IN2014DN09583A - - Google Patents

Info

Publication number
IN2014DN09583A
IN2014DN09583A IN9583DEN2014A IN2014DN09583A IN 2014DN09583 A IN2014DN09583 A IN 2014DN09583A IN 9583DEN2014 A IN9583DEN2014 A IN 9583DEN2014A IN 2014DN09583 A IN2014DN09583 A IN 2014DN09583A
Authority
IN
India
Prior art keywords
kernel
security agent
level security
malicious code
events
Prior art date
Application number
Inventor
David F Diehl
Dmitri Alperovitch
Ion0 Alexandru IONESCU
George Robert Kurtz
Original Assignee
Crowdstrike Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Crowdstrike Inc filed Critical Crowdstrike Inc
Publication of IN2014DN09583A publication Critical patent/IN2014DN09583A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Mathematical Physics (AREA)
  • Debugging And Monitoring (AREA)
  • Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A kernel- level security agent is described herein. The kernel -level security agent is configured to observe events, filter the observed events using configurable filters , route the filtered events to one or more event consumers , and utilize the one or more event consumers to take action based at least on one of the filtered events. In some implementations, the kernel- level security agent detects a first action associated with malicious code, gathers data about the malicious code, and in response to detecting subsequent action(s) of the malicious code ,performs a preventative action. The kernel- level security agent may also deceive an adversary associated with malicious code. Further, the kernel -level security agent may utilize a model representing chains of execution activities and may take action based on those chains of execution activities.
IN9583DEN2014 2012-06-08 2013-05-09 IN2014DN09583A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/492,672 US9043903B2 (en) 2012-06-08 2012-06-08 Kernel-level security agent
PCT/US2013/040420 WO2013184281A1 (en) 2012-06-08 2013-05-09 Kernel-level security agent

Publications (1)

Publication Number Publication Date
IN2014DN09583A true IN2014DN09583A (en) 2015-07-17

Family

ID=49712456

Family Applications (1)

Application Number Title Priority Date Filing Date
IN9583DEN2014 IN2014DN09583A (en) 2012-06-08 2013-05-09

Country Status (10)

Country Link
US (6) US9043903B2 (en)
EP (3) EP4404508A3 (en)
JP (2) JP6212548B2 (en)
AU (1) AU2013272198A1 (en)
BR (1) BR112014030746A2 (en)
CA (1) CA2872786A1 (en)
IL (1) IL235905B (en)
IN (1) IN2014DN09583A (en)
SG (1) SG11201407292QA (en)
WO (1) WO2013184281A1 (en)

