EP3999985A4 - Inline malware detection - Google Patents

Inline malware detection Download PDF

Info

Publication number
EP3999985A4
EP3999985A4 EP20843721.0A EP20843721A EP3999985A4 EP 3999985 A4 EP3999985 A4 EP 3999985A4 EP 20843721 A EP20843721 A EP 20843721A EP 3999985 A4 EP3999985 A4 EP 3999985A4
Authority
EP
European Patent Office
Prior art keywords
inline
malware detection
malware
detection
inline malware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20843721.0A
Other languages
German (de)
French (fr)
Other versions
EP3999985A1 (en
Inventor
William Redington HEWLETT
Suiqiang Deng
Sheng Yang
Ho Yu LAM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Palo Alto Networks Inc
Original Assignee
Palo Alto Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/517,465 external-priority patent/US11636208B2/en
Priority claimed from US16/517,463 external-priority patent/US11374946B2/en
Application filed by Palo Alto Networks Inc filed Critical Palo Alto Networks Inc
Publication of EP3999985A1 publication Critical patent/EP3999985A1/en
Publication of EP3999985A4 publication Critical patent/EP3999985A4/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
EP20843721.0A 2019-07-19 2020-07-06 Inline malware detection Pending EP3999985A4 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/517,465 US11636208B2 (en) 2019-07-19 2019-07-19 Generating models for performing inline malware detection
US16/517,463 US11374946B2 (en) 2019-07-19 2019-07-19 Inline malware detection
PCT/US2020/040928 WO2021015941A1 (en) 2019-07-19 2020-07-06 Inline malware detection

Publications (2)

Publication Number Publication Date
EP3999985A1 EP3999985A1 (en) 2022-05-25
EP3999985A4 true EP3999985A4 (en) 2023-12-13

Family

ID=74193725

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20843721.0A Pending EP3999985A4 (en) 2019-07-19 2020-07-06 Inline malware detection

Country Status (5)

Country Link
EP (1) EP3999985A4 (en)
JP (2) JP7411775B2 (en)
KR (1) KR20220053549A (en)
CN (1) CN114072798A (en)
WO (1) WO2021015941A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115378747B (en) * 2022-10-27 2023-01-24 北京六方云信息技术有限公司 Malicious data detection method, terminal device and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011411A1 (en) * 2008-05-27 2010-01-28 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for detecting network anomalies

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9742796B1 (en) * 2015-09-18 2017-08-22 Palo Alto Networks, Inc. Automatic repair of corrupt files for a detonation engine
US10200391B2 (en) * 2015-09-23 2019-02-05 AVAST Software s.r.o. Detection of malware in derived pattern space
US10817608B2 (en) 2017-04-07 2020-10-27 Zscaler, Inc. System and method for malware detection on a per packet basis
US10754948B2 (en) 2017-04-18 2020-08-25 Cylance Inc. Protecting devices from malicious files based on n-gram processing of sequential data
US10902124B2 (en) * 2017-09-15 2021-01-26 Webroot Inc. Real-time JavaScript classifier
US10565844B2 (en) * 2017-09-27 2020-02-18 Johnson Controls Technology Company Building risk analysis system with global risk dashboard

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011411A1 (en) * 2008-05-27 2010-01-28 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for detecting network anomalies

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
BEEBE NICOLE L ET AL: "Sceadan: Using Concatenated N-Gram Vectors for Improved File and Data Type Classification", IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE, USA, vol. 8, no. 9, 1 September 2013 (2013-09-01), pages 1519 - 1530, XP011526429, ISSN: 1556-6013, [retrieved on 20130814], DOI: 10.1109/TIFS.2013.2274728 *
CHIH-TA LIN ET AL: "Feature Selection and Extraction for Malware Classification", JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, vol. 31, 1 January 2015 (2015-01-01), pages 965 - 992, XP055475966 *
CHRISTIAN WRESSNEGGER ET AL: "A close look on n-grams in intrusion detection", ARTIFICIAL INTELLIGENCE AND SECURITY, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 4 November 2013 (2013-11-04), pages 67 - 76, XP058034229, ISBN: 978-1-4503-2488-5, DOI: 10.1145/2517312.2517316 *
MOHD ZAKI MAS'UD ET AL: "A Comparative Study on Feature Selection Method for N-gram Mobile Malware Detection", INTERNATIONAL JOURNAL OF NETWORK SECURITY, 30 September 2017 (2017-09-30), XP093097820, Retrieved from the Internet <URL:http://ijns.jalaxy.com.tw/contents/ijns-v19-n5/ijns-2017-v19-n5-p727-733.pdf> [retrieved on 20231103], DOI: 10.6633/IJNS.201709.19(5).10 *
OZA ADITYARAM ET AL: "HTTP Attack Detection using N-gram Analysis HTTP Attack Detection using N-gram Analysis", SAN JOSE STATE UNIVERSITY, 1 May 2013 (2013-05-01), XP093059288, Retrieved from the Internet <URL:https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1298&context=etd_projects> [retrieved on 20230629], DOI: 10.31979/etd.rbtj-p2jh *
See also references of WO2021015941A1 *
TAHAN GIL ET AL: "Mal-ID: Automatic Malware Detection Using Common Segment Analysis and Meta-Features", JOURNAL OF MACHINE LEARNING RESEARCH, 28 February 2012 (2012-02-28), XP093097882, Retrieved from the Internet <URL:https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=ac447b25cbb796fc159ae8d7895c76240f08449c> [retrieved on 20231103] *
WEI-JEN LI ET AL: "Fileprints: identifying file types by n-gram analysis", SYSTEMS, MAN AND CYBERNETICS (SMC) INFORMATION ASSURANCE WORKSHOP, 200 5. PROCEEDINGS FROM THE SIXTH ANNUAL IEEE WEST POINT, NY, USA 15-17 JUNE 2005, PISCATAWAY, NJ, USA,IEEE, 15 June 2005 (2005-06-15), pages 64 - 71, XP010826316, ISBN: 978-0-7803-9290-8, DOI: 10.1109/IAW.2005.1495935 *

Also Published As

Publication number Publication date
JP7411775B2 (en) 2024-01-11
EP3999985A1 (en) 2022-05-25
JP2024023875A (en) 2024-02-21
WO2021015941A1 (en) 2021-01-28
CN114072798A (en) 2022-02-18
KR20220053549A (en) 2022-04-29
JP2022541250A (en) 2022-09-22

Similar Documents

Publication Publication Date Title
EP3857419A4 (en) Detecting ransomware
EP3592768A4 (en) Analyte detection
EP3884411A4 (en) Cryptocurrency based malware and ransomware detection systems and methods
EP4017361A4 (en) Micro-analyte detection device
GB202018989D0 (en) Malware detection
EP3590063A4 (en) Detecting malicious behavior within local networks
EP3622431A4 (en) Crypto-ransomware compromise detection
EP3743780A4 (en) Anomaly detection
EP3586206A4 (en) Flitch tracking
EP3591899A4 (en) Path detection
EP3940735A4 (en) Detection device
EP4011542A4 (en) Processing device
EP3588873A4 (en) Path detection
EP3625349A4 (en) Modified viruses
EP3799535A4 (en) Plasma processor
EP4023386A4 (en) Processing system
EP3913351A4 (en) Detection system
EP4012449A4 (en) Target detection device
EP3999985A4 (en) Inline malware detection
EP3715803A4 (en) Optical detection circuit
EP3408782A4 (en) Malware detection
EP3999254A4 (en) Stacked-package detection system
EP4049156A4 (en) Malware identification
EP3408989A4 (en) Detecting malware on spdy connections
EP4074823A4 (en) Detection method

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20211224

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230527

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20230703BHEP

Ipc: H04L 9/40 20220101ALI20230703BHEP

Ipc: G06F 21/56 20130101AFI20230703BHEP

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20230710BHEP

Ipc: H04L 9/40 20220101ALI20230710BHEP

Ipc: G06F 21/56 20130101AFI20230710BHEP

A4 Supplementary search report drawn up and despatched

Effective date: 20231114

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20231108BHEP

Ipc: H04L 9/40 20220101ALI20231108BHEP

Ipc: G06F 21/56 20130101AFI20231108BHEP