JP2010079906A - マルウェアの誤検出を低減する方法及び装置 - Google Patents
マルウェアの誤検出を低減する方法及び装置 Download PDFInfo
- Publication number
- JP2010079906A JP2010079906A JP2009220611A JP2009220611A JP2010079906A JP 2010079906 A JP2010079906 A JP 2010079906A JP 2009220611 A JP2009220611 A JP 2009220611A JP 2009220611 A JP2009220611 A JP 2009220611A JP 2010079906 A JP2010079906 A JP 2010079906A
- Authority
- JP
- Japan
- Prior art keywords
- files
- level
- reliability
- computer
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
【解決手段】信頼性が不明なファイルがコンピュータ上の潜在的脅威として識別される。ファイルのそれぞれについての信頼性レベルがバックエンド124から受信される。ファイルのそれぞれの信頼性レベルが閾値レベルと比較される。ファイルのそれぞれの信頼性レベルが閾値レベルを満たす場合に、脅威の誤検出としてファイルのそれぞれが指定される。ファイルのそれぞれの信頼性レベルが閾値レベルを満たさない場合に、脅威の真の検出としてファイルのそれぞれが指定される。
【選択図】図1
Description
Claims (15)
- コンピュータ上のマルウェアを検出する方法であって、
前記コンピュータ上の潜在的脅威として、信頼性が不明なファイルを識別するステップと、
バックエンドから前記ファイルのそれぞれについての信頼性レベルを受信するステップと、
前記ファイルのそれぞれの前記信頼性レベルを閾値レベルと比較するステップと、
前記ファイルのそれぞれの前記信頼性レベルが前記閾値レベルを満たす場合に、脅威の誤検出として前記ファイルのそれぞれを指定するステップと、
前記ファイルのそれぞれの前記信頼性レベルが前記閾値レベルを満たさない場合に、脅威の真の検出として前記ファイルのそれぞれを指定するステップと、
を備える方法。 - 脅威の誤検出として指定された前記ファイルのそれぞれが利用されるのを可能とするステップと、
脅威の真の検出として指定された前記ファイルのそれぞれが利用されるのを阻止するステップと
をさらに備える請求項1に記載の方法。 - 信頼性が不明な前記ファイルが、前記ファイルを含むソフトウェアのインストール中に又は後に潜在的脅威として識別され、
当該方法が、前記ソフトウェアのインストールに応じて、前記バックエンドから前記ファイルのそれぞれについての前記信頼性レベルをリクエストするステップをさらに備える請求項1又は2に記載の方法。 - 前記ファイルについての識別情報を使用して、前記バックエンドから前記ファイルのそれぞれについての前記信頼性レベルをリクエストするステップをさらに備える請求項1〜3のいずれか一項に記載の方法。
- 前記ファイルのそれぞれについての前記識別情報が、前記ファイルのそれぞれの要約を含む請求項4に記載の方法。
- 前記バックエンドがサーバ上で実行され、
当該方法が、前記ファイルのそれぞれについての前記信頼性レベルのために、ネットワークを介して前記コンピュータから前記サーバに対してリクエストを送信するステップをさらに備える請求項1〜5のいずれか一項に記載の方法。 - 前記ファイルのそれぞれについての前記信頼性レベルが、複数の信頼性レベルのうちの1つであり、前記複数の信頼性レベルが、信頼性が低減する順序で、プロバイダ信頼レベル、コミュニティ信頼レベル、コミュニティ存在レベル、及び、不明であり、前記閾値レベルが前記コミュニティ存在レベルである請求項1〜6のいずれか一項に記載の方法。
- プロセッサによって実行された場合に前記プロセッサに請求項1〜7のいずれか一項に記載の方法を実行させる命令が格納されたコンピュータ読み取り可能な媒体。
- コンピュータ上のマルウェアを検出する装置であって、
前記コンピュータ上の潜在的脅威として、信頼性が不明なファイルを識別する手段と、
バックエンドから前記ファイルのそれぞれについての信頼性レベルを受信する手段と、
前記ファイルのそれぞれの前記信頼性レベルを閾値レベルと比較する手段と、
前記ファイルのそれぞれの前記信頼性レベルが前記閾値レベルを満たす場合に、脅威の誤検出として前記ファイルのそれぞれを指定する手段と、
前記ファイルのそれぞれの前記信頼性レベルが前記閾値レベルを満たさない場合に、脅威の真の検出として前記ファイルのそれぞれを指定する手段と
を備える装置。 - 脅威の誤検出として指定された前記ファイルのそれぞれが利用されるのを可能とする手段と、
脅威の真の検出として指定された前記ファイルのそれぞれが利用されるのを阻止する手段と
をさらに備える請求項9に記載の装置。 - 信頼性が不明な前記ファイルが、前記ファイルを含むソフトウェアのインストール中に又は後に潜在的脅威として識別され、
前記装置が、前記ソフトウェアのインストールに応じて、前記バックエンドから前記ファイルのそれぞれについての前記信頼性レベルをリクエストする手段をさらに備える請求項9又は10に記載の装置。 - 前記ファイルについての識別情報を使用して、前記バックエンドから前記ファイルのそれぞれについての前記信頼性レベルをリクエストする手段をさらに備える請求項9〜11のいずれか一項に記載の装置。
- 前記ファイルのそれぞれについての前記識別情報が、前記ファイルのそれぞれの要約を含む請求項12に記載の装置。
- 前記バックエンドがサーバ上で実行され、
前記装置が、前記ファイルのそれぞれについての前記信頼性レベルのために、ネットワークを介して前記コンピュータから前記サーバに対してリクエストを送信する手段をさらに備える請求項9〜13のいずれか一項に記載の装置。 - 前記ファイルのそれぞれについての前記信頼性レベルが、複数の信頼性レベルのうちの1つであり、前記複数の信頼性レベルが、信頼性が低減する順序で、プロバイダ信頼レベル、コミュニティ信頼レベル、コミュニティ存在レベル、及び、不明であり、前記閾値レベルが前記コミュニティ存在レベルである請求項9〜14のいずれか一項に記載の装置。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/239,185 US8931086B2 (en) | 2008-09-26 | 2008-09-26 | Method and apparatus for reducing false positive detection of malware |
US12/239,185 | 2008-09-26 |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2010079906A true JP2010079906A (ja) | 2010-04-08 |
JP5793764B2 JP5793764B2 (ja) | 2015-10-14 |
Family
ID=41327687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2009220611A Active JP5793764B2 (ja) | 2008-09-26 | 2009-09-25 | マルウェアの誤検出を低減する方法及び装置 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8931086B2 (ja) |
EP (1) | EP2169583A1 (ja) |