Families Citing this family (115)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0513375D0 (en) 2005-06-30 2005-08-03 Retento Ltd Computer security
US8510596B1 (en) 2006-02-09 2013-08-13 Virsec Systems, Inc. System and methods for run time detection and correction of memory corruption
US10210162B1 (en) 2010-03-29 2019-02-19 Carbonite, Inc. Log file management
EP2684152B1 (en) 2011-03-09 2020-07-22 Irdeto B.V. Method and system for dynamic platform security in a device operating system
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9715325B1 (en) 2012-06-21 2017-07-25 Open Text Corporation Activity stream based interaction
US9292881B2 (en) 2012-06-29 2016-03-22 Crowdstrike, Inc. Social sharing of security information in a group
US10409980B2 (en) * 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state
US10127379B2 (en) * 2013-03-13 2018-11-13 Mcafee, Llc Profiling code execution
US9740886B2 (en) * 2013-03-15 2017-08-22 Sony Interactive Entertainment Inc. Enhanced security for hardware decoder accelerator
US9413781B2 (en) * 2013-03-15 2016-08-09 Fireeye, Inc. System and method employing structured intelligence to verify and contain threats at endpoints
US9158914B2 (en) * 2013-04-19 2015-10-13 Crowdstrike, Inc. Executable component injection utilizing hotpatch mechanisms
US9852290B1 (en) * 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
KR102368170B1 (en) 2013-09-12 2022-02-25 버섹 시스템즈, 인코포레이션 Automated runtime detection of malware
KR102125923B1 (en) * 2013-10-24 2020-06-24 삼성전자 주식회사 Method and apparatus for upgrading operating system of a electronic device
US20150222646A1 (en) * 2014-01-31 2015-08-06 Crowdstrike, Inc. Tagging Security-Relevant System Objects
US20150304343A1 (en) 2014-04-18 2015-10-22 Intuit Inc. Method and system for providing self-monitoring, self-reporting, and self-repairing virtual assets in a cloud computing environment
US9866581B2 (en) 2014-06-30 2018-01-09 Intuit Inc. Method and system for secure delivery of information to computing environments
US10757133B2 (en) 2014-02-21 2020-08-25 Intuit Inc. Method and system for creating and deploying virtual assets
US9276945B2 (en) * 2014-04-07 2016-03-01 Intuit Inc. Method and system for providing security aware applications
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US11294700B2 (en) 2014-04-18 2022-04-05 Intuit Inc. Method and system for enabling self-monitoring virtual assets to correlate external events with characteristic patterns associated with the virtual assets
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US10686759B2 (en) 2014-06-22 2020-06-16 Webroot, Inc. Network threat prediction and blocking
US10354074B2 (en) 2014-06-24 2019-07-16 Virsec Systems, Inc. System and methods for automated detection of input and output validation and resource management vulnerability
WO2016014021A1 (en) * 2014-07-21 2016-01-28 Hewlett-Packard Development Company, L.P. Security indicator linkage determination
US10102082B2 (en) 2014-07-31 2018-10-16 Intuit Inc. Method and system for providing automated self-healing virtual assets
US9710648B2 (en) 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
US10102374B1 (en) 2014-08-11 2018-10-16 Sentinel Labs Israel Ltd. Method of remediating a program and system thereof by undoing operations
US11507663B2 (en) 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US9940336B2 (en) * 2014-10-24 2018-04-10 Splunk Inc. File monitoring
US9565093B1 (en) * 2014-12-15 2017-02-07 Symantec Corporation Systems and methods for anticipating file-security queries
US10395133B1 (en) 2015-05-08 2019-08-27 Open Text Corporation Image box filtering for optical character recognition
US10599844B2 (en) 2015-05-12 2020-03-24 Webroot, Inc. Automatic threat detection of executable files based on static data analysis
US10032041B2 (en) * 2015-05-30 2018-07-24 Apple Inc. Storage volume protection using restricted resource classes
KR101666176B1 (en) * 2015-06-25 2016-10-14 한국전자통신연구원 Apparatus and method for of monitoring application based on android platform
US10726127B1 (en) 2015-06-30 2020-07-28 Fireeye, Inc. System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer
US10289686B1 (en) 2015-06-30 2019-05-14 Open Text Corporation Method and system for using dynamic content types
US11113086B1 (en) 2015-06-30 2021-09-07 Fireeye, Inc. Virtual system and method for securing external network connectivity
