CN108027859B - 检测对计算设备中的进程的软件攻击 - Google Patents

检测对计算设备中的进程的软件攻击 Download PDF

Info

Publication number
CN108027859B
CN108027859B CN201680053767.8A CN201680053767A CN108027859B CN 108027859 B CN108027859 B CN 108027859B CN 201680053767 A CN201680053767 A CN 201680053767A CN 108027859 B CN108027859 B CN 108027859B
Authority
CN
China
Prior art keywords
virtual memory
structural attributes
memory regions
processor
memory region
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201680053767.8A
Other languages
English (en)
Chinese (zh)
Other versions
CN108027859A (zh
Inventor
S·A·K·加塔拉
R·古普塔
N·伊斯兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Publication of CN108027859A publication Critical patent/CN108027859A/zh
Application granted granted Critical
Publication of CN108027859B publication Critical patent/CN108027859B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
CN201680053767.8A 2015-09-17 2016-08-12 检测对计算设备中的进程的软件攻击 Active CN108027859B (zh)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201562219970P 2015-09-17 2015-09-17
US62/219,970 2015-09-17
US15/057,336 US10255434B2 (en) 2015-09-17 2016-03-01 Detecting software attacks on processes in computing devices
US15/057,336 2016-03-01
PCT/US2016/046747 WO2017048426A1 (en) 2015-09-17 2016-08-12 Detecting software attacks on processes in computing devices

Publications (2)

Publication Number Publication Date
CN108027859A CN108027859A (zh) 2018-05-11
CN108027859B true CN108027859B (zh) 2020-03-24

Family

ID=58282948

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680053767.8A Active CN108027859B (zh) 2015-09-17 2016-08-12 检测对计算设备中的进程的软件攻击

Country Status (7)

Country Link
US (1) US10255434B2 (enExample)
EP (1) EP3350741B1 (enExample)
JP (1) JP6777732B2 (enExample)
KR (1) KR102534334B1 (enExample)
CN (1) CN108027859B (enExample)
TW (1) TW201717086A (enExample)
WO (1) WO2017048426A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2547272B (en) * 2016-02-15 2020-07-15 F Secure Corp Improving security of computer resources
JP6750674B2 (ja) 2016-04-26 2020-09-02 日本電気株式会社 プログラム分析システム、プログラム分析方法、及び、コンピュータ・プログラム
US10372909B2 (en) * 2016-08-19 2019-08-06 Hewlett Packard Enterprise Development Lp Determining whether process is infected with malware
US10783246B2 (en) 2017-01-31 2020-09-22 Hewlett Packard Enterprise Development Lp Comparing structural information of a snapshot of system memory
EP3413531B1 (en) * 2017-06-07 2025-08-20 Hewlett-Packard Development Company, L.P. Intrusion detection system
US10706180B2 (en) * 2017-07-07 2020-07-07 Endgame, Inc. System and method for enabling a malware prevention module in response to a context switch within a certain process being executed by a processor
CN110188540B (zh) * 2019-04-17 2021-06-22 中国科学院软件研究所 一种基于控制状态跟踪的rop攻击检测方法
JP7333748B2 (ja) * 2019-12-13 2023-08-25 株式会社日立製作所 電子機器および電子機器の攻撃検知方法
US12118088B2 (en) * 2020-04-22 2024-10-15 Arm Limited Moderator system for a security analytics framework
CN112307475A (zh) * 2020-09-29 2021-02-02 北京软慧科技有限公司 一种系统检测方法及装置
CN115730303B (zh) * 2022-11-11 2025-07-15 中国人民解放军网络空间部队信息工程大学 一种软件异构化安全性评估方法及装置
US20240248990A1 (en) * 2023-01-24 2024-07-25 Crowdstrike, Inc. Machine learning-based malware detection for code reflection
US20240354411A1 (en) * 2023-04-21 2024-10-24 Vmware, Inc. Rapid ransomware detection and recovery

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110082962A1 (en) * 2009-10-01 2011-04-07 Vmware, Inc. Monitoring a data structure in a virtual machine
US20110179490A1 (en) * 2010-01-15 2011-07-21 Samsung Electronics Co., Ltd. Apparatus and Method for Detecting a Code Injection Attack
US7996904B1 (en) * 2007-12-19 2011-08-09 Symantec Corporation Automated unpacking of executables packed by multiple layers of arbitrary packers
CN103729305A (zh) * 2012-10-11 2014-04-16 财团法人工业技术研究院 虚拟机的存储器管理的方法和计算机系统
US20150215335A1 (en) * 2014-01-27 2015-07-30 Webroot Inc. Detecting and preventing execution of software exploits

