JP2009539271A - コンピュータ・ネットワーク侵入検出のシステムおよび方法 - Google Patents
コンピュータ・ネットワーク侵入検出のシステムおよび方法 Download PDFInfo
- Publication number
- JP2009539271A JP2009539271A JP2008515191A JP2008515191A JP2009539271A JP 2009539271 A JP2009539271 A JP 2009539271A JP 2008515191 A JP2008515191 A JP 2008515191A JP 2008515191 A JP2008515191 A JP 2008515191A JP 2009539271 A JP2009539271 A JP 2009539271A
- Authority
- JP
- Japan
- Prior art keywords
- tcp
- connection
- network
- information
- violation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/663—Transport layer addresses, e.g. aspects of transmission control protocol [TCP] or user datagram protocol [UDP] ports
Abstract
【解決手段】本発明は、一方をTCP/IPスタック情報、他方をWindows(登録商標)セキュリティ・イベント・ログ情報とする2つの独立した情報レベル間の関連付けを行うことを可能にする。本方法により、セキュリティ・イベント・ログに格納されているとおりの攻撃側デバイスのコンピュータ名と、このコンピュータ名に関するTCP/IP情報との間に関連性を確立できる。
【選択図】図1
Description
該少なくとも1つの管理対象デバイスにおいて、入方向のTCP/IP接続を検出する工程、
該少なくとも1つの管理対象デバイスのTCP/IPスタックから、検出された入接続を生成しているデバイスに関係した全TCP/IP情報を抽出する工程、
入方向のTCP/IP接続のポート番号を定義済みポート番号のセットと比較する工程、
比較が一致した場合は、検出された入方向のTCP/IP接続に関連した全イベント・ログ情報を、セキュリティ・イベント・ログから読み出す工程、および
検出された入方向のTCP/IP接続を生成しているデバイスのTCP/IP情報およびイベント・ログ情報を、違反ログ・ファイルに収集する工程。
IPアドレス;
ネットワーク・ホスト名;
そのネットワーク・アダプタのMACアドレス;
ワークステーション/コンピュータ名;
userid;
このuseridが、サーバ上で定義されている許可されたuseridのリストに存在するかどうか;
このuseridが、ワーム・ウイルスにより使用されるデフォルトのuseridすべてを含むSPYリスト内に存在するかどうか。
国;
建物;
階;
イーサネット・スイッチの識別情報;
このスイッチのポート番号。
[MAIL]
SENDING=YES
[SERVER]
MAILSERVER=“<mail server address>”
[DESTINATION]
MAIL1=“<mail recipient 1>”
MAIL2=“<mail recipient 2>”
BCC=“<mail blank copy>”
[SPEED]
INTERVAL=2sec.
[MAC_ADDRESS]
MAC=YES
[LOGFILE]
MAXSIZE=10000bytes
[POPUP]
SHOW=YES
解析デバイスのローカルIPアドレス;
解析デバイスのローカルTCP通信ポート;
攻撃側デバイスのリモートIPアドレス;
攻撃側デバイスのリモートTCP通信ポート;および
攻撃側デバイスのリモート・ホスト名。
日付および時間
ローカルIPアドレス
ローカルIPポート
リモートIPアドレス
リモートIPポート。
日付および時間
ローカルIPアドレス
ローカルIPポート
リモートIPアドレス
リモート・ポート・アドレス
ホスト名
ワークステーション名
違反に使用されたuserid
MACアドレス
違反の警告レベル(低、中、高)
Claims (19)
- 複数の管理対象デバイス(108、110、112、114、116)を有するTCP/IPプロトコル・ベースのネットワーク内への侵入を試行するデバイス(104、120)を特定する方法であって、前記ネットワークは、セキュリティ・イベント・ログを処理する少なくとも1つの管理対象デバイスをさらに有し、前記方法は、
前記少なくとも1つの管理対象デバイスにおいて入方向のTCP/IP接続を検出する工程と、
前記検出された入方向の接続を生成している前記デバイスに関係する全TCP/IP情報を、前記少なくとも1つの管理対象デバイスのTCP/IPスタックから抽出する工程と、
前記入方向のTCP/IP接続のポート番号を、定義済みポート番号のセットと比較する工程と、
前記比較が一致した場合、前記検出された入方向のTCP/IP接続に関連した全イベント・ログ情報を、前記セキュリティ・イベント・ログから読み出す工程と、
前記検出された入方向のTCP/IP接続を生成している前記デバイスの、前記TCP/IP情報および前記イベント・ログ情報を、違反ログ・ファイルに収集する工程と
を含む、方法。 - 定義済みポート番号の前記セットは、ポート番号137、139および445を含む、請求項1に記載の方法。
- セキュリティ・イベント・ログを処理する前記少なくとも1つの管理対象デバイスは、Windows(登録商標)オペレーティング・システム上で動作する、請求項1または2に記載の方法。
- 前記TCP/IP情報を抽出する前記工程は、Windows(登録商標)「GetTcpTable」APIを読み取る工程を含む、請求項1、2または3に記載の方法。
- 前記検出工程の後に、前記入方向のTCP/IP接続のIPアドレスを不要なIPアドレスのセットと比較し、一致する場合には識別プロセスを停止する工程をさらに含む、請求項1〜4のうちのいずれか1項に記載の方法。
- 不要なIPアドレスの前記セットは、「127.0.0.1」および「0.0.0.0」に相当するIPアドレスを含む、請求項5に記載の方法。
- 前記ポート番号の比較工程において一致する場合、前記検出された入方向のTCP/IP接続を生成している前記デバイスのホスト名を読み出す工程を、前記比較工程の後にさらに含む、請求項1〜6のうちのいずれか1項に記載の方法。
- 前記セキュリティ・イベント・ログ情報を読み出す前記工程は、前記少なくとも1つの管理対象デバイスのホスト名を読み出す工程をさらに含む、請求項1〜7のうちのいずれか1項に記載の方法。
- 前記入方向のTCP/IP接続のイベントIDの値に従い、前記入方向の接続をフィルタする工程をさらに含む、請求項1〜8のうちのいずれか1項に記載の方法。
- 前記入方向のTCP/IP接続のログオン情報が1つまたは複数のフィルタのセットを満たすかどうかを確認する工程をさらに含む、請求項1〜9のうちのいずれか1項に記載の方法。
- 1つまたは複数のフィルタの前記セットは、無許可ログオンのリストを1つまたは複数含む、請求項10に記載の方法。
- 前記セキュリティ・イベント・ログ情報を読み出す前記工程は、前記TCP/IPの入方向の接続を生成している前記デバイスのMACアドレスを読み出す工程をさらに含む、請求項11に記載の方法。
- 前記入方向のTCP/IP接続を生成している前記デバイスの前記IPアドレスを、前記TCP/IPプロトコル・ベースのネットワークに関し定義されたIPアドレスのセットと比較する工程をさらに含む、請求項12に記載の方法。
- 前記TCP/IP情報と共に収集された前記イベント・ログ情報は、前記入方向のTCP/IP接続を生成している前記デバイスの論理情報および物理的位置情報を含む、請求項1〜13のうちのいずれか1項に記載の方法。
- 前記収集された情報を中央違反データベースへ送信して、侵入が特定されたことを示す工程をさらに含む、請求項1〜14のうちのいずれか1項に記載の方法。
- 複数の管理対象デバイス(108、110、112、114、116)を有するTCP/IPプロトコル・ベースのネットワーク内への侵入を試行しているデバイス(104、120)を特定するシステムであって、前記ネットワークは、セキュリティ・イベント・ログを処理する少なくとも1つの管理対象デバイスをさらに有し、前記システムは、請求項1〜15のうちのいずれか1項に記載の前記方法の前記工程それぞれを実施する手段を含む、システム。
- コンピュータ・マシンにより読み取り可能な媒体に格納されたコンピュータ・プログラム製品であって、前記コンピュータ・マシンに請求項1〜15のうちのいずれか1項による前記方法を実行させる可読プログラム手段を有形に具現化する、前記コンピュータ・プログラム製品。
- Windows(登録商標)ベースの複数のデバイスを有するTCP/IPベースのネットワークにおいて、セキュリティ・イベントの記録を残すようセキュリティ・イベント記録プロシージャを使用して、セキュリティ・イベントを監視する方法であって、前記Windows(登録商標)ベースのデバイスは中央違反データベースにつながれ、前記方法は、
前記Windows(登録商標)ベースの複数のデバイスのうちの少なくとも1つにおいて、請求項1に記載の前記方法の前記工程を実行する工程と、
前記中央違反データベースにおいて、前記実行工程により生成された前記違反ログ・ファイルを受信する工程と、
前記違反ログ・ファイルを解読し、違反が起こっている場合には、ネットワーク管理者への違反レポートを生成する工程と
を含む方法。 - 前記実行工程の前に、請求項17に記載の前記コンピュータ・プログラム製品を、前記Windows(登録商標)ベースの複数のデバイスのうちの前記少なくとも1つにロードする工程をさらに含む、請求項18に記載の方法。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05300457 | 2005-06-06 | ||
PCT/EP2006/062766 WO2006131475A1 (en) | 2005-06-06 | 2006-05-31 | Computer network intrusion detection system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2009539271A true JP2009539271A (ja) | 2009-11-12 |
JP4742144B2 JP4742144B2 (ja) | 2011-08-10 |
Family
ID=37081617
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2008515191A Active JP4742144B2 (ja) | 2005-06-06 | 2006-05-31 | Tcp/ipプロトコル・ベースのネットワーク内への侵入を試行するデバイスを識別する方法およびコンピュータ・プログラム |
Country Status (8)
Country | Link |
---|---|
US (2) | US8272054B2 (ja) |
EP (1) | EP1889443B1 (ja) |
JP (1) | JP4742144B2 (ja) |
CN (1) | CN101176331B (ja) |
AT (1) | ATE459184T1 (ja) |
CA (1) | CA2610350C (ja) |
DE (1) | DE602006012479D1 (ja) |
WO (1) | WO2006131475A1 (ja) |
Families Citing this family (163)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8646038B2 (en) * | 2006-09-15 | 2014-02-04 | Microsoft Corporation | Automated service for blocking malware hosts |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
CN101662480B (zh) * | 2009-09-01 | 2012-03-07 | 卡斯柯信号有限公司 | 一种基于访问控制的日志系统 |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
CN102026253B (zh) * | 2010-12-21 | 2014-04-02 | 大唐移动通信设备有限公司 | 告警上报和处理方法、系统及设备 |
US20120259870A1 (en) * | 2011-04-07 | 2012-10-11 | Infosys Technologies Limited | Method and system for establishing sorting order for events |
