CN108073809A - APT Heuristic detection methods and system based on abnormal component liaison - Google Patents
APT Heuristic detection methods and system based on abnormal component liaison Download PDFInfo
- Publication number
- CN108073809A CN108073809A CN201711420803.2A CN201711420803A CN108073809A CN 108073809 A CN108073809 A CN 108073809A CN 201711420803 A CN201711420803 A CN 201711420803A CN 108073809 A CN108073809 A CN 108073809A
- Authority
- CN
- China
- Prior art keywords
- component
- call relation
- environment information
- abnormal
- caching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Memory System Of A Hierarchy Structure (AREA)
Abstract
Description
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711420803.2A CN108073809A (en) | 2017-12-25 | 2017-12-25 | APT Heuristic detection methods and system based on abnormal component liaison |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711420803.2A CN108073809A (en) | 2017-12-25 | 2017-12-25 | APT Heuristic detection methods and system based on abnormal component liaison |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108073809A true CN108073809A (en) | 2018-05-25 |
Family
ID=62155898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711420803.2A Pending CN108073809A (en) | 2017-12-25 | 2017-12-25 | APT Heuristic detection methods and system based on abnormal component liaison |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108073809A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
CN101373502A (en) * | 2008-05-12 | 2009-02-25 | 公安部第三研究所 | Automatic analysis system of virus behavior based on Win32 platform |
US20090158430A1 (en) * | 2005-10-21 | 2009-06-18 | Borders Kevin R | Method, system and computer program product for detecting at least one of security threats and undesirable computer files |
US20100058431A1 (en) * | 2008-08-26 | 2010-03-04 | Mccorkendale Bruce | Agentless Enforcement of Application Management through Virtualized Block I/O Redirection |
CN104794399A (en) * | 2015-04-23 | 2015-07-22 | 北京北信源软件股份有限公司 | Terminal protection system and method based on massive program behavior data |
CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
CN104850780A (en) * | 2015-04-27 | 2015-08-19 | 北京北信源软件股份有限公司 | Discrimination method for advanced persistent threat attack |
CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN106802821A (en) * | 2017-02-14 | 2017-06-06 | 腾讯科技(深圳)有限公司 | Recognition application installs the method and device in source |
-
2017
- 2017-12-25 CN CN201711420803.2A patent/CN108073809A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1818823A (en) * | 2005-02-07 | 2006-08-16 | 福建东方微点信息安全有限责任公司 | Computer protecting method based on programm behaviour analysis |
US20090158430A1 (en) * | 2005-10-21 | 2009-06-18 | Borders Kevin R | Method, system and computer program product for detecting at least one of security threats and undesirable computer files |
CN101373502A (en) * | 2008-05-12 | 2009-02-25 | 公安部第三研究所 | Automatic analysis system of virus behavior based on Win32 platform |
US20100058431A1 (en) * | 2008-08-26 | 2010-03-04 | Mccorkendale Bruce | Agentless Enforcement of Application Management through Virtualized Block I/O Redirection |
CN104811447A (en) * | 2015-04-21 | 2015-07-29 | 深信服网络科技(深圳)有限公司 | Security detection method and system based on attack association |
CN104794399A (en) * | 2015-04-23 | 2015-07-22 | 北京北信源软件股份有限公司 | Terminal protection system and method based on massive program behavior data |
CN104850780A (en) * | 2015-04-27 | 2015-08-19 | 北京北信源软件股份有限公司 | Discrimination method for advanced persistent threat attack |
CN104866765A (en) * | 2015-06-03 | 2015-08-26 | 康绯 | Behavior characteristic similarity-based malicious code homology analysis method |
CN105681286A (en) * | 2015-12-31 | 2016-06-15 | 中电长城网际系统应用有限公司 | Association analysis method and association analysis system |
CN106802821A (en) * | 2017-02-14 | 2017-06-06 | 腾讯科技(深圳)有限公司 | Recognition application installs the method and device in source |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10929533B2 (en) | System and method of identifying malicious files using a learning model trained on a malicious file | |
US11469976B2 (en) | System and method for cloud-based control-plane event monitor | |
Chumachenko | Machine learning methods for malware detection and classification | |
US9774614B2 (en) | Methods and systems for side channel analysis detection and protection | |
US11200318B2 (en) | Methods and apparatus to detect adversarial malware | |
KR20210141575A (en) | Detect sensitive data exposure through logging | |
US11057428B1 (en) | Honeytoken tracker | |
Calderon | The benefits of artificial intelligence in cybersecurity | |
US20180157826A1 (en) | Isolating Data for Analysis to Avoid Malicious Attacks | |
US20110154489A1 (en) | System for analyzing malicious botnet activity in real time | |
EP3542508A1 (en) | Security systems and methods using an automated bot with a natural language interface for improving response times for security alert response and mediation | |
US10726124B2 (en) | Computer device and method of identifying whether container behavior thereof is abnormal | |
CN104573497B (en) | A kind for the treatment of method and apparatus of startup item | |
US10623426B1 (en) | Building a ground truth dataset for a machine learning-based security application | |
US20210049262A1 (en) | Stack pivot exploit detection and mitigation | |
CN104025102A (en) | System And Method For Detecting A File Embedded In An Arbitrary Location And Determining The Reputation Of The File | |
US11595440B2 (en) | Maintaining interactive session continuity in honeypot deployments | |
Rosenberg et al. | Bypassing system calls–based intrusion detection systems | |
US12050681B2 (en) | Software build system protection engine | |
WO2018175600A1 (en) | Sample-specific sandbox configuration based on endpoint telemetry | |
US9881155B2 (en) | System and method for automatic use-after-free exploit detection | |
CN108073809A (en) | APT Heuristic detection methods and system based on abnormal component liaison | |
US20230297671A1 (en) | Computer-implemented automatic security methods and systems | |
EP3588351B1 (en) | System and method of identifying malicious files using a learning model trained on a malicious file | |
CN106815523B (en) | A kind of malware defence method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 150028 Building 7, Innovation Plaza, Science and Technology Innovation City, Harbin Hi-tech Industrial Development Zone, Harbin, Heilongjiang Province (838 Shikun Road) Applicant after: Harbin antiy Technology Group Limited by Share Ltd Address before: 150090 Room 506, No. 162 Hongqi Street, Nangang District, Harbin Development Zone, Heilongjiang Province Applicant before: Harbin Antiy Technology Co., Ltd. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Heilongjiang Province (No. 838, Shikun Road) Applicant after: Antan Technology Group Co.,Ltd. Address before: 150028 building 7, innovation and entrepreneurship square, science and technology innovation city, Harbin high tech Industrial Development Zone, Harbin, Heilongjiang Province (No. 838, Shikun Road) Applicant before: Harbin Antian Science and Technology Group Co.,Ltd. |
|
CB02 | Change of applicant information | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180525 |
|
RJ01 | Rejection of invention patent application after publication |