JP (1) | JP5793764B2 (ja) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011233126A (ja) * | 2010-04-28 | 2011-11-17 | Electronics And Telecommunications Research Institute | 正常プロセスに偽装挿入された悪性コード検出装置、システム及びその方法 |
JP2013540303A (ja) * | 2010-08-25 | 2013-10-31 | ルックアウト、アイエヌシー. | サーバで結合されたマルウェア防止のためのシステムと方法 |
JP2013543624A (ja) * | 2010-10-21 | 2013-12-05 | エフ−セキュア コーポレーション | コンピュータシステムの分析方法および装置 |
JP2018501591A (ja) * | 2014-11-25 | 2018-01-18 | エンサイロ リミテッドenSilo Ltd. | 悪意のあるコードの検出の精度保証のためのシステムおよび方法 |
JP2019028670A (ja) * | 2017-07-28 | 2019-02-21 | 大日本印刷株式会社 | セキュアエレメント、コンピュータプログラム、デバイス、サーバ及びデバイス監視方法 |
JPWO2020240766A1 (ja) * | 2019-05-30 | 2020-12-03 | ||
WO2020261438A1 (ja) * | 2019-06-26 | 2020-12-30 | 日本電気株式会社 | 実行制御システム、実行制御方法、及びプログラム |
Families Citing this family (192)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8793787B2 (en) * | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8584239B2 (en) * | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8006305B2 (en) | 2004-06-14 | 2011-08-23 | Fireeye, Inc. | Computer worm defense system and method |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
JP5144075B2 (ja) * | 2006-03-30 | 2013-02-13 | 日本碍子株式会社 | ハニカム構造体及びその製造方法 |
US8850571B2 (en) * | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US9064130B1 (en) * | 2009-02-27 | 2015-06-23 | Symantec Corporation | Data loss prevention in the event of malware detection |
US8001606B1 (en) * | 2009-06-30 | 2011-08-16 | Symantec Corporation | Malware detection using a white list |
US8800030B2 (en) * | 2009-09-15 | 2014-08-05 | Symantec Corporation | Individualized time-to-live for reputation scores of computer files |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US8306988B1 (en) * | 2009-10-26 | 2012-11-06 | Mcafee, Inc. | System, method, and computer program product for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database |
US8539583B2 (en) * | 2009-11-03 | 2013-09-17 | Mcafee, Inc. | Rollback feature |
US8356354B2 (en) * | 2009-11-23 | 2013-01-15 | Kaspersky Lab, Zao | Silent-mode signature testing in anti-malware processing |
MY164406A (en) * | 2010-06-22 | 2017-12-15 | Mimos Berhad | System and method for verifying and executing software applications from a trusted server linked to a service provider server |
US8683216B2 (en) * | 2010-07-13 | 2014-03-25 | F-Secure Corporation | Identifying polymorphic malware |
US8387140B2 (en) * | 2010-10-15 | 2013-02-26 | Apple Inc. | Method and apparatus for controlling access to encrypted network communication channels |
US8640245B2 (en) * | 2010-12-24 | 2014-01-28 | Kaspersky Lab, Zao | Optimization of anti-malware processing by automated correction of detection rules |
US8621634B2 (en) * | 2011-01-13 | 2013-12-31 | F-Secure Oyj | Malware detection based on a predetermined criterion |
US20130055369A1 (en) * | 2011-08-24 | 2013-02-28 | Mcafee, Inc. | System and method for day-zero authentication of activex controls |
RU2011138462A (ru) * | 2011-09-20 | 2013-04-10 | Закрытое акционерное общество "Лаборатория Касперского" | Использование решений пользователей для обнаружения неизвестных компьютерных угроз |
EP2584488B1 (en) * | 2011-09-20 | 2016-02-10 | Kaspersky Lab, ZAO | System and method for detecting computer security threats based on verdicts of computer users |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
