IL219597D0 - Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention - Google Patents

Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention

Info

Publication number
IL219597D0
IL219597D0 IL219597A IL21959712A IL219597D0 IL 219597 D0 IL219597 D0 IL 219597D0 IL 219597 A IL219597 A IL 219597A IL 21959712 A IL21959712 A IL 21959712A IL 219597 D0 IL219597 D0 IL 219597D0
Authority
IL
Israel
Prior art keywords
plurality
malicious threat
prevention
computing device
malicious
Prior art date
Application number
IL219597A
Original Assignee
Syndrome X Ltd
Ron Porat
Andrey Bayora
Oren Farage
Alon Blayer Gat
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Syndrome X Ltd, Ron Porat, Andrey Bayora, Oren Farage, Alon Blayer Gat filed Critical Syndrome X Ltd
Priority to IL219597A priority Critical patent/IL219597D0/en
Publication of IL219597D0 publication Critical patent/IL219597D0/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/02Communication control; Communication processing
    • H04L29/06Communication control; Communication processing characterised by a protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

A method of identifying one or more malicious threats in a computing device. The device comprises monitoring a plurality of events occurring on a computing device in run time, a plurality of processes executed on the computing device in run time, and a plurality of host activities of the computing device in run time, identifying a compliance of at least some of the plurality of events, the plurality of processes, and the plurality of host activities with a plurality of rules, generating a rule compliance status dataset generated according to the compliance, identifying a match between the rule compliance status dataset and at least one of a plurality of reference profiles each indicative of a computing device operation under a malicious threat activity, and detecting a malicious threat according to the match.
IL219597A 2012-05-03 2012-05-03 Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention IL219597D0 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
IL219597A IL219597D0 (en) 2012-05-03 2012-05-03 Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
IL219597A IL219597D0 (en) 2012-05-03 2012-05-03 Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US14/397,525 US9419996B2 (en) 2012-05-03 2013-05-01 Detection and prevention for malicious threats
PCT/IL2013/050366 WO2013164821A2 (en) 2012-05-03 2013-05-01 Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US15/236,436 US20160357966A1 (en) 2012-05-03 2016-08-14 Detection and prevention for malicious threats

Publications (1)

Publication Number Publication Date
IL219597D0 true IL219597D0 (en) 2012-10-31

Family

ID=47145930

Family Applications (1)

Application Number Title Priority Date Filing Date
IL219597A IL219597D0 (en) 2012-05-03 2012-05-03 Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention

Country Status (3)

Country Link
US (2) US9419996B2 (en)
IL (1) IL219597D0 (en)
WO (1) WO2013164821A2 (en)