US10216927B1 (en) 2015-06-30 2019-02-26 Fireeye, Inc. System and method for protecting memory pages associated with a process using a virtualization layer
US10395029B1 (en) 2015-06-30 2019-08-27 Fireeye, Inc. Virtual system and method with threat protection
US10642753B1 (en) 2015-06-30 2020-05-05 Fireeye, Inc. System and method for protecting a software component running in virtual machine using a virtualization layer
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
US10033759B1 (en) 2015-09-28 2018-07-24 Fireeye, Inc. System and method of threat detection under hypervisor control
CN105389197B (en) * 2015-10-13 2019-02-26 北京百度网讯科技有限公司 Operation capture method and apparatus for container-based virtualization system
WO2017086928A1 (en) * 2015-11-17 2017-05-26 Hewlett Packard Enterprise Development Lp Handling network threats
US10257223B2 (en) * 2015-12-21 2019-04-09 Nagravision S.A. Secured home network
US20170195364A1 (en) * 2016-01-06 2017-07-06 Perception Point Ltd. Cyber security system and method
JP2019505943A (en) 2016-02-23 2019-02-28 カーボン ブラック, インコーポレイテッド Cyber security systems and technologies
US12339979B2 (en) * 2016-03-07 2025-06-24 Crowdstrike, Inc. Hypervisor-based interception of memory and register accesses
US12248560B2 (en) 2016-03-07 2025-03-11 Crowdstrike, Inc. Hypervisor-based redirection of system calls and interrupt-based task offloading
US11188651B2 (en) * 2016-03-07 2021-11-30 Crowdstrike, Inc. Hypervisor-based interception of memory accesses
CA3018368A1 (en) 2016-03-24 2017-09-28 Carbon Black, Inc. Systems and techniques for guiding a response to a cybersecurity incident
US10243972B2 (en) * 2016-04-11 2019-03-26 Crowdstrike, Inc. Correlation-based detection of exploit activity
US10044744B1 (en) 2016-04-26 2018-08-07 EMC IP Holding Company LLC Covert storage channel communication between computer security agent and security system
US10681059B2 (en) 2016-05-25 2020-06-09 CyberOwl Limited Relating to the monitoring of network security
KR102419574B1 (en) * 2016-06-16 2022-07-11 버섹 시스템즈, 인코포레이션 Systems and methods for correcting memory corruption in computer applications
US10191789B2 (en) * 2016-08-18 2019-01-29 Crowdstrike, Inc. Tracing system operations across remote procedure linkages to identify request originators
CN106452881B (en) * 2016-10-21 2019-12-20 用友网络科技股份有限公司 Operation and maintenance data processing system based on cloud adding mode
US10685111B2 (en) 2016-10-31 2020-06-16 Crowdstrike, Inc. File-modifying malware detection
US10515226B2 (en) * 2016-11-21 2019-12-24 Dell Products, L.P. Systems and methods for protected local backup
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US10320818B2 (en) * 2017-02-14 2019-06-11 Symantec Corporation Systems and methods for detecting malicious computing events
US11436317B2 (en) * 2017-02-21 2022-09-06 Raptor Engineering LLC Systems and methods for assuring integrity of operating system and software components at runtime
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
CA2997609A1 (en) * 2017-03-07 2018-09-07 Sennco Solutions, Inc. Integrated, persistent security monitoring of electronic merchandise
US10503545B2 (en) * 2017-04-12 2019-12-10 At&T Intellectual Property I, L.P. Universal security agent
US10635806B2 (en) * 2017-05-04 2020-04-28 Crowdstrike, Inc. Least recently used (LRU)-based event suppression
US11082444B2 (en) 2017-05-30 2021-08-03 Cyemptive Technologies, Inc. Real-time detection of and protection from malware and steganography in a kernel mode
JP2019008503A (en) * 2017-06-23 2019-01-17 杉中 順子 Information processing monitoring apparatus, information processing monitoring method, program, recording medium, and information processing apparatus
US10659432B2 (en) * 2017-07-06 2020-05-19 Crowdstrike, Inc. Network containment of compromised machines
JP6656211B2 (en) * 2017-08-02 2020-03-04 三菱電機株式会社 Information processing apparatus, information processing method, and information processing program
US10462171B2 (en) * 2017-08-08 2019-10-29 Sentinel Labs Israel Ltd. Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking
US11093624B2 (en) 2017-09-12 2021-08-17 Sophos Limited Providing process data to a data recorder
US11163880B2 (en) * 2017-09-29 2021-11-02 Crowdstrike, Inc. Using indirection to facilitate software upgrades
US10990664B2 (en) 2017-11-20 2021-04-27 International Business Machines Corporation Eliminating and reporting kernel instruction alteration
US10740459B2 (en) 2017-12-28 2020-08-11 Crowdstrike, Inc. Kernel- and user-level cooperative security processing
US11423186B2 (en) 2018-01-17 2022-08-23 Crowdstrike, Inc. Verified inter-module communications interface
US11113425B2 (en) 2018-01-17 2021-09-07 Crowd Strike, Inc. Security component for devices on an enumerated bus
EP3514717B1 (en) 2018-01-17 2021-03-31 Crowdstrike, Inc. Device driver non-volatile backing-store installation
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
US10728034B2 (en) 2018-02-23 2020-07-28 Webroot Inc. Security privilege escalation exploit detection and mitigation
CN108429746B (en) * 2018-03-06 2020-01-03 华中科技大学 Privacy data protection method and system for cloud tenants
US10762202B2 (en) 2018-04-11 2020-09-01 Crowdstrike, Inc. Securely and efficiently providing user notifications about security actions
US11030302B2 (en) * 2018-04-12 2021-06-08 Webroot Inc. Restricting access to application programming interfaces (APIs)
US10333977B1 (en) * 2018-08-23 2019-06-25 Illusive Networks Ltd. Deceiving an attacker who is harvesting credentials
US11916953B2 (en) * 2018-09-24 2024-02-27 Cybereason, Inc. Method and mechanism for detection of pass-the-hash attacks
US10983849B2 (en) 2019-02-28 2021-04-20 Crowdstrike, Inc. Container application for android-based devices
US11314863B2 (en) 2019-03-27 2022-04-26 Webroot, Inc. Behavioral threat detection definition and compilation
US10762200B1 (en) 2019-05-20 2020-09-01 Sentinel Labs Israel Ltd. Systems and methods for executable code detection, automatic feature extraction and position independent code detection
EP4022405B1 (en) * 2019-08-30 2024-05-15 First Watch Limited Systems and methods for enhancing data provenance by logging kernel-level events
US11636204B2 (en) * 2019-10-01 2023-04-25 Acronis International Gmbh Systems and methods for countering removal of digital forensics information by malicious software
CA3173206A1 (en) * 2020-03-26 2021-09-30 David Croteau System and method for automated sensitive information discovery, monitoring and remediation
US11563756B2 (en) 2020-04-15 2023-01-24 Crowdstrike, Inc. Distributed digital security system
US11861019B2 (en) 2020-04-15 2024-01-02 Crowdstrike, Inc. Distributed digital security system
US11711379B2 (en) 2020-04-15 2023-07-25 Crowdstrike, Inc. Distributed digital security system
US11645397B2 (en) 2020-04-15 2023-05-09 Crowd Strike, Inc. Distributed digital security system
US11616790B2 (en) 2020-04-15 2023-03-28 Crowdstrike, Inc. Distributed digital security system
KR20230127203A (en) 2020-09-22 2023-08-31 아발린 파마 아이엔씨. Nebulizer Device Optimization for Improved Aerosol Parameters and Uses Thereof
US11636214B2 (en) * 2020-12-11 2023-04-25 Hewlett Packard Enterprise Development Lp Memory scan-based process monitoring
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
FR3120455A1 (en) * 2021-03-02 2022-09-09 Orange Method and module for installing a mitigation program in the core of computer equipment.
US12192214B2 (en) 2021-05-05 2025-01-07 Sophos Limited Mitigating threats associated with tampering attempts
US11836137B2 (en) 2021-05-19 2023-12-05 Crowdstrike, Inc. Real-time streaming graph queries
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US12287872B2 (en) * 2021-08-31 2025-04-29 EMC IP Holding Company LLC System and method for correlating filesystem events into meaningful behaviors
CN113779583B (en) * 2021-11-10 2022-02-22 北京微步在线科技有限公司 Behavior detection method and device, storage medium and electronic equipment
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
US20230409366A1 (en) * 2022-06-15 2023-12-21 Vmware, Inc. Dynamic configuration of statistics endpoint in virtualized computing environment
US20230421587A1 (en) 2022-06-24 2023-12-28 Crowdstrike, Inc. Distributed Digital Security System for Predicting Malicious Behavior
WO2024044559A1 (en) 2022-08-22 2024-02-29 SentinelOne, Inc. Systems and methods of data selection for iterative training using zero knowledge clustering
WO2024152041A1 (en) 2023-01-13 2024-07-18 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data
US20240354407A1 (en) * 2023-04-24 2024-10-24 Sophos Limited Kernel-based thread termination detection
US20250220020A1 (en) * 2023-12-29 2025-07-03 Cisco Technology, Inc. Service Protection for Software Agents on Protected Workloads

Family Cites Families (131)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5355498A (en) 1992-02-25 1994-10-11 Sun Microsystems, Inc. Method and apparatus for booting a computer system without loading a device driver into memory
US5410703A (en) * 1992-07-01 1995-04-25 Telefonaktiebolaget L M Ericsson System for changing software during computer operation
US6052723A (en) 1996-07-25 2000-04-18 Stockmaster.Com, Inc. Method for aggregate control on an electronic network
US6009274A (en) 1996-12-13 1999-12-28 3Com Corporation Method and apparatus for automatically updating software components on end systems over a network
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
DE19810814B4 (en) * 1998-03-12 2004-10-28 Telefonaktiebolaget Lm Ericsson (Publ) Computer system and status copying process for scalable software updates
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US20010044904A1 (en) 1999-09-29 2001-11-22 Berg Ryan J. Secure remote kernel communication
US7281268B2 (en) * 1999-11-14 2007-10-09 Mcafee, Inc. System, method and computer program product for detection of unwanted processes
US7076647B2 (en) 2000-06-09 2006-07-11 Hewlett-Packard Development Company, L.P. Dynamic kernel tunables
US7099948B2 (en) 2001-02-16 2006-08-29 Swsoft Holdings, Ltd. Virtual computing environment
JP2003084983A (en) 2001-09-11 2003-03-20 Toshiba Corp Software distribution apparatus, software distribution system, and software distribution method
US20030112781A1 (en) 2001-12-17 2003-06-19 Kermode Roger George Communications unit for secure communications
US7512810B1 (en) 2002-09-11 2009-03-31 Guardian Data Storage Llc Method and system for protecting encrypted files transmitted over a network
US7448049B1 (en) 2002-10-18 2008-11-04 Crossroads Systems, Inc. System and method of supporting kernel functionality
US7784044B2 (en) 2002-12-02 2010-08-24 Microsoft Corporation Patching of in-use functions on a running computer system
US7340638B2 (en) 2003-01-30 2008-03-04 Microsoft Corporation Operating system update and boot failure recovery
US7093116B2 (en) 2003-04-28 2006-08-15 Intel Corporation Methods and apparatus to operate in multiple phases of a basic input/output system (BIOS)
WO2005058018A2 (en) 2003-12-16 2005-06-30 Aerulean Plant Identification Systems, Inc. System and method for plant identification
US8010459B2 (en) 2004-01-21 2011-08-30 Google Inc. Methods and systems for rating associated members in a social network
US20070153993A1 (en) 2004-02-02 2007-07-05 Mobile Reach Media Inc. Monitoring method and system
US7490356B2 (en) * 2004-07-20 2009-02-10 Reflectent Software, Inc. End user risk management
US7571448B1 (en) 2004-07-28 2009-08-04 Symantec Corporation Lightweight hooking mechanism for kernel level operations
JP4624181B2 (en) * 2004-07-28 2011-02-02 株式会社エヌ・ティ・ティ・データ Unauthorized access countermeasure control device and unauthorized access countermeasure control program
US20060070089A1 (en) 2004-08-20 2006-03-30 Shahid Shoaib Method and apparatus for dynamic replacement of device drivers in the operating system (OS) kernel
US7765410B2 (en) * 2004-11-08 2010-07-27 Microsoft Corporation System and method of aggregating the knowledge base of antivirus software applications
US7765400B2 (en) * 2004-11-08 2010-07-27 Microsoft Corporation Aggregation of the knowledge base of antivirus software
KR101201118B1 (en) * 2004-11-08 2012-11-13 마이크로소프트 코포레이션 System and method of aggregating the knowledge base of antivirus software applications
US7478237B2 (en) * 2004-11-08 2009-01-13 Microsoft Corporation System and method of allowing user mode applications with access to file data
US7698744B2 (en) 2004-12-03 2010-04-13 Whitecell Software Inc. Secure system for allowing the execution of authorized computer program code
US7366891B2 (en) 2004-12-30 2008-04-29 Intel Corporation Methods and apparatus to provide dual-mode drivers in processor systems
US7979889B2 (en) * 2005-01-07 2011-07-12 Cisco Technology, Inc. Methods and apparatus providing security to computer systems and networks
US8365293B2 (en) 2005-01-25 2013-01-29 Redphone Security, Inc. Securing computer network interactions between entities with authorization assurances
US8572733B1 (en) * 2005-07-06 2013-10-29 Raytheon Company System and method for active data collection in a network security system
US7874001B2 (en) 2005-07-15 2011-01-18 Microsoft Corporation Detecting user-mode rootkits
US20070094496A1 (en) * 2005-10-25 2007-04-26 Michael Burtscher System and method for kernel-level pestware management
US7882560B2 (en) * 2005-12-16 2011-02-01 Cisco Technology, Inc. Methods and apparatus providing computer and network security utilizing probabilistic policy reposturing
US8239947B1 (en) * 2006-02-06 2012-08-07 Symantec Corporation Method using kernel mode assistance for the detection and removal of threats which are actively preventing detection and removal from a running system
US8201243B2 (en) 2006-04-20 2012-06-12 Webroot Inc. Backwards researching activity indicative of pestware
US7441113B2 (en) 2006-07-10 2008-10-21 Devicevm, Inc. Method and apparatus for virtualization of appliances
EP2565811B1 (en) 2006-07-18 2016-02-03 Certicom Corp. System and method for authenticating a gaming device
US8190868B2 (en) 2006-08-07 2012-05-29 Webroot Inc. Malware management through kernel detection
CN100485700C (en) 2006-08-11 2009-05-06 珠海金山软件股份有限公司 Device for preventing and treating computer virus by real-time monitoring for file and its upgrading method
US9111088B2 (en) 2006-08-14 2015-08-18 Quantum Security, Inc. Policy-based physical security system for restricting access to computer resources and data flow through network equipment
JP5112787B2 (en) 2006-09-01 2013-01-09 株式会社リコー Information processing apparatus, program update method, and program
US8321677B2 (en) 2006-09-21 2012-11-27 Google Inc. Pre-binding and tight binding of an on-line identity to a digital signature
US20080162589A1 (en) 2006-12-29 2008-07-03 Microsoft Corporation Weakly-consistent distributed collection compromised replica recovery
US7765374B2 (en) * 2007-01-25 2010-07-27 Microsoft Corporation Protecting operating-system resources
US8181264B2 (en) 2007-02-07 2012-05-15 Apple Inc. Method and apparatus for deferred security analysis
US8578477B1 (en) 2007-03-28 2013-11-05 Trend Micro Incorporated Secure computer system integrity check
US8565799B2 (en) 2007-04-04 2013-10-22 Qualcomm Incorporated Methods and apparatus for flow data acquisition in a multi-frequency network
US7908656B1 (en) 2007-04-23 2011-03-15 Network Appliance, Inc. Customized data generating data storage system filter for data security
US8918717B2 (en) 2007-05-07 2014-12-23 International Business Machines Corporation Method and sytem for providing collaborative tag sets to assist in the use and navigation of a folksonomy
US20080301669A1 (en) 2007-05-30 2008-12-04 Google Inc. Dynamically Self-Updating by a Software Application on a Device
WO2008151321A2 (en) * 2007-06-08 2008-12-11 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for enforcing a security policy in a network including a plurality of components
JP4931711B2 (en) 2007-07-02 2012-05-16 日本電信電話株式会社 Kernel update method, information processing apparatus, program, and storage medium
US8099740B1 (en) 2007-08-17 2012-01-17 Mcafee, Inc. System, method, and computer program product for terminating a hidden kernel process
US8065728B2 (en) * 2007-09-10 2011-11-22 Wisconsin Alumni Research Foundation Malware prevention system monitoring kernel events
US20090094039A1 (en) 2007-10-04 2009-04-09 Zhura Corporation Collaborative production of rich media content
US8255926B2 (en) 2007-11-06 2012-08-28 International Business Machines Corporation Virus notification based on social groups
US8220041B2 (en) 2007-12-13 2012-07-10 Trend Micro Incorporated Method and system for protecting a computer system during boot operation
EP2235629B1 (en) 2008-01-25 2019-07-31 Citrix Systems, Inc. Methods and systems for provisioning a virtual disk to diskless virtual and physical machines
EP2245837B1 (en) 2008-02-11 2011-12-28 Dolby Laboratories Licensing Corporation Dynamic DNS system for private networks
US20090216806A1 (en) 2008-02-24 2009-08-27 Allofme Ltd. Digital assets internet timeline aggregation and sharing platform
JP2009238153A (en) * 2008-03-28 2009-10-15 Nec Corp Malware handling system, method, and program
US7890664B1 (en) 2008-03-31 2011-02-15 Emc Corporation Methods and apparatus for non-disruptive upgrade by redirecting I/O operations
US8806630B2 (en) * 2008-05-13 2014-08-12 At&T Intellectual Property, I, L.P. Methods and apparatus for intrusion protection in systems that monitor for improper network usage
US8413261B2 (en) 2008-05-30 2013-04-02 Red Hat, Inc. Sharing private data publicly and anonymously
US20090307140A1 (en) 2008-06-06 2009-12-10 Upendra Mardikar Mobile device over-the-air (ota) registration and point-of-sale (pos) payment
US8631488B2 (en) 2008-08-04 2014-01-14 Cupp Computing As Systems and methods for providing security services during power management mode
GB0815587D0 (en) 2008-08-27 2008-10-01 Applied Neural Technologies Ltd Computer/network security application
US8401195B2 (en) 2008-09-22 2013-03-19 Motorola Solutions, Inc. Method of automatically populating a list of managed secure communications group members
US8789202B2 (en) 2008-11-19 2014-07-22 Cupp Computing As Systems and methods for providing real time access monitoring of a removable media device
US8234693B2 (en) 2008-12-05 2012-07-31 Raytheon Company Secure document management
KR20100078081A (en) * 2008-12-30 2010-07-08 (주) 세인트 시큐리티 System and method for detecting unknown malicious codes by analyzing kernel based system events
KR101021708B1 (en) 2009-01-20 2011-03-15 성균관대학교산학협력단 Group key distribution method and server and client therefor
JP2010182019A (en) * 2009-02-04 2010-08-19 Kddi Corp Abnormality detector and program
US8447969B2 (en) 2009-03-13 2013-05-21 Assa Abloy Ab Transfer device for sensitive material such as a cryptographic key
US8533830B1 (en) 2009-03-31 2013-09-10 Mcafee, Inc. System, method, and computer program product for mounting an image of a computer system in a pre-boot environment for validating the computer system
US20110010522A1 (en) 2009-06-12 2011-01-13 Cray Inc. Multiprocessor communication protocol bridge between scalar and vector compute nodes
US8607340B2 (en) * 2009-07-21 2013-12-10 Sophos Limited Host intrusion prevention system using software and user behavior analysis
US8776218B2 (en) * 2009-07-21 2014-07-08 Sophos Limited Behavioral-based host intrusion prevention system
US8589904B2 (en) 2009-08-10 2013-11-19 Symantec Corporation Systems and methods for updating a software product
US8572740B2 (en) * 2009-10-01 2013-10-29 Kaspersky Lab, Zao Method and system for detection of previously unknown malware
US8429429B1 (en) 2009-10-23 2013-04-23 Secure Vector, Inc. Computer security system and method
US8510569B2 (en) 2009-12-16 2013-08-13 Intel Corporation Providing integrity verification and attestation in a hidden execution environment
KR101038048B1 (en) 2009-12-21 2011-06-01 한국인터넷진흥원 Botnet Malicious Behaviors Real-Time Analysis System
US8528091B2 (en) * 2009-12-31 2013-09-03 The Trustees Of Columbia University In The City Of New York Methods, systems, and media for detecting covert malware
US8621628B2 (en) * 2010-02-25 2013-12-31 Microsoft Corporation Protecting user mode processes from improper tampering or termination
US9384112B2 (en) 2010-07-01 2016-07-05 Logrhythm, Inc. Log collection, structuring and processing
KR101329847B1 (en) 2010-07-26 2013-11-14 주식회사 팬택 Portable terminal and method for social network service that use human body communication
US8539584B2 (en) * 2010-08-30 2013-09-17 International Business Machines Corporation Rootkit monitoring agent built into an operating system kernel
KR101174751B1 (en) 2010-09-27 2012-08-17 한국인터넷진흥원 Malware auto-analysis system and method using kernel call-back mechanism
US8776227B1 (en) * 2010-10-21 2014-07-08 Symantec Corporation User interface based malware detection
KR20120072266A (en) 2010-12-23 2012-07-03 한국전자통신연구원 Apparatus for controlling security condition of a global network
US8762298B1 (en) 2011-01-05 2014-06-24 Narus, Inc. Machine learning based botnet detection using real-time connectivity graph based traffic features
EP2487860B1 (en) 2011-02-10 2013-09-25 Telefónica, S.A. Method and system for improving security threats detection in communication networks
US20120246297A1 (en) 2011-03-25 2012-09-27 Vijaya Shanker Agent based monitoring for saas it service management
US8966629B2 (en) 2011-03-31 2015-02-24 Mcafee, Inc. System and method for below-operating system trapping of driver loading and unloading
US8813227B2 (en) 2011-03-29 2014-08-19 Mcafee, Inc. System and method for below-operating system regulation and control of self-modifying code
WO2012135192A2 (en) 2011-03-28 2012-10-04 Mcafee, Inc. System and method for virtual machine monitor based anti-malware security
US8549648B2 (en) 2011-03-29 2013-10-01 Mcafee, Inc. Systems and methods for identifying hidden processes
US9038176B2 (en) 2011-03-31 2015-05-19 Mcafee, Inc. System and method for below-operating system trapping and securing loading of code into memory
US8739281B2 (en) * 2011-12-06 2014-05-27 At&T Intellectual Property I, L.P. Multilayered deception for intrusion detection and prevention
US8789034B1 (en) 2011-12-31 2014-07-22 Parallels IP Holdings GmbH Method for updating operating system without memory reset
CA2773095C (en) 2012-03-27 2014-12-02 Yin Sheng Zhang Computer with flexible operating system
US9081960B2 (en) * 2012-04-27 2015-07-14 Ut-Battelle, Llc Architecture for removable media USB-ARM
IL219597A0 (en) 2012-05-03 2012-10-31 Syndrome X Ltd Malicious threat detection, malicious threat prevention, and a learning systems and methods for malicious threat detection and prevention
US8997201B2 (en) 2012-05-14 2015-03-31 Cisco Technology, Inc. Integrity monitoring to detect changes at network device for use in secure network access
US9317687B2 (en) * 2012-05-21 2016-04-19 Mcafee, Inc. Identifying rootkits based on access permissions
US20130312099A1 (en) 2012-05-21 2013-11-21 Mcafee, Inc. Realtime Kernel Object Table and Type Protection
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9292881B2 (en) 2012-06-29 2016-03-22 Crowdstrike, Inc. Social sharing of security information in a group
US9158914B2 (en) 2013-04-19 2015-10-13 Crowdstrike, Inc. Executable component injection utilizing hotpatch mechanisms
US9596077B2 (en) 2013-04-22 2017-03-14 Unisys Corporation Community of interest-based secured communications over IPsec
US9225739B2 (en) 2013-06-26 2015-12-29 Microsoft Technology Licensing, Llc Providing user-specific malware assessment based on social interactions
US9197654B2 (en) 2013-06-28 2015-11-24 Mcafee, Inc. Rootkit detection by using HW resources to detect inconsistencies in network traffic
US9477835B2 (en) 2013-10-08 2016-10-25 Crowdstrike, Inc. Event model for correlating system component states
US20150128206A1 (en) 2013-11-04 2015-05-07 Trusteer Ltd. Early Filtering of Events Using a Kernel-Based Filter
US9170803B2 (en) 2013-12-19 2015-10-27 Novell, Inc. Runtime patching of an operating system (OS) without stopping execution
KR101554633B1 (en) 2014-03-04 2015-09-21 한국전자통신연구원 Apparatus and method for detecting malicious code
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
US10033536B2 (en) 2016-03-25 2018-07-24 Credly, Inc. Generation, management, and tracking of digital credentials
JP6786960B2 (en) * 2016-08-26 2020-11-18 富士通株式会社 Cyber attack analysis support program, cyber attack analysis support method and cyber attack analysis support device
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
US10503904B1 (en) 2017-06-29 2019-12-10 Fireeye, Inc. Ransomware detection and mitigation
KR101921052B1 (en) * 2017-11-15 2018-11-22 한국인터넷진흥원 Method and apparatus for identifying security vulnerability and cause point thereof of executable binaries
US10740459B2 (en) 2017-12-28 2020-08-11 Crowdstrike, Inc. Kernel- and user-level cooperative security processing
US11200317B2 (en) * 2018-07-22 2021-12-14 Minerva Labs Ltd. Systems and methods for protecting a computing device against malicious code

Also Published As

Publication number Publication date
EP4404508A2 (en) 2024-07-24
US9621515B2 (en) 2017-04-11
JP2017216018A (en) 2017-12-07
US20170213031A1 (en) 2017-07-27
BR112014030746A2 (en) 2017-06-27
EP2859493B1 (en) 2020-01-08
SG11201407292QA (en) 2014-12-30
EP3654218B1 (en) 2024-04-03
US20140109226A1 (en) 2014-04-17
US10853491B2 (en) 2020-12-01
JP2015522874A (en) 2015-08-06
JP6212548B2 (en) 2017-10-11
US9571453B2 (en) 2017-02-14
US20150244679A1 (en) 2015-08-27
IL235905B (en) 2018-02-28
EP2859493A4 (en) 2016-03-16
CA2872786A1 (en) 2013-12-12
US20190138723A1 (en) 2019-05-09
US9043903B2 (en) 2015-05-26
AU2013272198A1 (en) 2014-11-27
WO2013184281A1 (en) 2013-12-12
US20130333040A1 (en) 2013-12-12
US9904784B2 (en) 2018-02-27
IL235905A0 (en) 2015-01-29
EP2859493A1 (en) 2015-04-15
EP4404508A3 (en) 2024-10-16
EP3654218A2 (en) 2020-05-20
EP3654218A3 (en) 2020-08-05
US20170109530A1 (en) 2017-04-20
US10002250B2 (en) 2018-06-19

Similar Documents

Publication Publication Date Title
IN2014DN09583A (en)
Zhu et al. On filter theory of residuated lattices
Correia Political connections and SEC enforcement
WO2010107630A3 (en) Client-centered usage classification
WO2011109766A3 (en) Input parameter filtering for web application security
WO2014007947A3 (en) Creating social group events
WO2016028067A3 (en) System and method for detecting malicious code using visualization
WO2014197426A3 (en) System and method for controlling and monitoring a field device
EP2877267A4 (en) FILTER HOUSING, PLEATED FILTER AND SECURITY FILTER
GB2512514A (en) User interface displaying filtered information
WO2012170709A3 (en) System and method for virtual partition monitoring
WO2013040496A3 (en) System and method for real-time customized threat protection
WO2012174420A3 (en) Detecting and responding to sentinel events
GB201100039D0 (en) Server, user device and malware detection method thereof
HK1208752A1 (en) Dynamic management and netting of transactions using executable rules
WO2013135494A3 (en) Lithographic apparatus
GB2535380A (en) Well alarms and event detection
HK1208384A1 (en) Medical device with impact resistant housing
Chen et al. On the summability of bivariate rational functions
Khoury et al. Which security policies are enforceable by runtime monitors? A survey
GB201319322D0 (en) Facilitating processing in a communications environment using stop signaling
Hayashi et al. Asymptotics of solutions to the generalized Ostrovsky equation
Kim The existence and uniqueness of very weak solutions of the stationary Boussinesq system
WO2013098619A9 (en) A system and a method for locating and notifying fault and handling alarm thereof
EP2492881A3 (en) System and method for anti-theft protection/alarm