CN109074452B - 用于生成绊网文件的系统和方法 - Google Patents
用于生成绊网文件的系统和方法 Download PDFInfo
- Publication number
- CN109074452B CN109074452B CN201680082693.0A CN201680082693A CN109074452B CN 109074452 B CN109074452 B CN 109074452B CN 201680082693 A CN201680082693 A CN 201680082693A CN 109074452 B CN109074452 B CN 109074452B
- Authority
- CN
- China
- Prior art keywords
- tripwire
- file
- tripwire file
- initial
- client device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Retry When Errors Occur (AREA)
Abstract
Description
Claims (20)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/070523 | 2016-03-15 | ||
US15/070,523 US10339304B2 (en) | 2016-03-15 | 2016-03-15 | Systems and methods for generating tripwire files |
PCT/US2016/069034 WO2017160376A1 (en) | 2016-03-15 | 2016-12-28 | Systems and methods for generating tripwire files |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109074452A CN109074452A (zh) | 2018-12-21 |
CN109074452B true CN109074452B (zh) | 2021-12-03 |
Family
ID=57838528
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201680082693.0A Active CN109074452B (zh) | 2016-03-15 | 2016-12-28 | 用于生成绊网文件的系统和方法 |
Country Status (5)
Country | Link |
---|---|
US (1) | US10339304B2 (zh) |
EP (1) | EP3430559B1 (zh) |
JP (1) | JP6789308B2 (zh) |
CN (1) | CN109074452B (zh) |
WO (1) | WO2017160376A1 (zh) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10715533B2 (en) * | 2016-07-26 | 2020-07-14 | Microsoft Technology Licensing, Llc. | Remediation for ransomware attacks on cloud drive folders |
KR102573921B1 (ko) * | 2016-09-13 | 2023-09-04 | 삼성전자주식회사 | 바이러스/멀웨어로부터 안전한 저장 장치, 그것을 포함한 컴퓨팅 시스템 및 그것의 방법 |
US10262135B1 (en) * | 2016-12-13 | 2019-04-16 | Symantec Corporation | Systems and methods for detecting and addressing suspicious file restore activities |
US10289844B2 (en) | 2017-01-19 | 2019-05-14 | International Business Machines Corporation | Protecting backup files from malware |
US10628585B2 (en) | 2017-01-23 | 2020-04-21 | Microsoft Technology Licensing, Llc | Ransomware resilient databases |
US11003775B2 (en) * | 2017-09-11 | 2021-05-11 | Carbon Black, Inc. | Methods for behavioral detection and prevention of cyberattacks, and related apparatus and techniques |
US10831888B2 (en) * | 2018-01-19 | 2020-11-10 | International Business Machines Corporation | Data recovery enhancement system |
US10917416B2 (en) * | 2018-03-30 | 2021-02-09 | Microsoft Technology Licensing, Llc | Service identification of ransomware impacted files |
US11308207B2 (en) * | 2018-03-30 | 2022-04-19 | Microsoft Technology Licensing, Llc | User verification of malware impacted files |
US11200320B2 (en) | 2018-03-30 | 2021-12-14 | Microsoft Technology Licensing, Llc | Coordinating service ransomware detection with client-side ransomware detection |
US10963564B2 (en) | 2018-03-30 | 2021-03-30 | Microsoft Technology Licensing, Llc | Selection of restore point based on detection of malware attack |
US10769278B2 (en) | 2018-03-30 | 2020-09-08 | Microsoft Technology Licensing, Llc | Service identification of ransomware impact at account level |
US10739979B2 (en) | 2018-07-16 | 2020-08-11 | Microsoft Technology Licensing, Llc | Histogram slider for quick navigation of a time-based list |
US11681591B2 (en) * | 2019-04-02 | 2023-06-20 | Acronis International Gmbh | System and method of restoring a clean backup after a malware attack |
US20220058264A1 (en) * | 2020-08-18 | 2022-02-24 | Micro Focus Llc | Thread-based malware detection |
US11714907B2 (en) * | 2021-03-09 | 2023-08-01 | WatchPoint Data, Inc. | System, method, and apparatus for preventing ransomware |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101763479A (zh) * | 2008-12-22 | 2010-06-30 | 赛门铁克公司 | 自适应数据丢失防护策略 |
CN101777062A (zh) * | 2008-12-17 | 2010-07-14 | 赛门铁克公司 | 场境感知的实时计算机保护系统和方法 |
US8549643B1 (en) * | 2010-04-02 | 2013-10-01 | Symantec Corporation | Using decoys by a data loss prevention system to protect against unscripted activity |
WO2014103115A1 (ja) * | 2012-12-26 | 2014-07-03 | 三菱電機株式会社 | 不正侵入検知装置、不正侵入検知方法、不正侵入検知プログラム及び記録媒体 |
CN104298921A (zh) * | 2013-07-15 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | 动画源文件安全漏洞检查方法及装置 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8640247B2 (en) | 2006-05-31 | 2014-01-28 | The Invention Science Fund I, Llc | Receiving an indication of a security breach of a protected set of files |
US9009829B2 (en) | 2007-06-12 | 2015-04-14 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for baiting inside attackers |
US20120084866A1 (en) * | 2007-06-12 | 2012-04-05 | Stolfo Salvatore J | Methods, systems, and media for measuring computer security |
US8341736B2 (en) * | 2007-10-12 | 2012-12-25 | Microsoft Corporation | Detection and dynamic alteration of execution of potential software threats |
US20090281758A1 (en) * | 2008-05-08 | 2009-11-12 | Lecroy Corporation | Method and Apparatus for Triggering a Test and Measurement Instrument |
US8739281B2 (en) * | 2011-12-06 | 2014-05-27 | At&T Intellectual Property I, L.P. | Multilayered deception for intrusion detection and prevention |
US9992225B2 (en) * | 2014-09-12 | 2018-06-05 | Topspin Security Ltd. | System and a method for identifying malware network activity using a decoy environment |
US20160180087A1 (en) * | 2014-12-23 | 2016-06-23 | Jonathan L. Edwards | Systems and methods for malware detection and remediation |
US9483644B1 (en) * | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9923908B2 (en) * | 2015-04-29 | 2018-03-20 | International Business Machines Corporation | Data protection in a networked computing environment |
-
2016
- 2016-03-15 US US15/070,523 patent/US10339304B2/en active Active
- 2016-12-28 EP EP16828876.9A patent/EP3430559B1/en active Active
- 2016-12-28 CN CN201680082693.0A patent/CN109074452B/zh active Active
- 2016-12-28 JP JP2018546431A patent/JP6789308B2/ja active Active
- 2016-12-28 WO PCT/US2016/069034 patent/WO2017160376A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101777062A (zh) * | 2008-12-17 | 2010-07-14 | 赛门铁克公司 | 场境感知的实时计算机保护系统和方法 |
CN101763479A (zh) * | 2008-12-22 | 2010-06-30 | 赛门铁克公司 | 自适应数据丢失防护策略 |
US8549643B1 (en) * | 2010-04-02 | 2013-10-01 | Symantec Corporation | Using decoys by a data loss prevention system to protect against unscripted activity |
WO2014103115A1 (ja) * | 2012-12-26 | 2014-07-03 | 三菱電機株式会社 | 不正侵入検知装置、不正侵入検知方法、不正侵入検知プログラム及び記録媒体 |
JP2016033690A (ja) * | 2012-12-26 | 2016-03-10 | 三菱電機株式会社 | 不正侵入検知装置、不正侵入検知方法、不正侵入検知プログラム及び記録媒体 |
CN104298921A (zh) * | 2013-07-15 | 2015-01-21 | 深圳市腾讯计算机系统有限公司 | 动画源文件安全漏洞检查方法及装置 |
Non-Patent Citations (5)
Title |
---|
Usage of the safety-oriented real-time OASIS approach to build deterministic protection relays;Mathieu Jan, et al.;《International Symposium on Industrial Embedded System (SIES)》;20100819;第128-135页 * |
劫持Linux系统调用封杀Core Dump漏洞攻击;王畅 等;《计算机安全》;20090615;第30-32,37页 * |
基于Spring 的网站文件安全监测系统设计;丁振凡 等;《计算机技术与发展》;20121210;第22卷(第12期);第179-182页 * |
基于安全审计日志的网络文件系统数据完整性保护方法;黄荣荣 等;《第15届全国信息存储技术学术会议论文集》;20080926;第46卷;第1-6页 * |
端口扫描与漏洞安全检测系统SD;刘欣欣 等;《计算机应用与软件》;20001115;第45-49页 * |
Also Published As
Publication number | Publication date |
---|---|
EP3430559A1 (en) | 2019-01-23 |
CN109074452A (zh) | 2018-12-21 |
EP3430559B1 (en) | 2020-08-26 |
JP6789308B2 (ja) | 2020-11-25 |
US20170270293A1 (en) | 2017-09-21 |
JP2019512142A (ja) | 2019-05-09 |
US10339304B2 (en) | 2019-07-02 |
WO2017160376A1 (en) | 2017-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109074452B (zh) | 用于生成绊网文件的系统和方法 | |
CN108701188B (zh) | 响应于检测潜在勒索软件以用于修改文件备份的系统和方法 | |
EP3374922B1 (en) | Systems and methods for protecting backed-up data from ransomware attacks | |
US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
CN107810504B (zh) | 基于用户行为确定恶意下载风险的系统和方法 | |
EP3111364B1 (en) | Systems and methods for optimizing scans of pre-installed applications | |
EP3039609B1 (en) | Systems and methods for identifying private keys that have been compromised | |
US9185119B1 (en) | Systems and methods for detecting malware using file clustering | |
US9338012B1 (en) | Systems and methods for identifying code signing certificate misuse | |
EP3014515B1 (en) | Systems and methods for directing application updates | |
JP2019516160A (ja) | セキュリティ脅威を検出するためのシステム及び方法 | |
US9894085B1 (en) | Systems and methods for categorizing processes as malicious | |
US10250588B1 (en) | Systems and methods for determining reputations of digital certificate signers | |
US9292691B1 (en) | Systems and methods for protecting users from website security risks using templates | |
US11032319B1 (en) | Systems and methods for preparing honeypot computer files | |
US10262131B2 (en) | Systems and methods for obtaining information about security threats on endpoint devices | |
CN109997138A (zh) | 用于检测计算设备上的恶意进程的系统和方法 | |
US9569617B1 (en) | Systems and methods for preventing false positive malware identification | |
US9171152B1 (en) | Systems and methods for preventing chronic false positives | |
US10706167B1 (en) | Systems and methods for enforcing privacy in cloud security | |
US9501649B2 (en) | Systems and methods for determining potential impacts of applications on the security of computing systems | |
US10546117B1 (en) | Systems and methods for managing security programs | |
US10073968B1 (en) | Systems and methods for classifying files | |
US11392696B1 (en) | Systems and methods for detecting code implanted into a published application | |
US10482244B1 (en) | Systems and methods for efficiently matching files |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: California, USA Applicant after: Norton weifuke Co. Address before: California, USA Applicant before: Symantec Corp. |
|
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: Arizona, USA Applicant after: Norton weifuke Co. Address before: California, USA Applicant before: Norton weifuke Co. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: Arizona Patentee after: Keane Digital Co. Address before: Arizona Patentee before: Norton weifuke Co. |
|
CP01 | Change in the name or title of a patent holder |