CN107960126B - 基于分析事件的漏洞利用检测 - Google Patents

基于分析事件的漏洞利用检测 Download PDF

Info

Publication number
CN107960126B
CN107960126B CN201680036972.3A CN201680036972A CN107960126B CN 107960126 B CN107960126 B CN 107960126B CN 201680036972 A CN201680036972 A CN 201680036972A CN 107960126 B CN107960126 B CN 107960126B
Authority
CN
China
Prior art keywords
application
memory
instruction pointer
code
orphan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680036972.3A
Other languages
English (en)
Chinese (zh)
Other versions
CN107960126A (zh
Inventor
V.皮库尔
R.马图尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
McAfee LLC
Original Assignee
McAfee LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by McAfee LLC filed Critical McAfee LLC
Publication of CN107960126A publication Critical patent/CN107960126A/zh
Application granted granted Critical
Publication of CN107960126B publication Critical patent/CN107960126B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)
CN201680036972.3A 2015-06-26 2016-05-23 基于分析事件的漏洞利用检测 Active CN107960126B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/751762 2015-06-26
US14/751,762 US9984230B2 (en) 2015-06-26 2015-06-26 Profiling event based exploit detection
PCT/US2016/033691 WO2016209449A1 (en) 2015-06-26 2016-05-23 Profiling event based exploit detection

Publications (2)

Publication Number Publication Date
CN107960126A CN107960126A (zh) 2018-04-24
CN107960126B true CN107960126B (zh) 2021-05-04

Family

ID=57586426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680036972.3A Active CN107960126B (zh) 2015-06-26 2016-05-23 基于分析事件的漏洞利用检测

Country Status (5)

Country Link
US (1) US9984230B2 (enExample)
EP (1) EP3314508A4 (enExample)
JP (1) JP6583865B2 (enExample)
CN (1) CN107960126B (enExample)
WO (1) WO2016209449A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9984230B2 (en) 2015-06-26 2018-05-29 Mcafee, Llc Profiling event based exploit detection
RU2665911C2 (ru) 2017-02-08 2018-09-04 Акционерное общество "Лаборатория Касперского" Система и способ анализа файла на вредоносность в виртуальной машине
US11463472B2 (en) * 2018-10-24 2022-10-04 Nec Corporation Unknown malicious program behavior detection using a graph neural network
US12381890B2 (en) 2019-09-24 2025-08-05 Pribit Technology, Inc. System and method for secure network access of terminal
US12166759B2 (en) 2019-09-24 2024-12-10 Pribit Technology, Inc. System for remote execution code-based node control flow management, and method therefor
US12267304B2 (en) 2019-09-24 2025-04-01 Pribit Technology, Inc. System for authenticating and controlling network access of terminal, and method therefor
US11652801B2 (en) 2019-09-24 2023-05-16 Pribit Technology, Inc. Network access control system and method therefor
US11381557B2 (en) 2019-09-24 2022-07-05 Pribit Technology, Inc. Secure data transmission using a controlled node flow
US11271777B2 (en) 2019-09-24 2022-03-08 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US11082256B2 (en) 2019-09-24 2021-08-03 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US12348494B2 (en) 2019-09-24 2025-07-01 Pribit Technology, Inc. Network access control system and method therefor
CN114679315B (zh) * 2022-03-25 2024-05-14 中国工商银行股份有限公司 攻击检测方法、装置、计算机设备、存储介质和程序产品
FR3137471B1 (fr) * 2022-07-04 2024-12-13 Stmicroelectronics Grand Ouest Sas Procédé de gestion de droits d’accès de régions mémoires et système sur puce correspondant

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103620613A (zh) * 2011-03-28 2014-03-05 迈克菲股份有限公司 用于基于虚拟机监视器的反恶意软件安全的系统和方法

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073142A (en) 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
US6460050B1 (en) 1999-12-22 2002-10-01 Mark Raymond Pace Distributed content identification system
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US20030145230A1 (en) * 2002-01-31 2003-07-31 Huimin Chiu System for exchanging data utilizing remote direct memory access
US7530093B2 (en) 2004-04-30 2009-05-05 Microsoft Corporation Securing applications and operating systems
US7631356B2 (en) * 2005-04-08 2009-12-08 Microsoft Corporation System and method for foreign code detection
US7911481B1 (en) * 2006-12-14 2011-03-22 Disney Enterprises, Inc. Method and apparatus of graphical object selection
US8832682B2 (en) * 2008-03-28 2014-09-09 Vmware, Inc. Trace collection for a virtual machine
SG183332A1 (en) * 2010-03-01 2012-09-27 Silver Tail Systems System and method for network security including detection of attacks through partner websites
US8566944B2 (en) 2010-04-27 2013-10-22 Microsoft Corporation Malware investigation by analyzing computer memory
US8925089B2 (en) 2011-03-29 2014-12-30 Mcafee, Inc. System and method for below-operating system modification of malicious code on an electronic device
RU2510074C2 (ru) 2012-02-24 2014-03-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ проверки исполняемого кода перед его выполнением
JP5951879B2 (ja) * 2012-03-30 2016-07-13 インテル コーポレイション オペレーティングシステムに対する悪意ある活動のレポート
KR101265173B1 (ko) * 2012-05-11 2013-05-15 주식회사 안랩 비실행 파일 검사 장치 및 방법
US9275223B2 (en) * 2012-10-19 2016-03-01 Mcafee, Inc. Real-time module protection
CN105408911A (zh) 2013-08-28 2016-03-16 英特尔公司 硬件和软件执行概况分析
CN103714292B (zh) * 2014-01-15 2016-10-05 四川师范大学 一种漏洞利用代码的检测方法
US9984230B2 (en) 2015-06-26 2018-05-29 Mcafee, Llc Profiling event based exploit detection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103620613A (zh) * 2011-03-28 2014-03-05 迈克菲股份有限公司 用于基于虚拟机监视器的反恶意软件安全的系统和方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络存储服务器缓存替换策略研究;赵英杰;《中国博士学位论文全文数据库 信息科技辑》;20120415(第4期);第I139-1页 *

Also Published As

Publication number Publication date
WO2016209449A1 (en) 2016-12-29
EP3314508A1 (en) 2018-05-02
US9984230B2 (en) 2018-05-29
JP6583865B2 (ja) 2019-10-02
EP3314508A4 (en) 2018-12-05
CN107960126A (zh) 2018-04-24
JP2018523220A (ja) 2018-08-16
US20160378975A1 (en) 2016-12-29

Similar Documents

Publication Publication Date Title
CN107960126B (zh) 基于分析事件的漏洞利用检测
US11328063B2 (en) Identification of malicious execution of a process
US10176344B2 (en) Data verification using enclave attestation
US20210019411A1 (en) Mitigation of ransomware
CN107409120B (zh) 检测恶意外设的装置、方法及系统
JP6526842B2 (ja) マルウェアの検出
CN108093652B (zh) 应用的模拟
US9961102B2 (en) Detection of stack pivoting
EP3314511B1 (en) Anomaly detection to identify malware
US11182480B2 (en) Identification of malware
US10963561B2 (en) System and method to identify a no-operation (NOP) sled attack

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant