CN105431859A - 指示恶意软件的信号标记 - Google Patents
指示恶意软件的信号标记 Download PDFInfo
- Publication number
- CN105431859A CN105431859A CN201380078666.2A CN201380078666A CN105431859A CN 105431859 A CN105431859 A CN 105431859A CN 201380078666 A CN201380078666 A CN 201380078666A CN 105431859 A CN105431859 A CN 105431859A
- Authority
- CN
- China
- Prior art keywords
- mark
- malware
- rule
- computing equipment
- signal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N7/00—Computing arrangements based on specific mathematical models
- G06N7/01—Probabilistic graphical models, e.g. probabilistic networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Evolutionary Computation (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Probability & Statistics with Applications (AREA)
- Stored Programmes (AREA)
- Machine Translation (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (15)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/US2013/052983 WO2015016901A1 (en) | 2013-07-31 | 2013-07-31 | Signal tokens indicative of malware |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105431859A true CN105431859A (zh) | 2016-03-23 |
Family
ID=52432260
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380078666.2A Pending CN105431859A (zh) | 2013-07-31 | 2013-07-31 | 指示恶意软件的信号标记 |
CN201380076192.8A Expired - Fee Related CN105229661B (zh) | 2013-07-31 | 2013-08-27 | 基于信号标记确定恶意软件的方法、计算设备及存储介质 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380076192.8A Expired - Fee Related CN105229661B (zh) | 2013-07-31 | 2013-08-27 | 基于信号标记确定恶意软件的方法、计算设备及存储介质 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10986103B2 (zh) |
EP (2) | EP3028203A4 (zh) |
CN (2) | CN105431859A (zh) |
WO (2) | WO2015016901A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107622200A (zh) * | 2016-07-14 | 2018-01-23 | 腾讯科技(深圳)有限公司 | 应用程序的安全性检测方法及装置 |
CN110162963A (zh) * | 2019-04-26 | 2019-08-23 | 肖银皓 | 一种识别过权应用程序的方法 |
Families Citing this family (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9953171B2 (en) * | 2014-09-22 | 2018-04-24 | Infosys Limited | System and method for tokenization of data for privacy |
US10599844B2 (en) * | 2015-05-12 | 2020-03-24 | Webroot, Inc. | Automatic threat detection of executable files based on static data analysis |
US9838405B1 (en) * | 2015-11-20 | 2017-12-05 | Symantec Corporation | Systems and methods for determining types of malware infections on computing devices |
US10354069B2 (en) | 2016-09-02 | 2019-07-16 | Bae Systems Information And Electronic Systems Integration Inc. | Automated reverse engineering |
US10891380B1 (en) * | 2017-03-21 | 2021-01-12 | Mcafee, Llc | Framework to quantify deviations in app permissions using application description |
CN107958043B (zh) * | 2017-11-24 | 2021-04-27 | 合肥中科加点智能科技有限公司 | 一种电网工程预算清单自动生成方法 |
CN108989350B (zh) * | 2018-08-31 | 2021-03-19 | 北京梆梆安全科技有限公司 | 一种检测拒绝服务漏洞的方法、装置及设备 |
US11620379B1 (en) * | 2018-09-30 | 2023-04-04 | Mandiant, Inc. | Methods and apparatus for detecting and preventing obfuscated cyberattacks using machine learning techniques |
US11641406B2 (en) * | 2018-10-17 | 2023-05-02 | Servicenow, Inc. | Identifying applications with machine learning |
BR112021010468A2 (pt) * | 2018-12-31 | 2021-08-24 | Intel Corporation | Sistemas de segurança que empregam inteligência artificial |
CN112395602B (zh) * | 2019-08-15 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | 静态安全特征数据库的处理方法、装置及系统 |
CN112817877B (zh) * | 2021-04-19 | 2021-07-13 | 腾讯科技(深圳)有限公司 | 异常脚本检测方法、装置、计算机设备和存储介质 |
US11916971B2 (en) * | 2022-02-01 | 2024-02-27 | Capital One Services, Llc | Updating security rule sets using repository switching |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030065926A1 (en) * | 2001-07-30 | 2003-04-03 | Schultz Matthew G. | System and methods for detection of new malicious executables |
CN101017458A (zh) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | 基于源代码静态分析的软件安全代码分析器及其检测方法 |
CN101753570A (zh) * | 2008-12-18 | 2010-06-23 | 赛门铁克公司 | 用于检测恶意软件的方法和系统 |
CN102105884A (zh) * | 2008-06-20 | 2011-06-22 | 赛门铁克公司 | 流式恶意软件定义更新 |
US20130097706A1 (en) * | 2011-09-16 | 2013-04-18 | Veracode, Inc. | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security |
CN103177215A (zh) * | 2013-03-05 | 2013-06-26 | 四川电力科学研究院 | 基于软件控制流特征的计算机恶意软件检测新方法 |
Family Cites Families (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7284274B1 (en) * | 2001-01-18 | 2007-10-16 | Cigital, Inc. | System and method for identifying and eliminating vulnerabilities in computer software applications |
US7370360B2 (en) * | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US7624449B1 (en) * | 2004-01-22 | 2009-11-24 | Symantec Corporation | Countering polymorphic malicious computer code through code optimization |
US20090070459A1 (en) * | 2005-04-18 | 2009-03-12 | Cho Young H | High-Performance Context-Free Parser for Polymorphic Malware Detection |
WO2007025279A2 (en) * | 2005-08-25 | 2007-03-01 | Fortify Software, Inc. | Apparatus and method for analyzing and supplementing a program to provide security |
US20070094734A1 (en) * | 2005-09-29 | 2007-04-26 | Mangione-Smith William H | Malware mutation detector |
US20070107057A1 (en) * | 2005-11-10 | 2007-05-10 | Docomo Communications Laboratories Usa, Inc. | Method and apparatus for detecting and preventing unsafe behavior of javascript programs |
US7882187B2 (en) | 2006-10-12 | 2011-02-01 | Watchguard Technologies, Inc. | Method and system for detecting undesired email containing image-based messages |
WO2008047351A2 (en) * | 2006-10-19 | 2008-04-24 | Checkmarx Ltd. | Locating security vulnerabilities in source code |
US20080141376A1 (en) | 2006-10-24 | 2008-06-12 | Pc Tools Technology Pty Ltd. | Determining maliciousness of software |
US8176554B1 (en) * | 2008-05-30 | 2012-05-08 | Symantec Corporation | Malware detection through symbol whitelisting |
US9177144B2 (en) | 2008-10-30 | 2015-11-03 | Mcafee, Inc. | Structural recognition of malicious code patterns |
US9087195B2 (en) * | 2009-07-10 | 2015-07-21 | Kaspersky Lab Zao | Systems and methods for detecting obfuscated malware |
US20110041179A1 (en) * | 2009-08-11 | 2011-02-17 | F-Secure Oyj | Malware detection |
US8719939B2 (en) * | 2009-12-31 | 2014-05-06 | Mcafee, Inc. | Malware detection via reputation system |
CN101814053B (zh) * | 2010-03-29 | 2013-03-13 | 中国人民解放军信息工程大学 | 一种基于功能模型的二进制代码漏洞发现方法 |
US9213838B2 (en) | 2011-05-13 | 2015-12-15 | Mcafee Ireland Holdings Limited | Systems and methods of processing data associated with detection and/or handling of malware |
US9449175B2 (en) * | 2010-06-03 | 2016-09-20 | Nokia Technologies Oy | Method and apparatus for analyzing and detecting malicious software |
JP5569935B2 (ja) * | 2010-07-23 | 2014-08-13 | 日本電信電話株式会社 | ソフトウェア検出方法及び装置及びプログラム |
WO2012031165A2 (en) * | 2010-09-02 | 2012-03-08 | Zaretsky, Howard | System and method of cost oriented software profiling |
US8875286B2 (en) * | 2010-12-01 | 2014-10-28 | Cisco Technology, Inc. | Method and apparatus for detecting malicious software using machine learning techniques |
US8521667B2 (en) * | 2010-12-15 | 2013-08-27 | Microsoft Corporation | Detection and categorization of malicious URLs |
US8756693B2 (en) | 2011-04-05 | 2014-06-17 | The United States Of America As Represented By The Secretary Of The Air Force | Malware target recognition |
US8997233B2 (en) * | 2011-04-13 | 2015-03-31 | Microsoft Technology Licensing, Llc | Detecting script-based malware using emulation and heuristics |
US9047441B2 (en) | 2011-05-24 | 2015-06-02 | Palo Alto Networks, Inc. | Malware analysis system |
US9158919B2 (en) * | 2011-06-13 | 2015-10-13 | Microsoft Technology Licensing, Llc | Threat level assessment of applications |
WO2013063474A1 (en) | 2011-10-28 | 2013-05-02 | Scargo, Inc. | Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware |
US9317408B2 (en) * | 2011-12-15 | 2016-04-19 | The Mathworks, Inc. | System and method for systematic error injection in generated code |
US9185125B2 (en) * | 2012-01-31 | 2015-11-10 | Db Networks, Inc. | Systems and methods for detecting and mitigating threats to a structured data storage system |
EP2690450B1 (en) * | 2012-07-27 | 2014-07-09 | ABB Technology AG | A device for measuring the direct component of alternating current |
TWI461952B (zh) * | 2012-12-26 | 2014-11-21 | Univ Nat Taiwan Science Tech | 惡意程式偵測方法與系統 |
US9495542B2 (en) * | 2013-02-28 | 2016-11-15 | Trustees Of Boston University | Software inspection system |
US10713358B2 (en) * | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
-
2013
- 2013-07-31 EP EP13890383.6A patent/EP3028203A4/en not_active Withdrawn
- 2013-07-31 WO PCT/US2013/052983 patent/WO2015016901A1/en active Application Filing
- 2013-07-31 US US14/905,496 patent/US10986103B2/en active Active
- 2013-07-31 CN CN201380078666.2A patent/CN105431859A/zh active Pending
- 2013-08-27 CN CN201380076192.8A patent/CN105229661B/zh not_active Expired - Fee Related
- 2013-08-27 WO PCT/US2013/056828 patent/WO2015016952A1/en active Application Filing
- 2013-08-27 EP EP13890596.3A patent/EP3028211A4/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030065926A1 (en) * | 2001-07-30 | 2003-04-03 | Schultz Matthew G. | System and methods for detection of new malicious executables |
CN101017458A (zh) * | 2007-03-02 | 2007-08-15 | 北京邮电大学 | 基于源代码静态分析的软件安全代码分析器及其检测方法 |
CN102105884A (zh) * | 2008-06-20 | 2011-06-22 | 赛门铁克公司 | 流式恶意软件定义更新 |
CN101753570A (zh) * | 2008-12-18 | 2010-06-23 | 赛门铁克公司 | 用于检测恶意软件的方法和系统 |
US20130097706A1 (en) * | 2011-09-16 | 2013-04-18 | Veracode, Inc. | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security |
CN103177215A (zh) * | 2013-03-05 | 2013-06-26 | 四川电力科学研究院 | 基于软件控制流特征的计算机恶意软件检测新方法 |
Non-Patent Citations (1)
Title |
---|
赵钢 等: "基于模糊规则集的入侵检测模块-网络与信息安全事件处理", 《第二十一次全国计算机安全学术交流会论文》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107622200A (zh) * | 2016-07-14 | 2018-01-23 | 腾讯科技(深圳)有限公司 | 应用程序的安全性检测方法及装置 |
CN110162963A (zh) * | 2019-04-26 | 2019-08-23 | 肖银皓 | 一种识别过权应用程序的方法 |
Also Published As
Publication number | Publication date |
---|---|
US20160156646A1 (en) | 2016-06-02 |
WO2015016952A1 (en) | 2015-02-05 |
EP3028211A1 (en) | 2016-06-08 |
US10986103B2 (en) | 2021-04-20 |
CN105229661B (zh) | 2018-10-09 |
WO2015016901A1 (en) | 2015-02-05 |
EP3028203A4 (en) | 2017-03-29 |
CN105229661A (zh) | 2016-01-06 |
EP3028211A4 (en) | 2017-05-10 |
EP3028203A1 (en) | 2016-06-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105431859A (zh) | 指示恶意软件的信号标记 | |
US9798981B2 (en) | Determining malware based on signal tokens | |
Liu et al. | Cyber vulnerability intelligence for internet of things binary | |
CN107659570A (zh) | 基于机器学习与动静态分析的Webshell检测方法及系统 | |
CN111159697B (zh) | 一种密钥检测方法、装置及电子设备 | |
Zhu et al. | Android malware detection based on multi-head squeeze-and-excitation residual network | |
WO2021135919A1 (zh) | 基于机器学习的sql语句安全检测方法、装置、设备及介质 | |
US20200159925A1 (en) | Automated malware analysis that automatically clusters sandbox reports of similar malware samples | |
Song et al. | Permission Sensitivity‐Based Malicious Application Detection for Android | |
CN111586695B (zh) | 短信识别方法及相关设备 | |
Li et al. | Stan: Towards describing bytecodes of smart contract | |
Sun et al. | Malware detection on Android smartphones using keywords vector and SVM | |
Thiyagarajan et al. | Improved real‐time permission based malware detection and clustering approach using model independent pruning | |
Wang et al. | Fgl_droid: an efficient android malware detection method based on hybrid analysis | |
CN105631336A (zh) | 检测移动装置上的恶意文件的系统及方法 | |
CN112817877B (zh) | 异常脚本检测方法、装置、计算机设备和存储介质 | |
Canbay et al. | Detection of mobile applications leaking sensitive data | |
CN113971284B (zh) | 基于JavaScript的恶意网页检测方法、设备及计算机可读存储介质 | |
CN114285587A (zh) | 域名鉴别方法和装置、域名分类模型的获取方法和装置 | |
Aliero et al. | Detection of structure query language injection vulnerability in web driven database application | |
CN106020923A (zh) | SELinux策略的编译方法及系统 | |
US20220237289A1 (en) | Automated malware classification with human-readable explanations | |
CN114595482A (zh) | 一种基于静态检测的软件源代码隐私检测方法及系统 | |
Bo et al. | Tom: A threat operating model for early warning of cyber security threats | |
CN112380530B (zh) | 一种同源apk检测方法、终端设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20161110 Address after: American Texas Applicant after: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP Address before: American Texas Applicant before: Hewlett-Packard Development Company, Limited Liability Partnership |
|
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20180613 Address after: American California Applicant after: Antite Software Co., Ltd. Address before: American Texas Applicant before: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP |
|
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160323 |