CN105637833A - 基于配置通道来预先识别可能的恶意行为 - Google Patents

基于配置通道来预先识别可能的恶意行为 Download PDF

Info

Publication number
CN105637833A
CN105637833A CN201480054606.1A CN201480054606A CN105637833A CN 105637833 A CN105637833 A CN 105637833A CN 201480054606 A CN201480054606 A CN 201480054606A CN 105637833 A CN105637833 A CN 105637833A
Authority
CN
China
Prior art keywords
configuration
malicious
mobile computing
computing device
channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201480054606.1A
Other languages
English (en)
Chinese (zh)
Inventor
V·斯里哈拉
S·P·帕特恩
R·古普塔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN105637833A publication Critical patent/CN105637833A/zh
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
CN201480054606.1A 2013-10-03 2014-09-19 基于配置通道来预先识别可能的恶意行为 Pending CN105637833A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/044,937 US9519775B2 (en) 2013-10-03 2013-10-03 Pre-identifying probable malicious behavior based on configuration pathways
US14/044,937 2013-10-03
PCT/US2014/056666 WO2015050727A1 (en) 2013-10-03 2014-09-19 Pre-identifying probable malicious behavior based on configuration pathways

Publications (1)

Publication Number Publication Date
CN105637833A true CN105637833A (zh) 2016-06-01

Family

ID=51842755

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480054606.1A Pending CN105637833A (zh) 2013-10-03 2014-09-19 基于配置通道来预先识别可能的恶意行为

Country Status (6)

Country Link
US (1) US9519775B2 (enExample)
EP (1) EP3053319A1 (enExample)
JP (1) JP6161807B2 (enExample)
KR (1) KR101810346B1 (enExample)
CN (1) CN105637833A (enExample)
WO (1) WO2015050727A1 (enExample)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109195154A (zh) * 2018-08-13 2019-01-11 中国联合网络通信集团有限公司 物联网窜卡用户识别方法和装置
WO2019016628A1 (en) * 2017-07-19 2019-01-24 International Business Machines Corporation COMPLIANCE-SUSTAINABLE EXECUTION GENERATION BASED ON REASONS FOR APPLICATION AND RISK ASSESSMENT
CN109348065A (zh) * 2018-11-27 2019-02-15 湘潭大学 一种基于qq聊天互动行为的手机电磁辐射预测方法

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9519775B2 (en) 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
US9213831B2 (en) * 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
AU2013101573A4 (en) * 2013-11-29 2014-01-09 Macau University Of Science And Technology Method for predicting and detecting network intrusion into a computer network
RU2595511C2 (ru) * 2014-12-05 2016-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ ограничения работы доверенных приложений при наличии подозрительных приложений
US9785776B2 (en) 2015-04-27 2017-10-10 Iboss, Inc. High risk program identification based on program behavior
US10148678B2 (en) * 2015-10-01 2018-12-04 The Boeing Company Cybersecurity system with differentiated capacity to deal with complex cyber attacks
US9906551B2 (en) * 2016-02-09 2018-02-27 International Business Machines Corporation Forecasting and classifying cyber-attacks using crossover neural embeddings
WO2017137804A1 (en) * 2016-02-11 2017-08-17 Morphisec Information Security Ltd. Automated classification of exploits based on runtime environmental features
US11108816B2 (en) * 2016-03-17 2021-08-31 Johann Schlamp Constructible automata for internet routes
US10826933B1 (en) * 2016-03-31 2020-11-03 Fireeye, Inc. Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints
US10893059B1 (en) 2016-03-31 2021-01-12 Fireeye, Inc. Verification and enhancement using detection systems located at the network periphery and endpoint devices
US10491610B2 (en) 2016-05-20 2019-11-26 International Business Machines Corporation Remote monitoring of software
US10462162B2 (en) * 2017-07-24 2019-10-29 Rapid7, Inc. Detecting malicious processes based on process location
CN109936545B (zh) * 2017-12-18 2020-07-24 华为技术有限公司 暴力破解攻击的检测方法和相关装置
US11431748B2 (en) 2017-12-20 2022-08-30 Mounir Talal NSOULI Predictive crowdsourcing-based endpoint protection system
WO2019170615A1 (en) * 2018-03-05 2019-09-12 British Telecommunications Public Limited Company Improved application deployment
US11782965B1 (en) * 2018-04-05 2023-10-10 Veritas Technologies Llc Systems and methods for normalizing data store classification information
US10885226B1 (en) * 2018-06-06 2021-01-05 NortonLifeLock, Inc. Systems and methods for enforcing secure shared access on computing devices by content state pinning
US11201855B1 (en) 2018-06-22 2021-12-14 Vmware, Inc. Distributed firewall that learns from traffic patterns to prevent attacks
US11750624B2 (en) * 2018-06-22 2023-09-05 Vmware, Inc. Statistical approach for augmenting signature detection in web application firewall
AU2019306246B2 (en) * 2018-07-17 2022-01-27 Netflix, Inc. Differencing engine for digital forensics
JP7283545B2 (ja) * 2019-07-17 2023-05-30 日本電気株式会社 分析システム、方法およびプログラム
US12130908B2 (en) * 2020-05-01 2024-10-29 Forcepoint Llc Progressive trigger data and detection model
WO2021240869A1 (ja) * 2020-05-28 2021-12-02 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ 制御方法、プログラム及び不正データ検知システム
US20220329664A1 (en) * 2021-04-09 2022-10-13 Apple Inc. Secure data caching for edge networks
US12346788B2 (en) * 2021-06-04 2025-07-01 Dell Products L.P. Systems and methods for gauging differences between network configurations
US12287877B1 (en) 2022-07-12 2025-04-29 Wells Fargo Bank, N.A. Determining false positives of file change events detected by file integrity monitoring tools

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060025962A1 (en) * 2004-07-27 2006-02-02 Microsoft Corporation Method and system for troubleshooting a misconfiguration of a computer system based on product support services information
CN101479709A (zh) * 2006-06-30 2009-07-08 微软公司 在引导环境中标识恶意软件
CN101483658A (zh) * 2009-01-09 2009-07-15 招商银行股份有限公司 浏览器输入内容保护的系统和方法
US20090248497A1 (en) * 2008-04-01 2009-10-01 Certona Corporation System and method for quantifying and detecting non-normative behavior
US20130097660A1 (en) * 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment

Family Cites Families (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7257523B1 (en) * 1999-05-06 2007-08-14 Fisher-Rosemount Systems, Inc. Integrated distributed process control system functionality on a single computer
JP2002251374A (ja) * 2000-12-20 2002-09-06 Fujitsu Ltd 情報管理システム、情報管理方法、およびその方法をコンピュータに実行させるプログラム、並びにそのプログラムを記録したコンピュータ読み取り可能な記録媒体
US7028338B1 (en) * 2001-12-18 2006-04-11 Sprint Spectrum L.P. System, computer program, and method of cooperative response to threat to domain security
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
TW200416542A (en) 2003-02-26 2004-09-01 Osaka Ind Promotion Org Determination method of improper processing, data processing device, computer program and recording media (II)
US7024548B1 (en) * 2003-03-10 2006-04-04 Cisco Technology, Inc. Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device
US7409593B2 (en) * 2003-06-30 2008-08-05 At&T Delaware Intellectual Property, Inc. Automated diagnosis for computer networks
WO2005017690A2 (en) 2003-08-11 2005-02-24 Chorus Systems, Inc. Systems and methods for creation and use of an adaptive reference model
JP3999188B2 (ja) * 2003-10-28 2007-10-31 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法および不正アクセス検知プログラム
JP4371905B2 (ja) * 2004-05-27 2009-11-25 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法、不正アクセス検知プログラムおよび分散型サービス不能化攻撃検知装置
EP1619572A1 (en) 2004-07-23 2006-01-25 Texas Instruments Incorporated System and method of identifying and preventing security violations within a computing system
US20060075494A1 (en) 2004-10-01 2006-04-06 Bertman Justin R Method and system for analyzing data for potential malware
US7770785B2 (en) 2005-06-13 2010-08-10 Qualcomm Incorporated Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device
JP4528680B2 (ja) * 2005-07-05 2010-08-18 株式会社日立製作所 自己再組織化システム
US8832827B2 (en) 2005-07-14 2014-09-09 Gryphonet Ltd. System and method for detection and recovery of malfunction in mobile devices
WO2007053708A2 (en) * 2005-10-31 2007-05-10 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for securing communications between a first node and a second node
US7774843B1 (en) 2005-11-16 2010-08-10 Mcafee, Inc. System, method and computer program product for preventing the execution of unwanted code
US20090271863A1 (en) * 2006-01-30 2009-10-29 Sudhakar Govindavajhala Identifying unauthorized privilege escalations
US8365286B2 (en) 2006-06-30 2013-01-29 Sophos Plc Method and system for classification of software using characteristics and combinations of such characteristics
WO2008043109A2 (en) * 2006-10-06 2008-04-10 Smobile Systems, Inc. System and method of reporting and visualizing malware on mobile networks
US8201246B1 (en) 2008-02-25 2012-06-12 Trend Micro Incorporated Preventing malicious codes from performing malicious actions in a computer system
US8745703B2 (en) 2008-06-24 2014-06-03 Microsoft Corporation Identifying exploitation of vulnerabilities using error report
US8667583B2 (en) 2008-09-22 2014-03-04 Microsoft Corporation Collecting and analyzing malware data
US8528080B2 (en) 2009-09-15 2013-09-03 Reefedge Networks, Llc Short-range mobile honeypot for sampling and tracking threats
US8375450B1 (en) 2009-10-05 2013-02-12 Trend Micro, Inc. Zero day malware scanner
US8464345B2 (en) 2010-04-28 2013-06-11 Symantec Corporation Behavioral signature generation using clustering
US20120137369A1 (en) * 2010-11-29 2012-05-31 Infosec Co., Ltd. Mobile terminal with security functionality and method of implementing the same
US9100425B2 (en) 2010-12-01 2015-08-04 Cisco Technology, Inc. Method and apparatus for detecting malicious software using generic signatures
TW201227385A (en) 2010-12-16 2012-07-01 Univ Nat Taiwan Science Tech Method of detecting malicious script and system thereof
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
ES2755780T3 (es) 2011-09-16 2020-04-23 Veracode Inc Análisis estático y de comportamiento automatizado mediante la utilización de un espacio aislado instrumentado y clasificación de aprendizaje automático para seguridad móvil
US9832211B2 (en) 2012-03-19 2017-11-28 Qualcomm, Incorporated Computing device to detect malware
US9507937B2 (en) * 2012-03-30 2016-11-29 Intel Corporation Reporting malicious activity to an operating system
US20130311385A1 (en) * 2012-05-18 2013-11-21 Park S. Foreman Third Party Security Monitoring & Audit
US8819772B2 (en) * 2012-06-25 2014-08-26 Appthority, Inc. In-line filtering of insecure or unwanted mobile device software components or communications
US10180851B2 (en) * 2013-01-14 2019-01-15 Cisco Technology, Inc. Detection of unauthorized use of virtual resources
US20140259167A1 (en) * 2013-03-11 2014-09-11 Samsung Electronics Co. Ltd. Behavior based application blacklisting
US9069955B2 (en) * 2013-04-30 2015-06-30 International Business Machines Corporation File system level data protection during potential security breach
US9213831B2 (en) 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
US9519775B2 (en) 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060025962A1 (en) * 2004-07-27 2006-02-02 Microsoft Corporation Method and system for troubleshooting a misconfiguration of a computer system based on product support services information
CN101479709A (zh) * 2006-06-30 2009-07-08 微软公司 在引导环境中标识恶意软件
US20090248497A1 (en) * 2008-04-01 2009-10-01 Certona Corporation System and method for quantifying and detecting non-normative behavior
CN101483658A (zh) * 2009-01-09 2009-07-15 招商银行股份有限公司 浏览器输入内容保护的系统和方法
US20130097660A1 (en) * 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019016628A1 (en) * 2017-07-19 2019-01-24 International Business Machines Corporation COMPLIANCE-SUSTAINABLE EXECUTION GENERATION BASED ON REASONS FOR APPLICATION AND RISK ASSESSMENT
CN110914809A (zh) * 2017-07-19 2020-03-24 国际商业机器公司 基于应用程序模式和风险评估的合规感知的运行时生成
GB2578066A (en) * 2017-07-19 2020-04-15 Ibm Compliance-aware runtime generation based on application patterns and risk assessment
US10789368B2 (en) 2017-07-19 2020-09-29 International Business Machines Corporation Compliance-aware runtime generation based on application patterns and risk assessment
US10803177B2 (en) 2017-07-19 2020-10-13 International Business Machines Corporation Compliance-aware runtime generation based on application patterns and risk assessment
GB2578066B (en) * 2017-07-19 2022-02-16 Ibm Compliance-aware runtime generation based on application patterns and risk assessment
CN110914809B (zh) * 2017-07-19 2023-08-29 国际商业机器公司 基于应用程序模式和风险评估的合规感知的运行时生成
CN109195154A (zh) * 2018-08-13 2019-01-11 中国联合网络通信集团有限公司 物联网窜卡用户识别方法和装置
CN109348065A (zh) * 2018-11-27 2019-02-15 湘潭大学 一种基于qq聊天互动行为的手机电磁辐射预测方法

