EP3999985A4 - Inline-malware-detektion - Google Patents

Inline-malware-detektion Download PDF

Info

Publication number
EP3999985A4
EP3999985A4 EP20843721.0A EP20843721A EP3999985A4 EP 3999985 A4 EP3999985 A4 EP 3999985A4 EP 20843721 A EP20843721 A EP 20843721A EP 3999985 A4 EP3999985 A4 EP 3999985A4
Authority
EP
European Patent Office
Prior art keywords
inline
malware detection
malware
detection
inline malware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP20843721.0A
Other languages
English (en)
French (fr)
Other versions
EP3999985A1 (de
Inventor
William Redington HEWLETT
Suiqiang Deng
Sheng Yang
Ho Yu LAM
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Palo Alto Networks Inc
Original Assignee
Palo Alto Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/517,465 external-priority patent/US11636208B2/en
Priority claimed from US16/517,463 external-priority patent/US11374946B2/en
Application filed by Palo Alto Networks Inc filed Critical Palo Alto Networks Inc
Publication of EP3999985A1 publication Critical patent/EP3999985A1/de
Publication of EP3999985A4 publication Critical patent/EP3999985A4/de
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
EP20843721.0A 2019-07-19 2020-07-06 Inline-malware-detektion Pending EP3999985A4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/517,465 US11636208B2 (en) 2019-07-19 2019-07-19 Generating models for performing inline malware detection
US16/517,463 US11374946B2 (en) 2019-07-19 2019-07-19 Inline malware detection
PCT/US2020/040928 WO2021015941A1 (en) 2019-07-19 2020-07-06 Inline malware detection

Publications (2)

Publication Number Publication Date
EP3999985A1 EP3999985A1 (de) 2022-05-25
EP3999985A4 true EP3999985A4 (de) 2023-12-13

Family

ID=74193725

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20843721.0A Pending EP3999985A4 (de) 2019-07-19 2020-07-06 Inline-malware-detektion

Country Status (5)

Country Link
EP (1) EP3999985A4 (de)
JP (2) JP7411775B2 (de)
KR (1) KR102676386B1 (de)
CN (1) CN114072798A (de)
WO (1) WO2021015941A1 (de)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022217218A1 (en) * 2021-04-09 2022-10-13 Palo Alto Networks, Inc. Increased coverage of application-based traffic classification with local and cloud classification services
US12386958B2 (en) * 2022-04-29 2025-08-12 Crowdstrike, Inc. Deriving statistically probable and statistically relevant indicator of compromise signature for matching engines
CN115378747B (zh) * 2022-10-27 2023-01-24 北京六方云信息技术有限公司 恶意数据检测方法、终端设备以及存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011411A1 (en) * 2008-05-27 2010-01-28 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for detecting network anomalies

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8037535B2 (en) 2004-08-13 2011-10-11 Georgetown University System and method for detecting malicious executable code
IL195081A0 (en) * 2008-11-03 2011-08-01 Deutche Telekom Ag Acquisition of malicious code using active learning
US8356354B2 (en) * 2009-11-23 2013-01-15 Kaspersky Lab, Zao Silent-mode signature testing in anti-malware processing
JP2012003463A (ja) 2010-06-16 2012-01-05 Kddi Corp シグネチャの生成を支援する支援装置、方法及びプログラム
US9047441B2 (en) * 2011-05-24 2015-06-02 Palo Alto Networks, Inc. Malware analysis system
US8955133B2 (en) 2011-06-09 2015-02-10 Microsoft Corporation Applying antimalware logic without revealing the antimalware logic to adversaries
CN102779249B (zh) 2012-06-28 2015-07-29 北京奇虎科技有限公司 恶意程序检测方法及扫描引擎
CN103618744B (zh) * 2013-12-10 2017-01-11 华东理工大学 一种基于快速knn算法的入侵检测方法
US10225280B2 (en) * 2014-02-24 2019-03-05 Cyphort Inc. System and method for verifying and detecting malware
US9742796B1 (en) * 2015-09-18 2017-08-22 Palo Alto Networks, Inc. Automatic repair of corrupt files for a detonation engine
US10200391B2 (en) * 2015-09-23 2019-02-05 AVAST Software s.r.o. Detection of malware in derived pattern space
US10972482B2 (en) * 2016-07-05 2021-04-06 Webroot Inc. Automatic inline detection based on static data
US10817608B2 (en) 2017-04-07 2020-10-27 Zscaler, Inc. System and method for malware detection on a per packet basis
US10754948B2 (en) * 2017-04-18 2020-08-25 Cylance Inc. Protecting devices from malicious files based on n-gram processing of sequential data
US10902124B2 (en) * 2017-09-15 2021-01-26 Webroot Inc. Real-time JavaScript classifier
US10565844B2 (en) * 2017-09-27 2020-02-18 Johnson Controls Technology Company Building risk analysis system with global risk dashboard

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011411A1 (en) * 2008-05-27 2010-01-28 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for detecting network anomalies

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
BEEBE NICOLE L ET AL: "Sceadan: Using Concatenated N-Gram Vectors for Improved File and Data Type Classification", IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE, USA, vol. 8, no. 9, 1 September 2013 (2013-09-01), pages 1519 - 1530, XP011526429, ISSN: 1556-6013, [retrieved on 20130814], DOI: 10.1109/TIFS.2013.2274728 *
CHIH-TA LIN ET AL: "Feature Selection and Extraction for Malware Classification", JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, vol. 31, 1 January 2015 (2015-01-01), pages 965 - 992, XP055475966 *
CHRISTIAN WRESSNEGGER ET AL: "A close look on n-grams in intrusion detection", ARTIFICIAL INTELLIGENCE AND SECURITY, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 4 November 2013 (2013-11-04), pages 67 - 76, XP058034229, ISBN: 978-1-4503-2488-5, DOI: 10.1145/2517312.2517316 *
MOHD ZAKI MAS'UD ET AL: "A Comparative Study on Feature Selection Method for N-gram Mobile Malware Detection", INTERNATIONAL JOURNAL OF NETWORK SECURITY, 30 September 2017 (2017-09-30), XP093097820, Retrieved from the Internet <URL:http://ijns.jalaxy.com.tw/contents/ijns-v19-n5/ijns-2017-v19-n5-p727-733.pdf> [retrieved on 20231103], DOI: 10.6633/IJNS.201709.19(5).10 *
OZA ADITYARAM ET AL: "HTTP Attack Detection using N-gram Analysis HTTP Attack Detection using N-gram Analysis", SAN JOSE STATE UNIVERSITY, 1 May 2013 (2013-05-01), XP093059288, Retrieved from the Internet <URL:https://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1298&context=etd_projects> [retrieved on 20230629], DOI: 10.31979/etd.rbtj-p2jh *
See also references of WO2021015941A1 *
TAHAN GIL ET AL: "Mal-ID: Automatic Malware Detection Using Common Segment Analysis and Meta-Features", JOURNAL OF MACHINE LEARNING RESEARCH, 28 February 2012 (2012-02-28), XP093097882, Retrieved from the Internet <URL:https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=ac447b25cbb796fc159ae8d7895c76240f08449c> [retrieved on 20231103] *
WEI-JEN LI ET AL: "Fileprints: identifying file types by n-gram analysis", SYSTEMS, MAN AND CYBERNETICS (SMC) INFORMATION ASSURANCE WORKSHOP, 200 5. PROCEEDINGS FROM THE SIXTH ANNUAL IEEE WEST POINT, NY, USA 15-17 JUNE 2005, PISCATAWAY, NJ, USA,IEEE, 15 June 2005 (2005-06-15), pages 64 - 71, XP010826316, ISBN: 978-0-7803-9290-8, DOI: 10.1109/IAW.2005.1495935 *

Also Published As

Publication number Publication date
KR102676386B1 (ko) 2024-06-20
KR20220053549A (ko) 2022-04-29
JP2024023875A (ja) 2024-02-21
EP3999985A1 (de) 2022-05-25
JP7411775B2 (ja) 2024-01-11
JP7662267B2 (ja) 2025-04-15
JP2022541250A (ja) 2022-09-22
CN114072798A (zh) 2022-02-18
WO2021015941A1 (en) 2021-01-28

Similar Documents

Publication Publication Date Title
GB2600028B (en) Detection of phishing campaigns
GB202018989D0 (en) Malware detection
EP3948563A4 (de) Topologieerfassung
EP4049159A4 (de) Verhinderung von ransomware
GB201919449D0 (en) State detection
GB2575052B (en) Phishing detection
EP3851256A4 (de) Näherungsdetektionssystem
SG11202113179WA (en) Context detection
EP3966720A4 (de) Falsch-positiver nachweis für anomaliedetektion
EP3999985A4 (de) Inline-malware-detektion
EP4034978A4 (de) Gestenerkennungssystem
EP4012449A4 (de) Vorrichtung zur erkennung von zielen
EP4004771A4 (de) Erkennung von bösartigen spielen
EP3795981A4 (de) System zur optischen detektion
EP3707201B8 (de) Celluloseverarbeitung
EP3408782A4 (de) Malware-erkennung
EP3992644A4 (de) Entladungserkennungsvorrichtung
EP3995565A4 (de) Molekulares nachweissystem
EP3779919A4 (de) Detektionssystem
EP4007732A4 (de) Schrägstellungserkennung
EP4074823A4 (de) Nachweisverfahren
EP4048141A4 (de) Spezifische thc-detektionsvorrichtung
EP3998750A4 (de) Signalprozessor
EP4062287A4 (de) Sicherheitsinspektionen
HK40078543A (en) Detection of larp1

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20211224

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230527

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20230703BHEP

Ipc: H04L 9/40 20220101ALI20230703BHEP

Ipc: G06F 21/56 20130101AFI20230703BHEP

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20230710BHEP

Ipc: H04L 9/40 20220101ALI20230710BHEP

Ipc: G06F 21/56 20130101AFI20230710BHEP

A4 Supplementary search report drawn up and despatched

Effective date: 20231114

RIC1 Information provided on ipc code assigned before grant

Ipc: G06N 20/00 20190101ALI20231108BHEP

Ipc: H04L 9/40 20220101ALI20231108BHEP

Ipc: G06F 21/56 20130101AFI20231108BHEP