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8955104B2 (en) 2004-07-07 2015-02-10 University Of Maryland College Park Method and system for monitoring system memory integrity
JP2006172003A (ja) * 2004-12-14 2006-06-29 Ntt Docomo Inc プログラム実行監視装置、プログラム実行監視方法及びプログラム作成方法
NO20050564D0 (no) 2005-02-02 2005-02-02 Tore Lysemose Hansen Programmonitor for a identifisere uautorisert inntrenging i datasystemer
CN101278260B (zh) 2005-06-07 2012-07-18 威睿公司 使软件程序免于弱点和攻击的约束注入方法
JP4995170B2 (ja) * 2008-10-06 2012-08-08 日本電信電話株式会社 不正検知方法、不正検知装置、不正検知プログラムおよび情報処理システム
US9866426B2 (en) * 2009-11-17 2018-01-09 Hawk Network Defense, Inc. Methods and apparatus for analyzing system events
US8949169B2 (en) * 2009-11-17 2015-02-03 Jerome Naifeh Methods and apparatus for analyzing system events
US9401922B1 (en) * 2010-12-10 2016-07-26 Verizon Patent And Licensing Inc. Systems and methods for analysis of abnormal conditions in computing machines
JP2014514651A (ja) * 2011-03-28 2014-06-19 マカフィー, インコーポレイテッド バーチャルマシーンモニタベースのアンチマルウェアセキュリティのためのシステム及び方法
US8584254B2 (en) 2011-12-08 2013-11-12 Microsoft Corporation Data access reporting platform for secure active monitoring
US9832211B2 (en) * 2012-03-19 2017-11-28 Qualcomm, Incorporated Computing device to detect malware
US9881153B2 (en) * 2014-06-20 2018-01-30 Leviathan, Inc. System and method for detection of heap spray attack
WO2017023773A1 (en) * 2015-07-31 2017-02-09 Digital Guardian, Inc. Systems and methods of protecting data from injected malware

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7996904B1 (en) * 2007-12-19 2011-08-09 Symantec Corporation Automated unpacking of executables packed by multiple layers of arbitrary packers
US20110082962A1 (en) * 2009-10-01 2011-04-07 Vmware, Inc. Monitoring a data structure in a virtual machine
US20110179490A1 (en) * 2010-01-15 2011-07-21 Samsung Electronics Co., Ltd. Apparatus and Method for Detecting a Code Injection Attack
CN103729305A (zh) * 2012-10-11 2014-04-16 财团法人工业技术研究院 虚拟机的存储器管理的方法和计算机系统
US20150215335A1 (en) * 2014-01-27 2015-07-30 Webroot Inc. Detecting and preventing execution of software exploits

Also Published As

Publication number Publication date
CN108027859A (zh) 2018-05-11
US20170083702A1 (en) 2017-03-23
JP2018532187A (ja) 2018-11-01
EP3350741B1 (en) 2019-07-17
KR20180054726A (ko) 2018-05-24
US10255434B2 (en) 2019-04-09
KR102534334B1 (ko) 2023-05-18
EP3350741A1 (en) 2018-07-25
WO2017048426A1 (en) 2017-03-23
TW201717086A (zh) 2017-05-16
JP6777732B2 (ja) 2020-10-28

Similar Documents

Publication Publication Date Title
CN108027859B (zh) 检测对计算设备中的进程的软件攻击
US10990674B2 (en) Malware clustering based on function call graph similarity
US9158604B1 (en) Lightweight data-flow tracker for realtime behavioral analysis using control flow
US9357411B2 (en) Hardware assisted asset tracking for information leak prevention
US9734333B2 (en) Information security techniques including detection, interdiction and/or mitigation of memory injection attacks
US9898602B2 (en) System, apparatus, and method for adaptive observation of mobile device behavior
US11762987B2 (en) Systems and methods for hardening security systems using data randomization
US9519533B2 (en) Data flow tracking via memory monitoring
US10216934B2 (en) Inferential exploit attempt detection
US10984104B2 (en) Malware clustering based on analysis of execution-behavior reports
US10515216B2 (en) Memory layout based monitoring
US12013929B2 (en) Stack pivot exploit detection and mitigation
Grace et al. Behaviour analysis of inter-app communication using a lightweight monitoring app for malware detection
US12001545B2 (en) Detecting stack pivots using stack artifact verification
Ren et al. SYSYPHUZZ: the Pressure of More Coverage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant