CN1318932C - 用于自动确定程序的潜在蠕虫样行为的方法与装置 - Google Patents
用于自动确定程序的潜在蠕虫样行为的方法与装置 Download PDFInfo
- Publication number
- CN1318932C CN1318932C CNB038174294A CN03817429A CN1318932C CN 1318932 C CN1318932 C CN 1318932C CN B038174294 A CNB038174294 A CN B038174294A CN 03817429 A CN03817429 A CN 03817429A CN 1318932 C CN1318932 C CN 1318932C
- Authority
- CN
- China
- Prior art keywords
- program
- behavior
- network
- worm
- environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000014509 gene expression Effects 0.000 claims description 5
- 230000004044 response Effects 0.000 claims description 4
- 238000003860 storage Methods 0.000 claims description 2
- 230000002596 correlated effect Effects 0.000 claims 1
- 230000003542 behavioural effect Effects 0.000 abstract description 4
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 238000012545 processing Methods 0.000 abstract description 3
- 238000004458 analytical method Methods 0.000 description 10
- 230000008859 change Effects 0.000 description 9
- 230000003068 static effect Effects 0.000 description 9
- 230000000694 effects Effects 0.000 description 6
- 230000008878 coupling Effects 0.000 description 5
- 238000010168 coupling process Methods 0.000 description 5
- 238000005859 coupling reaction Methods 0.000 description 5
- 230000008676 import Effects 0.000 description 4
- 241000700605 Viruses Species 0.000 description 3
- 238000013459 approach Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000000712 assembly Effects 0.000 description 2
- 238000000429 assembly Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 108010041420 microbial alkaline proteinase inhibitor Proteins 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 238000010977 unit operation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Debugging And Monitoring (AREA)
- Computer And Data Communications (AREA)
- Stored Programmes (AREA)
- Investigation Of Foundation Soil And Reinforcement Of Foundation Soil By Compacting Or Drainage (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
Description
Claims (9)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/202,517 US7487543B2 (en) | 2002-07-23 | 2002-07-23 | Method and apparatus for the automatic determination of potentially worm-like behavior of a program |
US10/202,517 | 2002-07-23 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1672111A CN1672111A (zh) | 2005-09-21 |
CN1318932C true CN1318932C (zh) | 2007-05-30 |
Family
ID=30769844
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB038174294A Expired - Lifetime CN1318932C (zh) | 2002-07-23 | 2003-07-17 | 用于自动确定程序的潜在蠕虫样行为的方法与装置 |
Country Status (9)
Country | Link |
---|---|
US (2) | US7487543B2 (zh) |
EP (1) | EP1543396B1 (zh) |
JP (1) | JP2005534092A (zh) |
CN (1) | CN1318932C (zh) |
AT (1) | ATE353452T1 (zh) |
AU (1) | AU2003244875A1 (zh) |
DE (1) | DE60311666T2 (zh) |
TW (1) | TWI225985B (zh) |
WO (1) | WO2004010269A2 (zh) |
Families Citing this family (200)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7293290B2 (en) * | 2003-02-06 | 2007-11-06 | Symantec Corporation | Dynamic detection of computer worms |
US7584382B2 (en) * | 2004-02-19 | 2009-09-01 | Microsoft Corporation | Method and system for troubleshooting a misconfiguration of a computer system based on configurations of other computer systems |
US7392295B2 (en) * | 2004-02-19 | 2008-06-24 | Microsoft Corporation | Method and system for collecting information from computer systems based on a trusted relationship |
US7752662B2 (en) * | 2004-02-20 | 2010-07-06 | Imperva, Inc. | Method and apparatus for high-speed detection and blocking of zero day worm attacks |
US8006305B2 (en) * | 2004-06-14 | 2011-08-23 | Fireeye, Inc. | Computer worm defense system and method |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US20050268112A1 (en) * | 2004-05-28 | 2005-12-01 | Microsoft Corporation | Managing spyware and unwanted software through auto-start extensibility points |
