HK1124414A1 - Method and apparatus for finding malicious behaviors of computer programs - Google Patents

Method and apparatus for finding malicious behaviors of computer programs

Info

Publication number
HK1124414A1
HK1124414A1 HK09103765.8A HK09103765A HK1124414A1 HK 1124414 A1 HK1124414 A1 HK 1124414A1 HK 09103765 A HK09103765 A HK 09103765A HK 1124414 A1 HK1124414 A1 HK 1124414A1
Authority
HK
Hong Kong
Prior art keywords
computer programs
malicious behaviors
finding malicious
finding
behaviors
Prior art date
Application number
HK09103765.8A
Other languages
English (en)
Inventor
Chao Ye
Original Assignee
Beijing Rising Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Rising Information Technology Co Ltd filed Critical Beijing Rising Information Technology Co Ltd
Publication of HK1124414A1 publication Critical patent/HK1124414A1/xx

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
  • Computer And Data Communications (AREA)
HK09103765.8A 2007-10-15 2009-04-23 Method and apparatus for finding malicious behaviors of computer programs HK1124414A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007101624426A CN101350052B (zh) 2007-10-15 2007-10-15 发现计算机程序的恶意行为的方法和装置

Publications (1)

Publication Number Publication Date
HK1124414A1 true HK1124414A1 (en) 2009-07-10

Family

ID=40268839

Family Applications (1)

Application Number Title Priority Date Filing Date
HK09103765.8A HK1124414A1 (en) 2007-10-15 2009-04-23 Method and apparatus for finding malicious behaviors of computer programs

Country Status (6)

Country Link
US (1) US8898775B2 (ja)
EP (1) EP2219130A4 (ja)
JP (1) JP5011436B2 (ja)
CN (1) CN101350052B (ja)
HK (1) HK1124414A1 (ja)
WO (1) WO2009049555A1 (ja)

Families Citing this family (86)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8499350B1 (en) * 2009-07-29 2013-07-30 Symantec Corporation Detecting malware through package behavior
FI20060665A0 (fi) * 2006-07-07 2006-07-07 Nokia Corp Poikkeavuuden havaitseminen
CN101350054B (zh) 2007-10-15 2011-05-25 北京瑞星信息技术有限公司 计算机有害程序自动防护方法及装置
CN101350052B (zh) 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 发现计算机程序的恶意行为的方法和装置
US8935789B2 (en) * 2008-07-21 2015-01-13 Jayant Shukla Fixing computer files infected by virus and other malware
US8863282B2 (en) * 2009-10-15 2014-10-14 Mcafee Inc. Detecting and responding to malware using link files
KR101671795B1 (ko) * 2010-01-18 2016-11-03 삼성전자주식회사 동적 링크 라이브러리 삽입 공격을 방지하는 컴퓨터 시스템 및 방법
CN103106366B (zh) * 2010-08-18 2016-05-04 北京奇虎科技有限公司 一种基于云的样本数据库动态维护方法
CN102630320B (zh) * 2010-10-04 2015-06-17 松下电器产业株式会社 信息处理装置以及应用程序不正当协作防止方法
CN102163161B (zh) * 2011-04-01 2018-09-25 奇智软件(北京)有限公司 一种进程管理方法及装置
RU2454705C1 (ru) * 2011-04-19 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ защиты компьютерного устройства от вредоносных объектов, использующих сложные схемы заражения
CN102194072B (zh) * 2011-06-03 2012-11-14 奇智软件(北京)有限公司 一种处理计算机病毒的方法、装置及系统
CN102253863B (zh) * 2011-06-15 2017-05-03 奇智软件(北京)有限公司 一种进程关闭方法
KR101206853B1 (ko) * 2011-06-23 2012-11-30 주식회사 잉카인터넷 네트워크 접근 제어시스템 및 방법
CN102855129B (zh) * 2011-06-29 2015-08-19 奇智软件(北京)有限公司 自动创建独立进程的方法及其系统
CN102289616A (zh) * 2011-06-30 2011-12-21 北京邮电大学 移动智能终端中系统资源恶意侵占的防范方法和系统
US8732831B2 (en) * 2011-07-14 2014-05-20 AVG Netherlands B.V. Detection of rogue software applications
US9288226B2 (en) * 2011-07-14 2016-03-15 AVG Netherlands B.V. Detection of rogue software applications
CN102222194A (zh) * 2011-07-14 2011-10-19 哈尔滨工业大学 Linux主机计算环境安全保护的模块及方法
CN102331965A (zh) * 2011-09-15 2012-01-25 深圳桑菲消费通信有限公司 终端资源管理的方法
CN102761458B (zh) * 2011-12-20 2014-11-05 北京安天电子设备有限公司 一种反弹式木马的检测方法和系统
US9659173B2 (en) * 2012-01-31 2017-05-23 International Business Machines Corporation Method for detecting a malware
US20130239214A1 (en) * 2012-03-06 2013-09-12 Trusteer Ltd. Method for detecting and removing malware
KR101212497B1 (ko) * 2012-05-02 2012-12-14 주식회사 팀스톤 컴퓨팅 장치에서 수행되는 자원 모니터링 방법 및 컴퓨팅 장치
CN102819713B (zh) * 2012-06-29 2015-09-16 北京奇虎科技有限公司 一种检测弹窗安全性的方法和系统
US9245120B2 (en) 2012-07-13 2016-01-26 Cisco Technologies, Inc. Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning
CN103049695B (zh) * 2012-12-11 2015-12-09 北京奇虎科技有限公司 一种计算机病毒的监控方法和装置
CN103020524B (zh) * 2012-12-11 2015-08-05 北京奇虎科技有限公司 计算机病毒监控系统
CN103902892B (zh) * 2012-12-24 2017-08-04 珠海市君天电子科技有限公司 基于行为的病毒防御方法及系统
CN104050413A (zh) * 2013-03-13 2014-09-17 腾讯科技(深圳)有限公司 一种数据处理的方法及终端
CN103413091B (zh) * 2013-07-18 2016-01-20 腾讯科技(深圳)有限公司 恶意行为的监控方法及装置
US9323931B2 (en) 2013-10-04 2016-04-26 Bitdefender IPR Management Ltd. Complex scoring for malware detection
US20150113644A1 (en) * 2013-10-21 2015-04-23 Trusteer, Ltd. Exploit Detection/Prevention
CN103679024B (zh) * 2013-11-19 2015-03-25 百度在线网络技术(北京)有限公司 病毒的处理方法及设备
US9710648B2 (en) * 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US10102374B1 (en) 2014-08-11 2018-10-16 Sentinel Labs Israel Ltd. Method of remediating a program and system thereof by undoing operations
CN105809033A (zh) * 2014-12-30 2016-07-27 北京奇虎科技有限公司 恶意进程处理方法及装置
CN106033513A (zh) * 2015-03-13 2016-10-19 阿里巴巴集团控股有限公司 软件检测方法及设备
GB201504612D0 (en) * 2015-03-18 2015-05-06 Inquisitive Systems Ltd Forensic analysis
US9798878B1 (en) * 2015-03-31 2017-10-24 Symantec Corporation Systems and methods for detecting text display manipulation attacks
CN104850793B (zh) * 2015-05-28 2017-09-29 成都中科创达软件有限公司 一种安卓系统智能控制管理方法
CN104866760B (zh) * 2015-06-01 2017-10-10 成都中科创达软件有限公司 一种智能手机安全防护方法
CN104955043B (zh) * 2015-06-01 2018-02-16 成都中科创达软件有限公司 一种智能终端安全防护系统
CN104866761B (zh) * 2015-06-01 2017-10-31 成都中科创达软件有限公司 一种高安全性安卓智能终端
US10089465B2 (en) 2015-07-24 2018-10-02 Bitdefender IPR Management Ltd. Systems and methods for tracking malicious behavior across multiple software entities
CN105354487B (zh) * 2015-10-23 2018-10-16 北京金山安全软件有限公司 应用监控处理方法、装置及终端设备
CN106650438A (zh) * 2015-11-04 2017-05-10 阿里巴巴集团控股有限公司 一种恶意程序检测的方法及装置
US10880316B2 (en) 2015-12-09 2020-12-29 Check Point Software Technologies Ltd. Method and system for determining initial execution of an attack
US10440036B2 (en) * 2015-12-09 2019-10-08 Checkpoint Software Technologies Ltd Method and system for modeling all operations and executions of an attack and malicious process entry
CN105574410B (zh) * 2015-12-15 2018-07-31 北京金山安全软件有限公司 一种应用程序的安全检测方法及装置
CN105608375A (zh) * 2015-12-17 2016-05-25 北京金山安全软件有限公司 一种进程信息获取方法及装置
CN105608377A (zh) * 2015-12-24 2016-05-25 国家电网公司 一种信息系统进程安全管理系统及管理方法
CN105630636A (zh) * 2016-01-26 2016-06-01 陈谦 一种智能电子设备操作系统的动态恢复方法及其装置
CN107292169B (zh) * 2016-03-31 2021-04-16 阿里巴巴集团控股有限公司 恶意软件的威胁溯源方法及装置
CN106156610B (zh) * 2016-06-29 2019-02-12 珠海豹趣科技有限公司 一种进程路径获取方法、装置和电子设备
CN106156612B (zh) * 2016-07-04 2019-04-26 北京金山安全软件有限公司 防止用户界面特权隔离被攻击的方法、装置及终端设备
CN106169049B (zh) * 2016-07-12 2019-04-09 珠海豹趣科技有限公司 一种处理线程注册的方法、装置及电子设备
CN106228062B (zh) * 2016-07-12 2019-04-26 珠海豹趣科技有限公司 一种处理进程注册的方法、装置及电子设备
CN106560833A (zh) * 2016-07-22 2017-04-12 哈尔滨安天科技股份有限公司 一种基于文件头检测感染式病毒的方法及系统
CN107666464B (zh) * 2016-07-28 2020-11-06 腾讯科技(深圳)有限公司 一种信息处理方法及服务器
CN106709330B (zh) * 2016-07-29 2020-04-21 腾讯科技(深圳)有限公司 记录文件执行行为的方法及装置
US11120106B2 (en) 2016-07-30 2021-09-14 Endgame, Inc. Hardware—assisted system and method for detecting and analyzing system calls made to an operating system kernel
US10534910B1 (en) * 2016-10-04 2020-01-14 Hewlett-Packard Development Company, L.P. Using threat model to monitor host execution
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US11151247B2 (en) 2017-07-13 2021-10-19 Endgame, Inc. System and method for detecting malware injected into memory of a computing device
US11151251B2 (en) * 2017-07-13 2021-10-19 Endgame, Inc. System and method for validating in-memory integrity of executable files to identify malicious activity
US10462171B2 (en) 2017-08-08 2019-10-29 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
CN107517226B (zh) * 2017-09-30 2021-03-19 北京奇虎科技有限公司 基于无线网络入侵的报警方法及装置
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
US10671725B2 (en) * 2018-03-20 2020-06-02 Didi Research America, Llc Malicious process tracking
CN109255238B (zh) * 2018-08-24 2022-01-28 成都网思科平科技有限公司 终端威胁检测与响应方法及引擎
CN110866253B (zh) * 2018-12-28 2022-05-27 北京安天网络安全技术有限公司 一种威胁分析方法、装置、电子设备及存储介质
CN109784051B (zh) * 2018-12-29 2021-01-15 360企业安全技术(珠海)有限公司 信息安全防护方法、装置及设备
EP3973427A4 (en) 2019-05-20 2023-06-21 Sentinel Labs Israel Ltd. SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION
CN110826067B (zh) * 2019-10-31 2022-08-09 深信服科技股份有限公司 一种病毒检测方法、装置、电子设备及存储介质
CN111027071B (zh) * 2019-12-19 2024-05-24 北京安天网络安全技术有限公司 一种威胁程序全行为关联分析方法及装置
CN111177665B (zh) * 2019-12-27 2022-02-11 浙大网新科技股份有限公司 一种新生成可执行文件的安全追溯方法
CN111310179B (zh) * 2020-01-22 2024-07-09 腾讯科技(深圳)有限公司 计算机病毒变种的分析方法、装置和计算机设备
CN115023699A (zh) * 2020-03-24 2022-09-06 深圳市欢太科技有限公司 恶意进程的检测方法、装置、电子设备及存储介质
US20230300114A1 (en) * 2020-04-21 2023-09-21 Zscaler, Inc. Endpoint Data Loss Prevention
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
CN113312201A (zh) * 2021-06-23 2021-08-27 深信服科技股份有限公司 一种异常进程的处置方法及相关装置
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
CN114692151B (zh) * 2022-04-08 2023-07-18 成都理工大学 一种u盘病毒的发现方法及其应用工具

Family Cites Families (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2196A (en) * 1841-07-29 Improvement in saw-mill dogs
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
US6973578B1 (en) * 2000-05-31 2005-12-06 Networks Associates Technology, Inc. System, method and computer program product for process-based selection of virus detection actions
AU2001294083A1 (en) 2000-08-18 2002-02-25 Camelot Information Technologies Ltd. An adaptive system and architecture for access control
JP3790661B2 (ja) 2000-09-08 2006-06-28 インターナショナル・ビジネス・マシーンズ・コーポレーション アクセス制御システム
AU2002242043B2 (en) 2001-01-31 2006-12-14 Cisco Technology, Inc. Network port profiling
CN1282083C (zh) 2001-09-14 2006-10-25 北京瑞星科技股份有限公司 计算机内存病毒监控和带毒运行方法
US7549164B2 (en) * 2003-06-11 2009-06-16 Symantec Corporation Intrustion protection system utilizing layers and triggers
US7152242B2 (en) 2002-09-11 2006-12-19 Enterasys Networks, Inc. Modular system for detecting, filtering and providing notice about attack events associated with network security
US20040143749A1 (en) * 2003-01-16 2004-07-22 Platformlogic, Inc. Behavior-based host-based intrusion prevention system
US10110632B2 (en) 2003-03-31 2018-10-23 Intel Corporation Methods and systems for managing security policies
US20040225877A1 (en) 2003-05-09 2004-11-11 Zezhen Huang Method and system for protecting computer system from malicious software operation
CN1329828C (zh) 2003-08-06 2007-08-01 华为技术有限公司 一种防止计算机病毒的方法及装置
CN1300982C (zh) * 2003-12-05 2007-02-14 中国科学技术大学 一种分层协同的网络病毒和恶意代码识别方法
AU2003298193A1 (en) 2003-12-17 2005-07-05 Telecom Italia S.P.A. Method and apparatus for monitoring operation of processing systems, related network and computer program product therefor
EP1725946A4 (en) * 2004-03-10 2012-07-11 Enterasys Networks Inc Dynamic Network Detection System and Method
JP4643204B2 (ja) 2004-08-25 2011-03-02 株式会社エヌ・ティ・ティ・ドコモ サーバ装置
USH2196H1 (en) * 2004-09-30 2007-07-03 Symantec Corporation Method for intercepting specific system calls in a specific application from applications space for security
US20060075494A1 (en) * 2004-10-01 2006-04-06 Bertman Justin R Method and system for analyzing data for potential malware
JP4327698B2 (ja) * 2004-10-19 2009-09-09 富士通株式会社 ネットワーク型ウィルス活動検出プログラム、処理方法およびシステム
US7409719B2 (en) 2004-12-21 2008-08-05 Microsoft Corporation Computer security management, such as in a virtual machine or hardened operating system
CN100557545C (zh) * 2004-12-31 2009-11-04 福建东方微点信息安全有限责任公司 一种区分有害程序行为的方法
CN100547513C (zh) 2005-02-07 2009-10-07 福建东方微点信息安全有限责任公司 基于程序行为分析的计算机防护方法
US8046831B2 (en) 2005-03-02 2011-10-25 Actiance, Inc. Automating software security restrictions on system resources
US20070067844A1 (en) * 2005-09-16 2007-03-22 Sana Security Method and apparatus for removing harmful software
JP2006330864A (ja) * 2005-05-24 2006-12-07 Hitachi Ltd サーバ計算機システムの制御方法
CN100401224C (zh) 2005-06-23 2008-07-09 福建东方微点信息安全有限责任公司 计算机反病毒防护系统和方法
GB0513375D0 (en) * 2005-06-30 2005-08-03 Retento Ltd Computer security
CN100353277C (zh) * 2005-07-27 2007-12-05 毛德操 一种利用代理技术实现计算机病毒防治的方法
US20080134326A2 (en) * 2005-09-13 2008-06-05 Cloudmark, Inc. Signature for Executable Code
US7694134B2 (en) 2005-11-11 2010-04-06 Computer Associates Think, Inc. System and method for encrypting data without regard to application
US8453243B2 (en) 2005-12-28 2013-05-28 Websense, Inc. Real time lockdown
CN100461197C (zh) 2006-05-16 2009-02-11 北京启明星辰信息技术有限公司 一种恶意代码自动分析系统及方法
JP2008021274A (ja) * 2006-06-15 2008-01-31 Interlex Inc プロセス監視装置及び方法
CN101350052B (zh) 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 发现计算机程序的恶意行为的方法和装置
CN101350053A (zh) 2007-10-15 2009-01-21 北京瑞星国际软件有限公司 防止网页浏览器被漏洞利用的方法和装置
CN101350054B (zh) 2007-10-15 2011-05-25 北京瑞星信息技术有限公司 计算机有害程序自动防护方法及装置

Also Published As

Publication number Publication date
JP2011501279A (ja) 2011-01-06
JP5011436B2 (ja) 2012-08-29
CN101350052A (zh) 2009-01-21
CN101350052B (zh) 2010-11-03
WO2009049555A1 (fr) 2009-04-23
US20100293615A1 (en) 2010-11-18
EP2219130A1 (en) 2010-08-18
US8898775B2 (en) 2014-11-25
EP2219130A4 (en) 2011-11-02

Similar Documents

Publication Publication Date Title
HK1124414A1 (en) Method and apparatus for finding malicious behaviors of computer programs
GB2466580B (en) Data processing apparatus and method of processing data
GB201015473D0 (en) Data processing apparatus and method of processing data
GB2464817B (en) Methods of and apparatus for processing computer graphics
GB201000248D0 (en) Data processing apparatus and method of processing data
GB201000243D0 (en) Data processing apparatus and method of processing data
GB2463467B (en) Malware detection method and apparatus
GB2460459B (en) Data processing apparatus and method
EP2577546A4 (en) METHOD AND APPARATUS FOR ANALYZING AND DETECTING MALWARE SOFTWARE
BRPI0819643A2 (pt) Aparelho e método de processamento de dados
BRPI0819645A2 (pt) Aparelho e método de processamento de dados
GB2445966B (en) Method of and system for authenticating an item
ZA201101745B (en) System and method for detection of malware
EP2002346A4 (en) DEVICE AND METHOD FOR USING INFORMATION ABOUT THE BEHAVIOR OF SPIRITUAL APPLICATIONS BETWEEN DEVICES
HK1137250A1 (en) Method and system for processing large amount of data
EP2430581A4 (en) METHOD, DEVICE AND COMPUTER PROGRAM FOR APPLICATION SAFETY
EP2009509A4 (en) PROCESS OF DEVELOPMENT AND DEVELOPMENT DEVICE
BRPI0820168A2 (pt) Aparelho e método de processamento de dados
EP2418481A4 (en) METHOD AND DEVICE FOR PROCESSING MASS ANALYSIS DATA
GB2458862B (en) Method and apparatus for management of an application ensemble
GB0901671D0 (en) Methods of and apparatus for processing computer graphics
GB2447133B (en) Apparatus, procedure and computer program for image-supported tracking of monitored objects
TWI366135B (en) Method for restoring bios and computer thereof
EP2227751A4 (en) METHOD AND APPARATUS FOR DOWNLOADING DATA
GB0814468D0 (en) Methdo of and apparatus for analysing data files

Legal Events

Date Code Title Description
PC Patent ceased (i.e. patent has lapsed due to the failure to pay the renewal fee)

Effective date: 20161015