CN107851157A - 恶意软件的检测 - Google Patents

恶意软件的检测 Download PDF

Info

Publication number
CN107851157A
CN107851157A CN201680037858.2A CN201680037858A CN107851157A CN 107851157 A CN107851157 A CN 107851157A CN 201680037858 A CN201680037858 A CN 201680037858A CN 107851157 A CN107851157 A CN 107851157A
Authority
CN
China
Prior art keywords
find
processor
functions
resolving
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201680037858.2A
Other languages
English (en)
Chinese (zh)
Other versions
CN107851157A8 (zh
Inventor
J.L.爱德华兹
J.R.斯普尔洛克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
McAfee LLC
Original Assignee
McAfee LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by McAfee LLC filed Critical McAfee LLC
Publication of CN107851157A publication Critical patent/CN107851157A/zh
Publication of CN107851157A8 publication Critical patent/CN107851157A8/zh
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Computational Linguistics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Debugging And Monitoring (AREA)
CN201680037858.2A 2015-06-27 2016-05-25 恶意软件的检测 Pending CN107851157A (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/752901 2015-06-27
US14/752,901 US20160381051A1 (en) 2015-06-27 2015-06-27 Detection of malware
PCT/US2016/033977 WO2017003587A1 (en) 2015-06-27 2016-05-25 Detection of malware

Publications (2)

Publication Number Publication Date
CN107851157A true CN107851157A (zh) 2018-03-27
CN107851157A8 CN107851157A8 (zh) 2018-08-28

Family

ID=57602997

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680037858.2A Pending CN107851157A (zh) 2015-06-27 2016-05-25 恶意软件的检测

Country Status (5)

Country Link
US (1) US20160381051A1 (https=)
EP (1) EP3314510A1 (https=)
JP (1) JP6526842B2 (https=)
CN (1) CN107851157A (https=)
WO (1) WO2017003587A1 (https=)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10237287B1 (en) * 2016-02-11 2019-03-19 Awake Security, Inc. System and method for detecting a malicious activity in a computing environment
US10135847B2 (en) * 2016-05-18 2018-11-20 Salesforce.Com, Inc. Reverse shell network intrusion detection
US10372909B2 (en) * 2016-08-19 2019-08-06 Hewlett Packard Enterprise Development Lp Determining whether process is infected with malware
US10783246B2 (en) 2017-01-31 2020-09-22 Hewlett Packard Enterprise Development Lp Comparing structural information of a snapshot of system memory
US10423151B2 (en) * 2017-07-07 2019-09-24 Battelle Energy Alliance, Llc Controller architecture and systems and methods for implementing the same in a networked control system
US10116671B1 (en) * 2017-09-28 2018-10-30 International Business Machines Corporation Distributed denial-of-service attack detection based on shared network flow information
CN110378081A (zh) * 2019-06-06 2019-10-25 厦门网宿有限公司 一种加壳动态链接库加载方法及装置
US12381890B2 (en) 2019-09-24 2025-08-05 Pribit Technology, Inc. System and method for secure network access of terminal
US11190494B2 (en) 2019-09-24 2021-11-30 Pribit Technology, Inc. Application whitelist using a controlled node flow
US11082256B2 (en) 2019-09-24 2021-08-03 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US12166759B2 (en) 2019-09-24 2024-12-10 Pribit Technology, Inc. System for remote execution code-based node control flow management, and method therefor
US11652801B2 (en) 2019-09-24 2023-05-16 Pribit Technology, Inc. Network access control system and method therefor
US12519754B2 (en) 2019-09-24 2026-01-06 Pribit Technology, Inc. System for controlling network access of node on basis of tunnel and data flow, and method therefor
US11271777B2 (en) 2019-09-24 2022-03-08 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US11381557B2 (en) * 2019-09-24 2022-07-05 Pribit Technology, Inc. Secure data transmission using a controlled node flow
US12348494B2 (en) 2019-09-24 2025-07-01 Pribit Technology, Inc. Network access control system and method therefor
EP4037277B1 (en) 2019-09-24 2025-05-07 PRIBIT Technology, Inc. System for authenticating and controlling network access of terminal, and method therefor
US11489849B2 (en) 2020-01-14 2022-11-01 Saudi Arabian Oil Company Method and system for detecting and remediating malicious code in a computer network
US11546315B2 (en) * 2020-05-28 2023-01-03 Hewlett Packard Enterprise Development Lp Authentication key-based DLL service

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1818822A (zh) * 2005-02-07 2006-08-16 福建东方微点信息安全有限责任公司 缓冲区溢出攻击的检测方法
CN1885224A (zh) * 2005-06-23 2006-12-27 福建东方微点信息安全有限责任公司 计算机反病毒防护系统和方法
CN101127638A (zh) * 2007-06-07 2008-02-20 飞塔信息科技(北京)有限公司 一种具有主动性的病毒自动防控系统和方法
CN101441687A (zh) * 2007-11-21 2009-05-27 珠海金山软件股份有限公司 一种提取病毒文件的病毒特征的方法及其装置
CN101788915A (zh) * 2010-02-05 2010-07-28 北京工业大学 基于可信进程树的白名单更新方法
CN102622543A (zh) * 2012-02-06 2012-08-01 北京百度网讯科技有限公司 一种动态检测恶意网页脚本的方法和装置
US8307432B1 (en) * 2008-10-07 2012-11-06 Trend Micro Incorporated Generic shellcode detection
US20120291131A1 (en) * 2011-05-09 2012-11-15 F-Secure Corporation Malware detection
CN103294951A (zh) * 2012-11-29 2013-09-11 北京安天电子设备有限公司 一种基于文档型漏洞的恶意代码样本提取方法及系统
CN103679031A (zh) * 2013-12-12 2014-03-26 北京奇虎科技有限公司 一种文件病毒免疫的方法和装置
CN103955645A (zh) * 2014-04-28 2014-07-30 百度在线网络技术(北京)有限公司 恶意进程行为的检测方法、装置及系统

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407787B1 (en) * 2009-01-22 2013-03-26 Trend Micro Incorporated Computer apparatus and method for non-intrusive inspection of program behavior
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법
US9413721B2 (en) * 2011-02-15 2016-08-09 Webroot Inc. Methods and apparatus for dealing with malware
EP2691908B1 (en) * 2011-03-28 2018-12-05 McAfee, LLC System and method for virtual machine monitor based anti-malware security
US20140150101A1 (en) * 2012-09-12 2014-05-29 Xecure Lab Co., Ltd. Method for recognizing malicious file
US8931074B2 (en) * 2012-10-10 2015-01-06 Dell Products L.P. Adaptive system behavior change on malware trigger
US9491190B2 (en) * 2013-12-26 2016-11-08 Guardicore Ltd. Dynamic selection of network traffic for file extraction shellcode detection

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1818822A (zh) * 2005-02-07 2006-08-16 福建东方微点信息安全有限责任公司 缓冲区溢出攻击的检测方法
CN1885224A (zh) * 2005-06-23 2006-12-27 福建东方微点信息安全有限责任公司 计算机反病毒防护系统和方法
CN101127638A (zh) * 2007-06-07 2008-02-20 飞塔信息科技(北京)有限公司 一种具有主动性的病毒自动防控系统和方法
CN101441687A (zh) * 2007-11-21 2009-05-27 珠海金山软件股份有限公司 一种提取病毒文件的病毒特征的方法及其装置
US8307432B1 (en) * 2008-10-07 2012-11-06 Trend Micro Incorporated Generic shellcode detection
CN101788915A (zh) * 2010-02-05 2010-07-28 北京工业大学 基于可信进程树的白名单更新方法
US20120291131A1 (en) * 2011-05-09 2012-11-15 F-Secure Corporation Malware detection
CN102622543A (zh) * 2012-02-06 2012-08-01 北京百度网讯科技有限公司 一种动态检测恶意网页脚本的方法和装置
CN103294951A (zh) * 2012-11-29 2013-09-11 北京安天电子设备有限公司 一种基于文档型漏洞的恶意代码样本提取方法及系统
CN103679031A (zh) * 2013-12-12 2014-03-26 北京奇虎科技有限公司 一种文件病毒免疫的方法和装置
CN103955645A (zh) * 2014-04-28 2014-07-30 百度在线网络技术(北京)有限公司 恶意进程行为的检测方法、装置及系统

Also Published As

Publication number Publication date
US20160381051A1 (en) 2016-12-29
WO2017003587A1 (en) 2017-01-05
EP3314510A1 (en) 2018-05-02
JP2018519604A (ja) 2018-07-19
CN107851157A8 (zh) 2018-08-28
JP6526842B2 (ja) 2019-06-05

Similar Documents

Publication Publication Date Title
JP6526842B2 (ja) マルウェアの検出
US11328063B2 (en) Identification of malicious execution of a process
US10176344B2 (en) Data verification using enclave attestation
US11379583B2 (en) Malware detection using a digital certificate
US20210029150A1 (en) Determining a reputation for a process
US9712545B2 (en) Detection of a malicious peripheral
CN107980123B (zh) 敏感数据的保护
CN107960126B (zh) 基于分析事件的漏洞利用检测
US20160180092A1 (en) Portable secure storage
EP3314511B1 (en) Anomaly detection to identify malware

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CI02 Correction of invention patent application
CI02 Correction of invention patent application

Correction item: Applicant

Correct: McAfee limited liability company

False: Mike Philippines limited liability company

Number: 13-01

Page: The title page

Volume: 34

Correction item: Applicant

Correct: McAfee limited liability company

False: Mike Philippines limited liability company

Number: 13-01

Volume: 34

WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180327