US7814550B2 (en) * | 2004-10-26 | 2010-10-12 | The Mitre Corporation | System and method to emulate mobile logic in a communication system |
US8516583B2 (en) | 2005-03-31 | 2013-08-20 | Microsoft Corporation | Aggregating the knowledge base of computer systems to proactively protect a computer from malware |
US8161548B1 (en) | 2005-08-15 | 2012-04-17 | Trend Micro, Inc. | Malware detection using pattern classification |
KR100791290B1 (ko) * | 2006-02-10 | 2008-01-04 | 삼성전자주식회사 | 디바이스 간에 악성 어플리케이션의 행위 정보를 사용하는장치 및 방법 |
US7840958B1 (en) * | 2006-02-17 | 2010-11-23 | Trend Micro, Inc. | Preventing spyware installation |
US8640235B2 (en) * | 2006-03-31 | 2014-01-28 | Symantec Corporation | Determination of malicious entities |
KR20070099200A (ko) * | 2006-04-03 | 2007-10-09 | 삼성전자주식회사 | 휴대형 무선 기기의 응용 모듈 접근 제한 장치 및 이를이용한 접근 제한 방법 |
JP2007334536A (ja) * | 2006-06-14 | 2007-12-27 | Securebrain Corp | マルウェアの挙動解析システム |
FI20060665A0 (fi) * | 2006-07-07 | 2006-07-07 | Nokia Corp | Poikkeavuuden havaitseminen |
US8151352B1 (en) * | 2006-07-14 | 2012-04-03 | Bitdefender IPR Managament Ltd. | Anti-malware emulation systems and methods |
JP2008129707A (ja) * | 2006-11-17 | 2008-06-05 | Lac Co Ltd | プログラム分析装置、プログラム分析方法、及びプログラム |
EP2145281B1 (en) * | 2007-04-12 | 2013-11-20 | Core Sdi, Incorporated | System, method and computer readable medium for providing network penetration testing |
US7912894B2 (en) * | 2007-05-15 | 2011-03-22 | Adams Phillip M | Computerized, copy-detection and discrimination apparatus and method |
CN101350054B (zh) * | 2007-10-15 | 2011-05-25 | 北京瑞星信息技术有限公司 | 计算机有害程序自动防护方法及装置 |
US8806619B2 (en) * | 2007-12-20 | 2014-08-12 | Cybernet Systems Corporation | System and methods for detecting software vulnerabilities and malicious code |
US8434151B1 (en) * | 2008-01-04 | 2013-04-30 | International Business Machines Corporation | Detecting malicious software |
JP4755658B2 (ja) * | 2008-01-30 | 2011-08-24 | 日本電信電話株式会社 | 解析システム、解析方法および解析プログラム |
US9779234B2 (en) * | 2008-06-18 | 2017-10-03 | Symantec Corporation | Software reputation establishment and monitoring system and method |
JP5009244B2 (ja) * | 2008-07-07 | 2012-08-22 | 日本電信電話株式会社 | マルウェア検知システム、マルウェア検知方法及びマルウェア検知プログラム |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8443447B1 (en) * | 2009-08-06 | 2013-05-14 | Trend Micro Incorporated | Apparatus and method for detecting malware-infected electronic mail |
US8161552B1 (en) | 2009-09-23 | 2012-04-17 | Trend Micro, Inc. | White list creation in behavior monitoring system |
US8832829B2 (en) * | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US8474040B2 (en) | 2010-02-19 | 2013-06-25 | International Business Machines Corporation | Environmental imaging |
RU2506638C2 (ru) | 2011-06-28 | 2014-02-10 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ аппаратного обнаружения и лечения неизвестного вредоносного программного обеспечения, установленного на персональном компьютере |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US10089582B2 (en) | 2013-01-02 | 2018-10-02 | Qualcomm Incorporated | Using normalized confidence values for classifying mobile device behaviors |
JP6305442B2 (ja) * | 2013-02-15 | 2018-04-04 | クアルコム,インコーポレイテッド | 複数のアナライザモデルプロバイダを用いたモバイルデバイスにおけるオンライン挙動分析エンジン |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9740857B2 (en) | 2014-01-16 | 2017-08-22 | Fireeye, Inc. | Threat-aware microvisor |
CN103793597B (zh) * | 2014-01-16 | 2017-02-22 | 同济大学 | 基于完备主干子系统的模型相似度度量方法 |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
JP6018346B2 (ja) * | 2014-06-17 | 2016-11-02 | 日本電信電話株式会社 | 情報処理システム、制御方法及び制御プログラム |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10474446B2 (en) * | 2016-09-16 | 2019-11-12 | Bank Of America Corporation | Installation tool for adhering to enterprise requirements |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