Families Citing this family (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10326778B2 (en) 2014-02-24 2019-06-18 Cyphort Inc. System and method for detecting lateral movement and data exfiltration
US9519781B2 (en) 2011-11-03 2016-12-13 Cyphort Inc. Systems and methods for virtualization and emulation assisted malware detection
US9686293B2 (en) * 2011-11-03 2017-06-20 Cyphort Inc. Systems and methods for malware detection and mitigation
US10095866B2 (en) 2014-02-24 2018-10-09 Cyphort Inc. System and method for threat risk scoring of security threats
US9792430B2 (en) 2011-11-03 2017-10-17 Cyphort Inc. Systems and methods for virtualized malware detection
IL219597D0 (en) 2012-05-03 2012-10-31 Syndrome X Ltd Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9292881B2 (en) 2012-06-29 2016-03-22 Crowdstrike, Inc. Social sharing of security information in a group
US10409980B2 (en) 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state
US10284570B2 (en) * 2013-07-24 2019-05-07 Wells Fargo Bank, National Association System and method to detect threats to computer based devices and systems
US9871809B2 (en) 2013-08-26 2018-01-16 Shine Security Ltd. Reversion of system objects affected by a malware
US9942246B2 (en) * 2013-09-02 2018-04-10 Shine Security Ltd. Preemptive event handling
US9294501B2 (en) * 2013-09-30 2016-03-22 Fireeye, Inc. Fuzzy hash of behavioral results
US9319421B2 (en) 2013-10-14 2016-04-19 Ut-Battelle, Llc Real-time detection and classification of anomalous events in streaming data
US9361463B2 (en) * 2013-12-11 2016-06-07 Ut-Batelle, Llc Detection of anomalous events
US9665715B1 (en) * 2013-12-23 2017-05-30 Symantec Corporation Systems and methods for detecting malware-induced crashes
US20150222646A1 (en) * 2014-01-31 2015-08-06 Crowdstrike, Inc. Tagging Security-Relevant System Objects
US10225280B2 (en) 2014-02-24 2019-03-05 Cyphort Inc. System and method for verifying and detecting malware
US9438611B2 (en) * 2014-03-17 2016-09-06 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Managing a blocked-originator list for a messaging application
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US9477839B2 (en) * 2014-04-04 2016-10-25 Palo Alto Research Center Incorporated Methods for centralized privacy-preserving collaborative threat mitigation
WO2015179865A1 (en) * 2014-05-23 2015-11-26 The George Washington University System and method for uncovering covert timing channels
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US9967283B2 (en) * 2014-09-14 2018-05-08 Sophos Limited Normalized indications of compromise
US9967282B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling computing objects for improved threat detection
GB2552632B (en) * 2014-09-14 2018-05-09 Sophos Ltd Labeling computing objects for improved threat detection
US9965627B2 (en) 2014-09-14 2018-05-08 Sophos Limited Labeling objects on an endpoint for encryption management
US10122687B2 (en) 2014-09-14 2018-11-06 Sophos Limited Firewall techniques for colored objects on endpoints
US9967264B2 (en) 2014-09-14 2018-05-08 Sophos Limited Threat detection using a time-based cache of reputation information on an enterprise endpoint
US9992228B2 (en) 2014-09-14 2018-06-05 Sophos Limited Using indications of compromise for reputation based network security
US9537841B2 (en) 2014-09-14 2017-01-03 Sophos Limited Key management for compromised enterprise endpoints
US10027689B1 (en) * 2014-09-29 2018-07-17 Fireeye, Inc. Interactive infection visualization for improved exploit detection and signature generation for malware and malware families
US9552481B1 (en) * 2014-12-30 2017-01-24 Symantec Corporation Systems and methods for monitoring programs
US9830471B1 (en) * 2015-06-12 2017-11-28 EMC IP Holding Company LLC Outcome-based data protection using multiple data protection systems
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
WO2017023416A1 (en) * 2015-07-31 2017-02-09 Northrop Grumman Systems Corporation System and method for in-situ classifier retraining for malware identification and model heterogeneity
EP3159853B1 (en) * 2015-10-23 2019-03-27 Harman International Industries, Incorporated Systems and methods for advanced driver assistance analytics
TWI599905B (en) * 2016-05-23 2017-09-21 緯創資通股份有限公司 Protecting method and system for malicious code, and monitor apparatus
US20170344901A1 (en) * 2016-05-29 2017-11-30 Microsoft Technology Licensing, Llc Classifying transactions at network accessible storage
US10289847B2 (en) 2016-07-29 2019-05-14 Qualcomm Incorporated Updating virtual memory addresses of target application functionalities for an updated version of application binary code
US20180083994A1 (en) * 2016-09-21 2018-03-22 Stealth Security, Inc. Unsupervised classification of web traffic users
US10277625B1 (en) * 2016-09-28 2019-04-30 Symantec Corporation Systems and methods for securing computing systems on private networks
US10417420B2 (en) * 2016-10-26 2019-09-17 Fortinet, Inc. Malware detection and classification based on memory semantic analysis
US10142357B1 (en) * 2016-12-21 2018-11-27 Symantec Corporation Systems and methods for preventing malicious network connections using correlation-based anomaly detection
US9734337B1 (en) 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
RU2673711C1 (en) * 2017-06-16 2018-11-29 Акционерное общество "Лаборатория Касперского" Method for detecting anomalous events on basis of convolution array of safety events
US20190121977A1 (en) * 2017-10-19 2019-04-25 AO Kaspersky Lab System and method of detecting a malicious file

Family Cites Families (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6487666B1 (en) * 1999-01-15 2002-11-26 Cisco Technology, Inc. Intrusion detection signature analysis using regular expressions and logical operators
EP2367150A3 (en) 1999-04-30 2013-04-17 PayPal, Inc. System and method for electronically exchanging value among distributed users
CA2337672A1 (en) 2000-04-26 2001-10-26 International Business Machines Corporation Payment for network-based commercial transactions using a mobile phone
US20060265746A1 (en) * 2001-04-27 2006-11-23 Internet Security Systems, Inc. Method and system for managing computer security information
US6973577B1 (en) * 2000-05-26 2005-12-06 Mcafee, Inc. System and method for dynamically detecting computer viruses through associative behavioral analysis of runtime state
US7742984B2 (en) 2001-07-06 2010-06-22 Hossein Mohsenzadeh Secure authentication and payment system
US7509679B2 (en) * 2002-08-30 2009-03-24 Symantec Corporation Method, system and computer program product for security in a global computer network transaction
US8627458B2 (en) * 2004-01-13 2014-01-07 Mcafee, Inc. Detecting malicious computer program activity using external program calls with dynamic rule sets
US7540013B2 (en) 2004-06-07 2009-05-26 Check Point Software Technologies, Inc. System and methodology for protecting new computers by applying a preconfigured security update policy
US7694150B1 (en) 2004-06-22 2010-04-06 Cisco Technology, Inc System and methods for integration of behavioral and signature based security
US7568233B1 (en) * 2005-04-01 2009-07-28 Symantec Corporation Detecting malicious software through process dump scanning
US8161554B2 (en) * 2005-04-26 2012-04-17 Cisco Technology, Inc. System and method for detection and mitigation of network worms
KR100791290B1 (en) * 2006-02-10 2008-01-04 삼성전자주식회사 Apparatus and method for using information of malicious application's behavior across devices
US9171157B2 (en) * 2006-03-28 2015-10-27 Blue Coat Systems, Inc. Method and system for tracking access to application data and preventing data exploitation by malicious programs
US7848980B2 (en) 2006-12-26 2010-12-07 Visa U.S.A. Inc. Mobile payment system and method using alias
US8707431B2 (en) * 2007-04-24 2014-04-22 The Mitre Corporation Insider threat detection
US8065728B2 (en) * 2007-09-10 2011-11-22 Wisconsin Alumni Research Foundation Malware prevention system monitoring kernel events
CA2711936A1 (en) 2008-01-15 2009-07-23 Matthew Mullen System and method for data completion including push identifier
US7870242B2 (en) 2008-10-01 2011-01-11 Man Nguyen Flexible compliance agent with integrated remediation
US8464011B2 (en) 2008-10-27 2013-06-11 Advanced Micro Devices, Inc. Method and apparatus for providing secure register access
US8484727B2 (en) * 2008-11-26 2013-07-09 Kaspersky Lab Zao System and method for computer malware detection
US8490195B1 (en) * 2008-12-19 2013-07-16 Symantec Corporation Method and apparatus for behavioral detection of malware in a computer system
US8752180B2 (en) * 2009-05-26 2014-06-10 Symantec Corporation Behavioral engine for identifying patterns of confidential data use
US8607340B2 (en) * 2009-07-21 2013-12-10 Sophos Limited Host intrusion prevention system using software and user behavior analysis
US9519892B2 (en) 2009-08-04 2016-12-13 Boku, Inc. Systems and methods to accelerate transactions
US20110099107A1 (en) 2009-10-23 2011-04-28 Infosys Technologies Limited Method for money transfer using a mobile device
US8528091B2 (en) * 2009-12-31 2013-09-03 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for detecting covert malware
TWI416422B (en) 2010-04-07 2013-11-21
US10176477B2 (en) 2010-11-16 2019-01-08 Mastercard International Incorporated Methods and systems for universal payment account translation
US20120215690A1 (en) 2011-01-25 2012-08-23 Ewise Systems Pty Ltd Method and apparatus for facilitating payment via mobile networks
CH704395B1 (en) 2011-01-28 2015-09-15 Invisible Gmbh System and method for secure transmission of values.
US20120222055A1 (en) 2011-02-25 2012-08-30 Echostar Technologies L.L.C. Billing with QR Codes
US8555385B1 (en) * 2011-03-14 2013-10-08 Symantec Corporation Techniques for behavior based malware analysis
US9558677B2 (en) * 2011-04-08 2017-01-31 Wombat Security Technologies, Inc. Mock attack cybersecurity training system and methods
US9092616B2 (en) * 2012-05-01 2015-07-28 Taasera, Inc. Systems and methods for threat identification and remediation
IL219597D0 (en) 2012-05-03 2012-10-31 Syndrome X Ltd Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention

Also Published As

Publication number Publication date
US20160357966A1 (en) 2016-12-08
WO2013164821A2 (en) 2013-11-07
WO2013164821A3 (en) 2013-12-19
US9419996B2 (en) 2016-08-16
US20150135262A1 (en) 2015-05-14

Similar Documents

Publication Publication Date Title
WO2014153462A3 (en) Advanced authentication techniques and applications
IN2014MN00860A (en) Authenticated gesture recognition
GB201305331D0 (en) Alternative unlocking patterns
IL226078D0 (en) Using power fingerprinting (pfp) to monitor the integrity and enhace security of computer based systems
GB201310503D0 (en) Organizing graphical representations on computing devices
WO2013169842A3 (en) Device, method, and graphical user interface for selecting object within a group of objects
GB2482273A (en) Integrated cyper network security system and method
TW200612278A (en) Methods, computer program products and data structures for intrusion detection, interusion response and vulnerability remediation across target computer systems
NZ574274A (en) Multithreat safety and security system and specification method thereof
WO2011112347A3 (en) System and method for malware detection
BR112015005282A2 (en) methods, devices, and systems for detecting objects in a video
WO2012116236A3 (en) System and method for analyzing messages in a network or across networks
GB2510279A (en) Monitoring application program resource consumption
MX2013011322A (en) Grid event detection.
WO2010141826A3 (en) System and method for detecting energy consumption anomalies and mobile malware variants
EP3244290A4 (en) Touch control device, and method for performing fingerprint detection on touch control device
MX2015000193A (en) Private information hiding method and device.
GB201113112D0 (en) Method of generating expected average speeds of travel
WO2013184211A3 (en) Anomaly detection to identify coordinated group attacks in computer networks
SG179489A1 (en) System and method of fraud and misuse detection
EP2911078A3 (en) Security sharing system
SG182716A1 (en) System and method for network security including detection of man-in-the-browser attacks
BR112014020775A2 (en) method, device, and security element for conducting a secure financial transaction on a device
IN2014DN07716A (en) Overhead view system for a shovel
EP2348440A3 (en) Collaborative malware detection and prevention on mobile devices