CN102663274B (zh) * | 2012-02-07 | 2015-12-02 | 北京奇虎科技有限公司 | 一种检测远程入侵计算机行为的方法及系统 |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9565202B1 (en) * | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9507935B2 (en) | 2014-01-16 | 2016-11-29 | Fireeye, Inc. | Exploit detection system with threat-aware microvisor |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US9773112B1 (en) * | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US10165004B1 (en) | 2015-03-18 | 2018-12-25 | Cequence Security, Inc. | Passive detection of forged web browsers |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US11418520B2 (en) * | 2015-06-15 | 2022-08-16 | Cequence Security, Inc. | Passive security analysis with inline active security device |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
CN105138915B (zh) * | 2015-08-07 | 2018-03-06 | 天脉聚源(北京)传媒科技有限公司 | 一种进程操作的处理方法及装置 |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US9860273B2 (en) * | 2015-10-09 | 2018-01-02 | T-Mobile Usa, Inc. | Logging encrypted data communications for QOE analysis |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10187414B2 (en) * | 2016-07-20 | 2019-01-22 | Cisco Technology, Inc. | Differential malware detection using network and endpoint sensors |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
CN107948125A (zh) * | 2016-10-13 | 2018-04-20 | 腾讯科技(深圳)有限公司 | 一种网络攻击的处理方法及装置 |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US20180255076A1 (en) | 2017-03-02 | 2018-09-06 | ResponSight Pty Ltd | System and Method for Cyber Security Threat Detection |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
EP3713189A1 (de) * | 2019-03-22 | 2020-09-23 | Siemens Aktiengesellschaft | Intrusionserkennung bei computersystemen |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11695787B2 (en) | 2020-07-01 | 2023-07-04 | Hawk Network Defense, Inc. | Apparatus and methods for determining event information and intrusion detection at a host device |
CN114301616A (zh) * | 2021-09-29 | 2022-04-08 | 广西交通设计集团有限公司 | 基于elg实现防火墙安全日志统计分析方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10164064A (ja) * | 1996-12-05 | 1998-06-19 | Hitachi Ltd | ネットワーク侵入経路追跡方式 |
JP2001217834A (ja) * | 2000-02-02 | 2001-08-10 | Internatl Business Mach Corp <Ibm> | アクセス・チェーン追跡システム、ネットワーク・システム、方法、及び記録媒体 |
WO2002098085A1 (fr) * | 2001-05-25 | 2002-12-05 | Mitsubishi Denki Kabushiki Kaisha | Systeme de communication internet |
JP2004128733A (ja) * | 2002-09-30 | 2004-04-22 | Internatl Business Mach Corp <Ibm> | 通信監視システム及びその方法、情報処理方法並びにプログラム |
JP2004206564A (ja) * | 2002-12-26 | 2004-07-22 | Hitachi Information & Control Systems Inc | 不正アクセス検証装置及び方法 |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2137587C (en) * | 1994-12-08 | 1999-03-23 | Murray Charles Baker | Broadcast/multicast filtering by the bridge-based access point |
US5809235A (en) * | 1996-03-08 | 1998-09-15 | International Business Machines Corporation | Object oriented network event management framework |
US6460141B1 (en) * | 1998-10-28 | 2002-10-01 | Rsa Security Inc. | Security and access management system for web-enabled and non-web-enabled applications and content on a computer network |
US6405318B1 (en) | 1999-03-12 | 2002-06-11 | Psionic Software, Inc. | Intrusion detection system |
US7065657B1 (en) * | 1999-08-30 | 2006-06-20 | Symantec Corporation | Extensible intrusion detection system |