RU2535506C2 (ru) | 2012-12-25 | 2014-12-10 | Закрытое акционерное обшество "Лаборатория Касперского" | Система и способ формирования сценариев модели поведения приложений |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9412066B1 (en) | 2013-03-11 | 2016-08-09 | Symantec Corporation | Systems and methods for predicting optimum run times for software samples |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US8863284B1 (en) | 2013-10-10 | 2014-10-14 | Kaspersky Lab Zao | System and method for determining a security status of potentially malicious files |
US8739287B1 (en) * | 2013-10-10 | 2014-05-27 | Kaspersky Lab Zao | Determining a security status of potentially malicious files |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9507935B2 (en) | 2014-01-16 | 2016-11-29 | Fireeye, Inc. | Exploit detection system with threat-aware microvisor |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9569617B1 (en) * | 2014-03-05 | 2017-02-14 | Symantec Corporation | Systems and methods for preventing false positive malware identification |
US9805115B1 (en) | 2014-03-13 | 2017-10-31 | Symantec Corporation | Systems and methods for updating generic file-classification definitions |
US9684705B1 (en) | 2014-03-14 | 2017-06-20 | Symantec Corporation | Systems and methods for clustering data |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9323924B1 (en) * | 2014-05-09 | 2016-04-26 | Symantec Corporation | Systems and methods for establishing reputations of files |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9762593B1 (en) | 2014-09-09 | 2017-09-12 | Symantec Corporation | Automatic generation of generic file signatures |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
EP3059693B1 (en) * | 2015-02-20 | 2017-06-21 | Kaspersky Lab, ZAO | System and method for generating application control rules |
RU2587424C1 (ru) * | 2015-02-20 | 2016-06-20 | Закрытое акционерное общество "Лаборатория Касперского" | Способ контроля приложений |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US9813437B2 (en) | 2015-06-15 | 2017-11-07 | Symantec Corporation | Systems and methods for determining malicious-download risk based on user behavior |
US10169584B1 (en) | 2015-06-25 | 2019-01-01 | Symantec Corporation | Systems and methods for identifying non-malicious files on computing devices within organizations |
US10055586B1 (en) * | 2015-06-29 | 2018-08-21 | Symantec Corporation | Systems and methods for determining the trustworthiness of files within organizations |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US9838405B1 (en) | 2015-11-20 | 2017-12-05 | Symantec Corporation | Systems and methods for determining types of malware infections on computing devices |
US10606844B1 (en) * | 2015-12-04 | 2020-03-31 | Ca, Inc. | Method and apparatus for identifying legitimate files using partial hash based cloud reputation |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US9836603B2 (en) | 2015-12-30 | 2017-12-05 | Symantec Corporation | Systems and methods for automated generation of generic signatures used to detect polymorphic malware |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10003606B2 (en) | 2016-03-30 | 2018-06-19 | Symantec Corporation | Systems and methods for detecting security threats |
US10075457B2 (en) * | 2016-03-30 | 2018-09-11 | Fortinet, Inc. | Sandboxing protection for endpoints |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10116680B1 (en) | 2016-06-21 | 2018-10-30 | Symantec Corporation | Systems and methods for evaluating infection risks based on profiled user behaviors |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10091231B1 (en) | 2016-09-15 | 2018-10-02 | Symantec Corporation | Systems and methods for detecting security blind spots |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10542017B1 (en) | 2016-10-13 | 2020-01-21 | Symantec Corporation | Systems and methods for personalizing security incident reports |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
RU2665909C1 (ru) * | 2017-08-10 | 2018-09-04 | Акционерное общество "Лаборатория Касперского" | Способ избирательного использования шаблонов опасного поведения программ |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
RU2750628C2 (ru) | 2019-06-28 | 2021-06-30 | Акционерное общество "Лаборатория Касперского" | Система и способ определения уровня доверия файла |
CN112149126A (zh) * | 2019-06-28 | 2020-12-29 | 卡巴斯基实验室股份制公司 | 确定文件的信任级别的系统和方法 |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003256370A (ja) * | 2002-02-26 | 2003-09-12 | Fumiaki Yamazaki | セキュリティ情報配信方法、および、セキュリティ情報配信サーバ |
US20040153644A1 (en) * | 2003-02-05 | 2004-08-05 | Mccorkendale Bruce | Preventing execution of potentially malicious software |
US20060218642A1 (en) * | 2005-03-22 | 2006-09-28 | Microsoft Corporation | Application identity and rating service |
JP2007528040A (ja) * | 2003-06-25 | 2007-10-04 | ノキア インコーポレイテッド | メッセージプロテクションシステムにおける二段階ハッシュ値マッチング法 |
JP2008077548A (ja) * | 2006-09-25 | 2008-04-03 | Matsushita Electric Ind Co Ltd | 移動体通信端末、移動体通信方法、移動体通信プログラム、移動体通信システム |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US153644A (en) * | 1874-07-28 | Improvement in wheels for vehicles | ||
US150948A (en) * | 1874-05-19 | Improvement in carving-tools | ||
US7748039B2 (en) * | 2002-08-30 | 2010-06-29 | Symantec Corporation | Method and apparatus for detecting malicious code in an information handling system |
US20040107363A1 (en) * | 2003-08-22 | 2004-06-03 | Emergency 24, Inc. | System and method for anticipating the trustworthiness of an internet site |
US7467409B2 (en) * | 2003-12-12 | 2008-12-16 | Microsoft Corporation | Aggregating trust services for file transfer clients |
EP1549012A1 (en) | 2003-12-24 | 2005-06-29 | DataCenterTechnologies N.V. | Method and system for identifying the content of files in a network |
-
2008
- 2008-09-26 US US12/239,185 patent/US8931086B2/en active Active
-
2009
- 2009-09-23 EP EP09171074A patent/EP2169583A1/en not_active Ceased
- 2009-09-25 JP JP2009220611A patent/JP5793764B2/ja active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003256370A (ja) * | 2002-02-26 | 2003-09-12 | Fumiaki Yamazaki | セキュリティ情報配信方法、および、セキュリティ情報配信サーバ |
US20040153644A1 (en) * | 2003-02-05 | 2004-08-05 | Mccorkendale Bruce | Preventing execution of potentially malicious software |
JP2007528040A (ja) * | 2003-06-25 | 2007-10-04 | ノキア インコーポレイテッド | メッセージプロテクションシステムにおける二段階ハッシュ値マッチング法 |
US20060218642A1 (en) * | 2005-03-22 | 2006-09-28 | Microsoft Corporation | Application identity and rating service |
JP2008077548A (ja) * | 2006-09-25 | 2008-04-03 | Matsushita Electric Ind Co Ltd | 移動体通信端末、移動体通信方法、移動体通信プログラム、移動体通信システム |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011233126A (ja) * | 2010-04-28 | 2011-11-17 | Electronics And Telecommunications Research Institute | 正常プロセスに偽装挿入された悪性コード検出装置、システム及びその方法 |
US8955124B2 (en) | 2010-04-28 | 2015-02-10 | Electronics And Telecommunications Research Institute | Apparatus, system and method for detecting malicious code |
JP2013540303A (ja) * | 2010-08-25 | 2013-10-31 | ルックアウト、アイエヌシー. | サーバで結合されたマルウェア防止のためのシステムと方法 |
JP2013543624A (ja) * | 2010-10-21 | 2013-12-05 | エフ−セキュア コーポレーション | コンピュータシステムの分析方法および装置 |
US10264104B2 (en) | 2014-11-25 | 2019-04-16 | enSilo Ltd. | Systems and methods for malicious code detection accuracy assurance |
JP2018501591A (ja) * | 2014-11-25 | 2018-01-18 | エンサイロ リミテッドenSilo Ltd. | 悪意のあるコードの検出の精度保証のためのシステムおよび方法 |
US10334083B2 (en) | 2014-11-25 | 2019-06-25 | enSilo Ltd. | Systems and methods for malicious code detection |
JP2019028670A (ja) * | 2017-07-28 | 2019-02-21 | 大日本印刷株式会社 | セキュアエレメント、コンピュータプログラム、デバイス、サーバ及びデバイス監視方法 |
JPWO2020240766A1 (ja) * | 2019-05-30 | 2020-12-03 | ||
WO2020240766A1 (ja) * | 2019-05-30 | 2020-12-03 | 日本電気株式会社 | 評価装置、システム、制御方法、及びプログラム |
WO2020261438A1 (ja) * | 2019-06-26 | 2020-12-30 | 日本電気株式会社 | 実行制御システム、実行制御方法、及びプログラム |
JPWO2020261438A1 (ja) * | 2019-06-26 | 2020-12-30 | ||
JP7255681B2 (ja) | 2019-06-26 | 2023-04-11 | 日本電気株式会社 | 実行制御システム、実行制御方法、及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
US8931086B2 (en) | 2015-01-06 |
JP5793764B2 (ja) | 2015-10-14 |
US20100083376A1 (en) | 2010-04-01 |
EP2169583A1 (en) | 2010-03-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5793764B2 (ja) | マルウェアの誤検出を低減する方法及び装置 | |
JP5639725B2 (ja) | ソフトウェアの信頼性を測定する方法及び装置 | |
US20230231872A1 (en) | Detection of and protection from malware and steganography | |
US11677764B2 (en) | Automated malware family signature generation | |
US9679136B2 (en) | Method and system for discrete stateful behavioral analysis | |
RU2698776C2 (ru) | Способ ведения базы данных и соответствующий сервер | |
US9147071B2 (en) | System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system | |
US9251343B1 (en) | Detecting bootkits resident on compromised computers | |
US11520901B2 (en) | Detecting firmware vulnerabilities | |
US7904278B2 (en) | Methods and system for program execution integrity measurement | |
US11714910B2 (en) | Measuring integrity of computing system | |
US8484739B1 (en) | Techniques for securely performing reputation based analysis using virtualization | |
US8474039B2 (en) | System and method for proactive detection and repair of malware memory infection via a remote memory reputation system | |
US8307434B2 (en) | Method and system for discrete stateful behavioral analysis | |
US9317687B2 (en) | Identifying rootkits based on access permissions | |
KR101588542B1 (ko) | 멀웨어 위험 스캐너 | |
CN105791250B (zh) | 应用程序检测方法及装置 | |
US8490195B1 (en) | Method and apparatus for behavioral detection of malware in a computer system | |
JP5386015B1 (ja) | バグ検出装置およびバグ検出方法 | |
JP5425980B2 (ja) | バグ判定装置およびバグ判定方法 | |
CN113407935A (zh) | 一种文件检测方法、装置、存储介质及服务器 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20120921 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20131113 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20131203 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20140207 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20140805 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20141016 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20150324 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20150508 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20150624 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20150714 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20150716 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5793764 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |