unintended file system changes
US11693963B2 (en) * 2019-08-13 2023-07-04 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11328064B2 (en) 2019-08-13 2022-05-10 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11409868B2 (en) * 2019-09-26 2022-08-09 At&T Intellectual Property I, L.P. Ransomware detection and mitigation
CN111049724B (zh) * 2019-10-16 2022-06-17 中国平安财产保险股份有限公司 邮件安全性检查方法、装置、计算机设备及存储介质
US11113393B2 (en) * 2019-11-04 2021-09-07 Dell Products L.P. Providing security features in write filter environments
US11645162B2 (en) * 2019-11-22 2023-05-09 Pure Storage, Inc. Recovery point determination for data restoration in a storage system
US12050689B2 (en) 2019-11-22 2024-07-30 Pure Storage, Inc. Host anomaly-based generation of snapshots
US11941116B2 (en) 2019-11-22 2024-03-26 Pure Storage, Inc. Ransomware-based data protection parameter modification
US12079356B2 (en) * 2019-11-22 2024-09-03 Pure Storage, Inc. Measurement interval anomaly detection-based generation of snapshots
US11720714B2 (en) * 2019-11-22 2023-08-08 Pure Storage, Inc. Inter-I/O relationship based detection of a security threat to a storage system
US12204657B2 (en) 2019-11-22 2025-01-21 Pure Storage, Inc. Similar block detection-based detection of a ransomware attack
US11755751B2 (en) 2019-11-22 2023-09-12 Pure Storage, Inc. Modify access restrictions in response to a possible attack against data stored by a storage system
US11615185B2 (en) 2019-11-22 2023-03-28 Pure Storage, Inc. Multi-layer security threat detection for a storage system
US11625481B2 (en) * 2019-11-22 2023-04-11 Pure Storage, Inc. Selective throttling of operations potentially related to a security threat to a storage system
US12411962B2 (en) 2019-11-22 2025-09-09 Pure Storage, Inc. Managed run-time environment-based detection of a ransomware attack
US12079333B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Independent security threat detection and remediation by storage systems in a synchronous replication arrangement
US11341236B2 (en) * 2019-11-22 2022-05-24 Pure Storage, Inc. Traffic-based detection of a security threat to a storage system
US11520907B1 (en) 2019-11-22 2022-12-06 Pure Storage, Inc. Storage system snapshot retention based on encrypted data
US11720692B2 (en) 2019-11-22 2023-08-08 Pure Storage, Inc. Hardware token based management of recovery datasets for a storage system
US12079502B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Storage element attribute-based determination of a data protection policy for use within a storage system
US11651075B2 (en) 2019-11-22 2023-05-16 Pure Storage, Inc. Extensible attack monitoring by a storage system
US11657155B2 (en) * 2019-11-22 2023-05-23 Pure Storage, Inc Snapshot delta metric based determination of a possible ransomware attack against data maintained by a storage system
US12050683B2 (en) * 2019-11-22 2024-07-30 Pure Storage, Inc. Selective control of a data synchronization setting of a storage system based on a possible ransomware attack against the storage system
US11675898B2 (en) 2019-11-22 2023-06-13 Pure Storage, Inc. Recovery dataset management for security threat monitoring
US12153670B2 (en) * 2019-11-22 2024-11-26 Pure Storage, Inc. Host-driven threat detection-based protection of storage elements within a storage system
US12248566B2 (en) 2019-11-22 2025-03-11 Pure Storage, Inc. Snapshot deletion pattern-based determination of ransomware attack against data maintained by a storage system
US11687418B2 (en) 2019-11-22 2023-06-27 Pure Storage, Inc. Automatic generation of recovery plans specific to individual storage elements
US12067118B2 (en) * 2019-11-22 2024-08-20 Pure Storage, Inc. Detection of writing to a non-header portion of a file as an indicator of a possible ransomware attack against a storage system
US11500788B2 (en) 2019-11-22 2022-11-15 Pure Storage, Inc. Logical address based authorization of operations with respect to a storage system
US12425434B1 (en) * 2020-01-09 2025-09-23 John G. Aron System and process for providing network intrusion detection
CN115104097A (zh) * 2020-01-28 2022-09-23 C2A安全有限公司 控制流完整性系统和方法
US11520876B2 (en) * 2020-02-03 2022-12-06 Dell Products L.P. Efficiently authenticating an application during I/O request handling
WO2021181391A1 (en) * 2020-03-09 2021-09-16 Greenberg Netanel System and method for finding, tracking, and capturing a cyber-attacker
US12056251B2 (en) * 2020-03-18 2024-08-06 Veritas Technologies Llc Systems and methods for protecting a folder from unauthorized file modification
WO2021187996A1 (ru) * 2020-03-19 2021-09-23 Айкьюпи Текнолоджи, Элтиди Способ и система блокировки потенциально нежелательного программного обеспечения
US20220050938A1 (en) * 2020-08-12 2022-02-17 Microsoft Technology Licensing, Llc Predictive modeling for cloud capacity management
CN112434285B (zh) * 2020-12-03 2023-12-29 深信服科技股份有限公司 文件管理方法、装置、电子设备及存储介质
CN112487466A (zh) * 2020-12-16 2021-03-12 厦门市美亚柏科信息股份有限公司 一种无特征加密文件检测方法、终端设备及存储介质
US12101323B2 (en) * 2020-12-23 2024-09-24 Acronis International Gmbh Systems and methods for protecting web conferences from intruders
US11914724B2 (en) * 2020-12-24 2024-02-27 Acronis International Gmbh Systems and methods for adjusting data protection levels based on system metadata
US11765188B2 (en) * 2020-12-28 2023-09-19 Mellanox Technologies, Ltd. Real-time detection of network attacks
CN112347499B (zh) * 2021-01-08 2021-04-30 北京东方通软件有限公司 一种程序自我保护的方法
JP7550491B2 (ja) * 2021-02-08 2024-09-13 ヴァリ サイバー インコーポレイテッド マルウェア検出システム
US12192214B2 (en) 2021-05-05 2025-01-07 Sophos Limited Mitigating threats associated with tampering attempts
US11979418B2 (en) * 2021-06-08 2024-05-07 Microsoft Technology Licensing, Llc Detecting potential malicious use of a resource management agent using a resource management log
US11361075B1 (en) * 2021-06-18 2022-06-14 Citrix Systems, Inc. Image steganography detection
US11921850B2 (en) * 2021-06-23 2024-03-05 Acronis International Gmbh Iterative memory analysis for malware detection
US11914709B2 (en) * 2021-07-20 2024-02-27 Bank Of America Corporation Hybrid machine learning and knowledge graph approach for estimating and mitigating the spread of malicious software
US12287872B2 (en) * 2021-08-31 2025-04-29 EMC IP Holding Company LLC System and method for correlating filesystem events into meaningful behaviors
US20240419797A1 (en) * 2021-10-28 2024-12-19 Imanage Llc Ransomware detection and mitigation
CN114553811B (zh) * 2022-01-07 2023-04-28 中国人民解放军战略支援部队信息工程大学 基于时间戳调制和载体选择的高容量行为隐写方法
US11983268B2 (en) 2022-02-15 2024-05-14 Palo Alto Networks, Inc. Prevention of container escape-based attacks of a host system
EP4246351A1 (en) * 2022-03-17 2023-09-20 AO Kaspersky Lab Detecting a harmful file using a database of vulnerable drivers
US11831542B2 (en) * 2022-04-13 2023-11-28 Microsoft Technology Licensing, Llc Platform for routing internet protocol packets using flow-based policy
CN114911658B (zh) * 2022-05-17 2025-11-25 武汉深之度科技有限公司 一种实时运行系统的检测方法及计算设备
US12294615B2 (en) 2022-06-22 2025-05-06 Microsoft Technology Licensing, Llc Using a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol
CN115277804B (zh) * 2022-07-25 2025-02-14 福建福链科技有限公司 一种区块链的远端程序调用方法及服务端
US12147538B2 (en) * 2022-07-25 2024-11-19 Bank Of America Corporation Steganographic modification detection and mitigation for enhanced enterprise security
US12244564B2 (en) 2022-07-29 2025-03-04 Microsoft Technology Licensing, Llc. Security for computer systems
CN115550663B (zh) * 2022-08-02 2025-10-28 杭州网易云音乐科技有限公司 音视频防盗链的方法和装置及设备
US12353557B2 (en) * 2022-10-10 2025-07-08 Hewlett Packard Enterprise Development Lp Generating alerts for unexpected kernel modules
US20240205239A1 (en) * 2022-12-14 2024-06-20 Onfido Ltd. Methods and systems for fraud detection using relative movement of facial features
CN117131497B (zh) * 2023-02-28 2024-06-14 荣耀终端有限公司 一种软件检测方法及电子设备
US12445484B2 (en) * 2023-03-30 2025-10-14 Palo Alto Networks, Inc. Inline ransomware detection via server message block (SMB) traffic
CN116127461B (zh) * 2023-04-04 2023-07-25 阿里巴巴(中国)有限公司 数据保护方法及系统、存储服务器和客户端
US12430457B2 (en) * 2023-04-07 2025-09-30 Dell Products L.P. Reversing symmetric encryptions using keys found in snapshots—per-file keys, random and transmitted outside
CN116842505B (zh) * 2023-04-13 2024-08-20 博智安全科技股份有限公司 基于windows操作系统进程可信域构建方法、装置及存储介质
WO2024220364A1 (en) * 2023-04-19 2024-10-24 Daedalus Cloud Llc Methods of determining entropy for persistent storage devices
US12445294B2 (en) * 2023-06-14 2025-10-14 Sophos Limited Monitoring process data acquisition and exfiltration
US20250047695A1 (en) * 2023-08-01 2025-02-06 Palo Alto Networks, Inc. Advanced threat prevention
US20250111050A1 (en) * 2023-10-02 2025-04-03 Bank Of America Corporation Amalgamation platform providing concealed detection of code-passing using steganography
CN118972376B (zh) * 2024-10-09 2025-02-11 中孚安全技术有限公司 监控视频数据的处理方法、系统、电子设备及存储介质
CN119728020B (zh) * 2024-12-11 2025-10-10 苏州元脑智能科技有限公司 一种数据校验方法、装置及电子设备

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5649095A (en) 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
EP1828902A4 (en) 2004-10-26 2009-07-01 Rudra Technologies Pte Ltd SYSTEM AND METHOD FOR IDENTIFYING AND REMOVING MALWARE ON A COMPUTER SYSTEM
US7441153B1 (en) * 2005-03-28 2008-10-21 Network Appliance Inc. Method and system for secure and reliable event logging
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US8918427B1 (en) * 2006-12-29 2014-12-23 Symantec Operating Corporation Virtualization of file input/output operations
US8069484B2 (en) 2007-01-25 2011-11-29 Mandiant Corporation System and method for determining data entropy to identify malware
US8621610B2 (en) 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
US8621628B2 (en) 2010-02-25 2013-12-31 Microsoft Corporation Protecting user mode processes from improper tampering or termination
US9087199B2 (en) 2011-03-31 2015-07-21 Mcafee, Inc. System and method for providing a secured operating system execution environment
US8656465B1 (en) 2011-05-09 2014-02-18 Google Inc. Userspace permissions service
US8650638B2 (en) * 2011-10-18 2014-02-11 Mcafee, Inc. System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file
CN102646173A (zh) * 2012-02-29 2012-08-22 成都新云软件有限公司 基于黑白名单的安全防护控制方法及系统
US9021589B2 (en) * 2012-06-05 2015-04-28 Los Alamos National Security, Llc Integrating multiple data sources for malware classification
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
CN103116724B (zh) * 2013-03-14 2015-08-12 北京奇虎科技有限公司 探测程序样本危险行为的方法及装置
US9197655B2 (en) * 2013-07-16 2015-11-24 Bank Of America Corporation Steganography detection
GB2517483B (en) * 2013-08-22 2015-07-22 F Secure Corp Detecting file encrypting malware
CN103679031B (zh) * 2013-12-12 2017-10-31 北京奇虎科技有限公司 一种文件病毒免疫的方法和装置
US9386034B2 (en) * 2013-12-17 2016-07-05 Hoplite Industries, Inc. Behavioral model based malware protection system and method
US10230739B2 (en) * 2015-06-26 2019-03-12 Board Of Regents, The University Of Texas System System and device for preventing attacks in real-time networked environments
US10929537B2 (en) * 2015-07-31 2021-02-23 Digital Guardian, Inc. Systems and methods of protecting data from malware processes
RU2617631C2 (ru) * 2015-09-30 2017-04-25 Акционерное общество "Лаборатория Касперского" Способ обнаружения работы вредоносной программы, запущенной с клиента, на сервере
US20170091482A1 (en) * 2015-09-30 2017-03-30 Symantec Corporation Methods for data loss prevention from malicious applications and targeted persistent threats
US12021831B2 (en) 2016-06-10 2024-06-25 Sophos Limited Network security
JP5996145B1 (ja) * 2016-07-14 2016-09-21 三井物産セキュアディレクション株式会社 プログラム、情報処理装置、及び情報処理方法
US10191789B2 (en) 2016-08-18 2019-01-29 Crowdstrike, Inc. Tracing system operations across remote procedure linkages to identify request originators
US10609066B1 (en) 2016-11-23 2020-03-31 EMC IP Holding Company LLC Automated detection and remediation of ransomware attacks involving a storage device of a computer network
US9734337B1 (en) 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US11960603B2 (en) 2017-04-25 2024-04-16 Druva Inc. Multi-step approach for ransomware detection
US10586043B2 (en) * 2017-05-03 2020-03-10 Samsung Electronics Co., Ltd. System and method for detecting malicious software in NVME over fabrics devices

Also Published As

Publication number Publication date
JP7460696B2 (ja) 2024-04-02
CN117171743A (zh) 2023-12-05
EP3635603A4 (en) 2021-03-03
EP3635603A1 (en) 2020-04-15
US11082444B2 (en) 2021-08-03
WO2018222766A1 (en) 2018-12-06
JP2022133461A (ja) 2022-09-13
EP3635603C0 (en) 2024-11-20
US20180351968A1 (en) 2018-12-06
CN111095250A (zh) 2020-05-01
JP2020522808A (ja) 2020-07-30
EP3635603B1 (en) 2024-11-20
US20230231872A1 (en) 2023-07-20
US11575704B2 (en) 2023-02-07
US20180351969A1 (en) 2018-12-06
US12273375B2 (en) 2025-04-08

Similar Documents

Publication Publication Date Title
US12273375B2 (en) Detection of and protection from malware and steganography
US11960605B2 (en) Dynamic analysis techniques for applications
US11604878B2 (en) Dynamic analysis techniques for applications
US10691792B2 (en) System and method for process hollowing detection
Roseline et al. A comprehensive survey of tools and techniques mitigating computer and mobile malware attacks
US9251343B1 (en) Detecting bootkits resident on compromised computers
EP3430557B1 (en) System and method for reverse command shell detection
JP6370747B2 (ja) バーチャルマシーンモニタベースのアンチマルウェアセキュリティのためのシステム及び方法
US9846776B1 (en) System and method for detecting file altering behaviors pertaining to a malicious attack
US12430437B2 (en) Specific file detection baked into machine learning pipelines
Jayarathna et al. Hypervisor-based Security Architecture to Protect Web Applications.
Corregedor et al. Resurrecting Anti-Malware Through Collaboration
Bridges Studying a virtual testbed for unverified data

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127

EEER Examination request

Effective date: 20191127