US7134141B2 (en) * | 2000-06-12 | 2006-11-07 | Hewlett-Packard Development Company, L.P. | System and method for host and network based intrusion detection and response |
US7007301B2 (en) * | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
US7290283B2 (en) | 2001-01-31 | 2007-10-30 | Lancope, Inc. | Network port profiling |
JP2002330177A (ja) * | 2001-03-02 | 2002-11-15 | Seer Insight Security Inc | セキュリティ管理サーバおよびこれと連携して動作するホストサーバ |
US7284267B1 (en) * | 2001-03-08 | 2007-10-16 | Mcafee, Inc. | Automatically configuring a computer firewall based on network connection |
US7845004B2 (en) * | 2001-07-27 | 2010-11-30 | International Business Machines Corporation | Correlating network information and intrusion information to find the entry point of an attack upon a protected computer |
CN1421777A (zh) * | 2001-11-27 | 2003-06-04 | 四川安盟科技有限责任公司 | 一种伪装服务的网络安全防护技术 |
JP2003183497A (ja) * | 2001-12-19 | 2003-07-03 | Riken Corp | 摺動部材 |
US7174566B2 (en) * | 2002-02-01 | 2007-02-06 | Intel Corporation | Integrated network intrusion detection |
US8972589B2 (en) * | 2002-03-01 | 2015-03-03 | Enterasys Networks, Inc. | Location-based access control in a data network |
US20030188189A1 (en) * | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
DE10242917A1 (de) | 2002-09-16 | 2004-03-25 | Siemens Ag | System zur Erfassung und Anzeige eines Sicherstatus von Geräten |
US7191241B2 (en) * | 2002-09-27 | 2007-03-13 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding to a TCP connection |
US20040205419A1 (en) * | 2003-04-10 | 2004-10-14 | Trend Micro Incorporated | Multilevel virus outbreak alert based on collaborative behavior |
CN100459563C (zh) * | 2003-11-21 | 2009-02-04 | 维豪信息技术有限公司 | 认证网关及其数据处理方法 |
CN100407089C (zh) | 2004-10-15 | 2008-07-30 | 国际商业机器公司 | 检测非法访问计算机网络的系统和方法 |
US7610375B2 (en) * | 2004-10-28 | 2009-10-27 | Cisco Technology, Inc. | Intrusion detection in a data center environment |
US7676841B2 (en) * | 2005-02-01 | 2010-03-09 | Fmr Llc | Network intrusion mitigation |
-
2006
- 2006-05-31 AT AT06763409T patent/ATE459184T1/de not_active IP Right Cessation
- 2006-05-31 WO PCT/EP2006/062766 patent/WO2006131475A1/en not_active Application Discontinuation
- 2006-05-31 CA CA2610350A patent/CA2610350C/en active Active
- 2006-05-31 EP EP06763409A patent/EP1889443B1/en active Active
- 2006-05-31 JP JP2008515191A patent/JP4742144B2/ja active Active
- 2006-05-31 DE DE602006012479T patent/DE602006012479D1/de active Active
- 2006-05-31 US US11/916,373 patent/US8272054B2/en not_active Expired - Fee Related
- 2006-05-31 CN CN200680016585XA patent/CN101176331B/zh active Active
-
2012
- 2012-06-05 US US13/488,595 patent/US8631496B2/en not_active Expired - Fee Related
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH10164064A (ja) * | 1996-12-05 | 1998-06-19 | Hitachi Ltd | ネットワーク侵入経路追跡方式 |
JP2001217834A (ja) * | 2000-02-02 | 2001-08-10 | Internatl Business Mach Corp <Ibm> | アクセス・チェーン追跡システム、ネットワーク・システム、方法、及び記録媒体 |
WO2002098085A1 (fr) * | 2001-05-25 | 2002-12-05 | Mitsubishi Denki Kabushiki Kaisha | Systeme de communication internet |