JP6829168B2 (ja) * | 2017-09-04 | 2021-02-10 | 株式会社東芝 | 情報処理装置、情報処理方法およびプログラム |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11743290B2 (en) | 2018-12-21 | 2023-08-29 | Fireeye Security Holdings Us Llc | System and method for detecting cyberattacks impersonating legitimate sources |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11176251B1 (en) | 2018-12-21 | 2021-11-16 | Fireeye, Inc. | Determining malware via symbolic function hash analysis |
US11601444B1 (en) | 2018-12-31 | 2023-03-07 | Fireeye Security Holdings Us Llc | Automated system for triage of customer issues |
US10642715B1 (en) * | 2019-02-21 | 2020-05-05 | Cyberark Software Ltd. | Dynamic authorization of requested actions using adaptive context-based matching |
US11310238B1 (en) | 2019-03-26 | 2022-04-19 | FireEye Security Holdings, Inc. | System and method for retrieval and analysis of operational data from customer, cloud-hosted virtual resources |
US11677786B1 (en) | 2019-03-29 | 2023-06-13 | Fireeye Security Holdings Us Llc | System and method for detecting and protecting against cybersecurity attacks on servers |
US11636198B1 (en) | 2019-03-30 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for cybersecurity analyzer update and concurrent management system |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11838300B1 (en) | 2019-12-24 | 2023-12-05 | Musarubra Us Llc | Run-time configurable cybersecurity system |
US11522884B1 (en) | 2019-12-24 | 2022-12-06 | Fireeye Security Holdings Us Llc | Subscription and key management system |
US11436327B1 (en) | 2019-12-24 | 2022-09-06 | Fireeye Security Holdings Us Llc | System and method for circumventing evasive code for cyberthreat detection |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999066386A1 (en) * | 1998-06-18 | 1999-12-23 | Babak Ahmadi | Bait software |
CN1314638A (zh) * | 2001-04-29 | 2001-09-26 | 北京瑞星科技股份有限公司 | 检测和清除已知及未知计算机病毒的方法、系统和介质 |
WO2002006928A2 (en) * | 2000-07-14 | 2002-01-24 | Vcis, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
WO2002027440A2 (en) * | 2000-09-26 | 2002-04-04 | Koninklijke Philips Electronics N.V. | Security monitor of system running software simulator in parallel |
WO2002037740A2 (en) * | 2000-11-02 | 2002-05-10 | Koninklijke Philips Electronics N.V. | Visual anti-virus in a network control environment |
Family Cites Families (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
US5398196A (en) | 1993-07-29 | 1995-03-14 | Chambers; David A. | Method and apparatus for detection of computer viruses |
EP0769170B1 (en) | 1994-06-01 | 1999-08-18 | Quantum Leap Innovations Inc: | Computer virus trap |
US5636371A (en) | 1995-06-07 | 1997-06-03 | Bull Hn Information Systems Inc. | Virtual network mechanism to access well known port application programs running on a single host system |
US5734865A (en) | 1995-06-07 | 1998-03-31 | Bull Hn Information Systems Inc. | Virtual local area network well-known port routing mechanism for mult--emulators in an open system environment |
US6006328A (en) * | 1995-07-14 | 1999-12-21 | Christopher N. Drake | Computer software authentication, protection, and security system |
US5889943A (en) * | 1995-09-26 | 1999-03-30 | Trend Micro Incorporated | Apparatus and method for electronic mail virus detection and elimination |
US5826013A (en) | 1995-09-28 | 1998-10-20 | Symantec Corporation | Polymorphic virus detection module |
US5812826A (en) | 1996-06-27 | 1998-09-22 | Mci Communications Corporation | Method and apparatus for emulating a network of state monitoring devices |
US5978917A (en) | 1997-08-14 | 1999-11-02 | Symantec Corporation | Detection and elimination of macro viruses |
US6192512B1 (en) | 1998-09-24 | 2001-02-20 | International Business Machines Corporation | Interpreter with virtualized interface |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6842861B1 (en) * | 2000-03-24 | 2005-01-11 | Networks Associates Technology, Inc. | Method and system for detecting viruses on handheld computers |
US7328349B2 (en) * | 2001-12-14 | 2008-02-05 | Bbn Technologies Corp. | Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses |
US6981279B1 (en) | 2000-08-17 | 2005-12-27 | International Business Machines Corporation | Method and apparatus for replicating and analyzing worm programs |
US6981278B1 (en) * | 2000-09-05 | 2005-12-27 | Sterling Commerce, Inc. | System and method for secure dual channel communication through a firewall |
US6886099B1 (en) * | 2000-09-12 | 2005-04-26 | Networks Associates Technology, Inc. | Computer virus detection |
JP2002182942A (ja) * | 2000-12-18 | 2002-06-28 | Yokogawa Electric Corp | コンテンツ認証システム |
US6766475B2 (en) * | 2001-01-04 | 2004-07-20 | International Business Machines Corporation | Method and apparatus for exercising an unknown program with a graphical user interface |
GB2371125A (en) * | 2001-01-13 | 2002-07-17 | Secr Defence | Computer protection system |
US7421587B2 (en) * | 2001-07-26 | 2008-09-02 | Mcafee, Inc. | Detecting computer programs within packed computer files |
US7340774B2 (en) * | 2001-10-15 | 2008-03-04 | Mcafee, Inc. | Malware scanning as a low priority task |
US6772345B1 (en) * | 2002-02-08 | 2004-08-03 | Networks Associates Technology, Inc. | Protocol-level malware scanner |
US6785820B1 (en) * | 2002-04-02 | 2004-08-31 | Networks Associates Technology, Inc. | System, method and computer program product for conditionally updating a security program |
US7103913B2 (en) * | 2002-05-08 | 2006-09-05 | International Business Machines Corporation | Method and apparatus for determination of the non-replicative behavior of a malicious program |
US7379857B2 (en) * | 2002-05-10 | 2008-05-27 | Lockheed Martin Corporation | Method and system for simulating computer networks to facilitate testing of computer network security |
US7370360B2 (en) * | 2002-05-13 | 2008-05-06 | International Business Machines Corporation | Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine |
US20040093514A1 (en) * | 2002-11-08 | 2004-05-13 | International Business Machines Corporation | Method for automatically isolating worm and hacker attacks within a local area network |
US20040111531A1 (en) * | 2002-12-06 | 2004-06-10 | Stuart Staniford | Method and system for reducing the rate of infection of a communications network by a software worm |
US7418730B2 (en) * | 2002-12-17 | 2008-08-26 | International Business Machines Corporation | Automatic client responses to worm or hacker attacks |
US7552473B2 (en) * | 2003-08-12 | 2009-06-23 | Symantec Corporation | Detecting and blocking drive sharing worms |
US7752662B2 (en) * | 2004-02-20 | 2010-07-06 | Imperva, Inc. | Method and apparatus for high-speed detection and blocking of zero day worm attacks |
JP4480422B2 (ja) * | 2004-03-05 | 2010-06-16 | 富士通株式会社 | 不正アクセス阻止方法、装置及びシステム並びにプログラム |
US7603715B2 (en) * | 2004-07-21 | 2009-10-13 | Microsoft Corporation | Containment of worms |
US7797749B2 (en) * | 2004-11-03 | 2010-09-14 | Intel Corporation | Defending against worm or virus attacks on networks |
US7810158B2 (en) * | 2004-12-16 | 2010-10-05 | At&T Intellectual Property I, L.P. | Methods and systems for deceptively trapping electronic worms |
KR100690187B1 (ko) * | 2005-06-21 | 2007-03-09 | 주식회사 안철수연구소 | 악성 코드 차단 방법 및 장치 및 그 시스템 |
KR100642716B1 (ko) * | 2005-08-22 | 2006-11-10 | 이채현 | 에이알피 패킷을 이용한 웜 탐지 방법 및 그 장치 |
WO2007038517A1 (en) * | 2005-09-26 | 2007-04-05 | Wiresoft, Inc. | Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks |
-
2002
- 2002-07-23 US US10/202,517 patent/US7487543B2/en active Active
-
2003
- 2003-06-30 TW TW092117801A patent/TWI225985B/zh not_active IP Right Cessation
- 2003-07-17 WO PCT/GB2003/003112 patent/WO2004010269A2/en active IP Right Grant
- 2003-07-17 CN CNB038174294A patent/CN1318932C/zh not_active Expired - Lifetime
- 2003-07-17 DE DE60311666T patent/DE60311666T2/de not_active Expired - Lifetime
- 2003-07-17 JP JP2004522314A patent/JP2005534092A/ja active Pending
- 2003-07-17 AT AT03738350T patent/ATE353452T1/de not_active IP Right Cessation
- 2003-07-17 AU AU2003244875A patent/AU2003244875A1/en not_active Abandoned
- 2003-07-17 EP EP03738350A patent/EP1543396B1/en not_active Expired - Lifetime
-
2008
- 2008-04-03 US US12/062,152 patent/US7996905B2/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999066386A1 (en) * | 1998-06-18 | 1999-12-23 | Babak Ahmadi | Bait software |
WO2002006928A2 (en) * | 2000-07-14 | 2002-01-24 | Vcis, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
WO2002027440A2 (en) * | 2000-09-26 | 2002-04-04 | Koninklijke Philips Electronics N.V. | Security monitor of system running software simulator in parallel |
WO2002037740A2 (en) * | 2000-11-02 | 2002-05-10 | Koninklijke Philips Electronics N.V. | Visual anti-virus in a network control environment |
CN1314638A (zh) * | 2001-04-29 | 2001-09-26 | 北京瑞星科技股份有限公司 | 检测和清除已知及未知计算机病毒的方法、系统和介质 |
Also Published As
Publication number | Publication date |
---|---|
TWI225985B (en) | 2005-01-01 |
US7487543B2 (en) | 2009-02-03 |
JP2005534092A (ja) | 2005-11-10 |
ATE353452T1 (de) | 2007-02-15 |
TW200404203A (en) | 2004-03-16 |
US7996905B2 (en) | 2011-08-09 |
WO2004010269A2 (en) | 2004-01-29 |
DE60311666T2 (de) | 2007-11-22 |
EP1543396A2 (en) | 2005-06-22 |
EP1543396B1 (en) | 2007-02-07 |
DE60311666D1 (de) | 2007-03-22 |
AU2003244875A1 (en) | 2004-02-09 |
US20040019832A1 (en) | 2004-01-29 |
WO2004010269A3 (en) | 2004-03-11 |
US20080189787A1 (en) | 2008-08-07 |
CN1672111A (zh) | 2005-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1318932C (zh) | 用于自动确定程序的潜在蠕虫样行为的方法与装置 | |
Balci | Requirements for model development environments | |
US10635437B1 (en) | Techniques to deploy an application as a cloud computing service | |
US6539501B1 (en) | Method, system, and program for logging statements to monitor execution of a program | |
US8949800B2 (en) | Time-based trace facility | |
CN103514023B (zh) | 一种虚拟机离线自动软件安装的方法及系统 | |
US10255086B2 (en) | Determining optimal methods for creating virtual machines | |
IL136836A (en) | Automatic configuration | |
CN105740093A (zh) | 备份方法、环境更新预先检测方法及其系统 | |
CN103927198A (zh) | 一种软件清理方法及装置 | |
Vysotska et al. | Automated monitoring of changes in web resources | |
US9218139B2 (en) | Minimally disruptive virtual machine snapshots | |
US20170091076A1 (en) | Debugging remote vertex code on test machine | |
US20210141709A1 (en) | Automatic software behavior identification using execution record | |
US9823998B2 (en) | Trace recovery via statistical reasoning | |
EP1710698A2 (en) | Generic software requirements analyser | |
US20230195455A1 (en) | Automated Developer Governance System | |
CN111831395A (zh) | 一种行为监控分析方法与系统 | |
CN115292647A (zh) | 一种非侵入式政务数据的获取方法 | |
CN115048082A (zh) | 微前端系统构建方法、装置、服务器及可读存储介质 | |
WO2016044501A1 (en) | Selectively loading precompiled header(s) and/or portion(s) thereof | |
CN115840691A (zh) | 远程修复崩溃进程 | |
US11467947B2 (en) | Automated mocking of computer system deployments | |
CN115812195A (zh) | 计算开发过程中的开发者时间 | |
Rechert et al. | Towards a Risk Model for Emulation-based Preservation Strategies: A Case Study from the Software-based Art Domain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
ASS | Succession or assignment of patent right |
Owner name: TREND TECHNOLOGY CORP. Free format text: FORMER OWNER: INTERNATIONAL BUSINESS MACHINES CORP. Effective date: 20100715 |
|
C41 | Transfer of patent application or patent right or utility model | ||
COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: NEW YORK, THE USA TO: TOKYO METROPOLIS, JAPAN |
|
TR01 | Transfer of patent right |
Effective date of registration: 20100715 Address after: Tokyo, Japan Patentee after: Trend Micro Inc. Address before: American New York Patentee before: International Business Machines Corp. |
|
TR01 | Transfer of patent right |
Effective date of registration: 20190118 Address after: California, USA Patentee after: Finn Limited by Share Ltd. Address before: Tokyo, Japan Patentee before: Trend Micro Inc. |
|
TR01 | Transfer of patent right | ||
CX01 | Expiry of patent term |
Granted publication date: 20070530 |
|
CX01 | Expiry of patent term |