Also Published As

Publication number Publication date
WO2015050727A1 (en) 2015-04-09
US20150101047A1 (en) 2015-04-09
JP6161807B2 (ja) 2017-07-12
EP3053319A1 (en) 2016-08-10
US9519775B2 (en) 2016-12-13
JP2016538618A (ja) 2016-12-08
KR20160065863A (ko) 2016-06-09
KR101810346B1 (ko) 2018-01-18

Similar Documents

Publication Publication Date Title
US9519775B2 (en) Pre-identifying probable malicious behavior based on configuration pathways
US10089459B2 (en) Malware detection and prevention by monitoring and modifying a hardware pipeline
US9323929B2 (en) Pre-identifying probable malicious rootkit behavior using behavioral contracts
US9690635B2 (en) Communicating behavior information in a mobile computing device
EP3485415B1 (en) Devices and methods for classifying an execution session
US9491187B2 (en) APIs for obtaining device-specific behavior classifier models from the cloud
US9686023B2 (en) Methods and systems of dynamically generating and using device-specific and device-state-specific classifier models for the efficient classification of mobile device behaviors
US9357397B2 (en) Methods and systems for detecting malware and attacks that target behavioral security mechanisms of a mobile device
EP3117361B1 (en) Behavioral analysis for securing peripheral devices
US9609456B2 (en) Methods, devices, and systems for communicating behavioral analysis information
US20160232353A1 (en) Determining Model Protection Level On-Device based on Malware Detection in Similar Devices
US20130304677A1 (en) Architecture for Client-Cloud Behavior Analyzer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160601