JP2004128733A (ja) * | 2002-09-30 | 2004-04-22 | Internatl Business Mach Corp <Ibm> | 通信監視システム及びその方法、情報処理方法並びにプログラム |
JP2004206564A (ja) * | 2002-12-26 | 2004-07-22 | Hitachi Information & Control Systems Inc | 不正アクセス検証装置及び方法 |
Also Published As
Publication number | Publication date |
---|---|
JP4742144B2 (ja) | 2011-08-10 |
WO2006131475A1 (en) | 2006-12-14 |
US8272054B2 (en) | 2012-09-18 |
CN101176331A (zh) | 2008-05-07 |
DE602006012479D1 (de) | 2010-04-08 |
EP1889443B1 (en) | 2010-02-24 |
US8631496B2 (en) | 2014-01-14 |
CA2610350C (en) | 2015-04-28 |
US20080209541A1 (en) | 2008-08-28 |
CN101176331B (zh) | 2011-12-21 |
ATE459184T1 (de) | 2010-03-15 |
EP1889443A1 (en) | 2008-02-20 |
US20120297489A1 (en) | 2012-11-22 |
CA2610350A1 (en) | 2006-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4742144B2 (ja) | Tcp/ipプロトコル・ベースのネットワーク内への侵入を試行するデバイスを識別する方法およびコンピュータ・プログラム | |
US9917857B2 (en) | Logging attack context data | |
Fuchsberger | Intrusion detection systems and intrusion prevention systems | |
US8640234B2 (en) | Method and apparatus for predictive and actual intrusion detection on a network | |
Gula | Correlating ids alerts with vulnerability information | |
US6907533B2 (en) | System and method for computer security using multiple cages | |
US20050216956A1 (en) | Method and system for authentication event security policy generation | |
US20050005017A1 (en) | Method and system for reducing scope of self-propagating attack code in network | |
US20040098623A1 (en) | Intrusion detection system | |
WO2002086724A1 (en) | System and method for analyzing logfiles | |
JP2010508598A (ja) | ストリング分析を利用する1つまたは複数のパケット・ネットワークでの望まれないトラフィックを検出する方法および装置 | |
Wu et al. | A novel approach to trojan horse detection by process tracing | |
JP2003186763A (ja) | コンピュータシステムへの不正侵入の検知と防止方法 | |
JP2003218949A (ja) | ネットワークの不正利用の監視方法 | |
Hooper | Intelligent autonomic strategy to attacks in network infrastructure protection: Feedback methods to IDS, using policies, alert filters and firewall packet filters for multiple protocols | |
Perez | Practical SIEM tools for SCADA environment | |
Brenton | Honeynets | |
Dwivedi et al. | A Real Time Host and Network Mobile Agent based Intrusion Detection System (HNMAIDS) | |
Asarcıklı | Firewall monitoring using intrusion detection systems | |
Belsis et al. | A security incident data model | |
He | Network security threats and defense | |
Stephens | Network Forensics | |
Barish | Windows Forensics: A Case Study, Part One | |
Mohammed | Cybercafé Systems Security | |
Cui | Security incidents in an academic setting: A case study |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20101124 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20110216 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20110426 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20110509 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 4742144 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20140513 Year of fee payment: 3 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |