JP2013529335A5 - - Google Patents

Download PDF

Info

Publication number
JP2013529335A5
JP2013529335A5 JP2013508131A JP2013508131A JP2013529335A5 JP 2013529335 A5 JP2013529335 A5 JP 2013529335A5 JP 2013508131 A JP2013508131 A JP 2013508131A JP 2013508131 A JP2013508131 A JP 2013508131A JP 2013529335 A5 JP2013529335 A5 JP 2013529335A5
Authority
JP
Japan
Prior art keywords
malware
behavior
sequence
goodware
new
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2013508131A
Other languages
English (en)
Japanese (ja)
Other versions
JP5656136B2 (ja
JP2013529335A (ja
Filing date
Publication date
Priority claimed from US12/769,262 external-priority patent/US8464345B2/en
Application filed filed Critical
Publication of JP2013529335A publication Critical patent/JP2013529335A/ja
Publication of JP2013529335A5 publication Critical patent/JP2013529335A5/ja
Application granted granted Critical
Publication of JP5656136B2 publication Critical patent/JP5656136B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

JP2013508131A 2010-04-28 2011-04-25 クラスタリングを使用した行動シグネチャの生成 Active JP5656136B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/769,262 US8464345B2 (en) 2010-04-28 2010-04-28 Behavioral signature generation using clustering
US12/769,262 2010-04-28
PCT/US2011/033829 WO2011137083A1 (en) 2010-04-28 2011-04-25 Behavioral signature generation using clustering

Publications (3)

Publication Number Publication Date
JP2013529335A JP2013529335A (ja) 2013-07-18
JP2013529335A5 true JP2013529335A5 (enExample) 2014-06-05
JP5656136B2 JP5656136B2 (ja) 2015-01-21

Family

ID=44121040

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2013508131A Active JP5656136B2 (ja) 2010-04-28 2011-04-25 クラスタリングを使用した行動シグネチャの生成

Country Status (5)

Country Link
US (1) US8464345B2 (enExample)
EP (1) EP2564341B1 (enExample)
JP (1) JP5656136B2 (enExample)
CA (1) CA2797584C (enExample)
WO (1) WO2011137083A1 (enExample)

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9213838B2 (en) 2011-05-13 2015-12-15 Mcafee Ireland Holdings Limited Systems and methods of processing data associated with detection and/or handling of malware
US9449175B2 (en) * 2010-06-03 2016-09-20 Nokia Technologies Oy Method and apparatus for analyzing and detecting malicious software
US20120173702A1 (en) * 2010-12-30 2012-07-05 Telefonaktiebolaget L M Ericsson (Publ) Automatic Signature Generation For Application Recognition And User Tracking Over Heterogeneous Networks
US9652616B1 (en) * 2011-03-14 2017-05-16 Symantec Corporation Techniques for classifying non-process threats
US9092229B2 (en) * 2011-05-06 2015-07-28 George Mason Research Foundation, Inc. Software analysis system and method of use
US9094288B1 (en) * 2011-10-26 2015-07-28 Narus, Inc. Automated discovery, attribution, analysis, and risk assessment of security threats
US9439077B2 (en) 2012-04-10 2016-09-06 Qualcomm Incorporated Method for malicious activity detection in a mobile station
IL219499B (en) 2012-04-30 2019-02-28 Verint Systems Ltd A system and method for detecting malicious software
US9386028B2 (en) 2012-10-23 2016-07-05 Verint Systems Ltd. System and method for malware detection using multidimensional feature clustering
US9372989B2 (en) 2013-02-15 2016-06-21 Systems of Information Security 2012 Robust malware detector
US9152703B1 (en) 2013-02-28 2015-10-06 Symantec Corporation Systems and methods for clustering data samples
US10365945B2 (en) * 2013-03-27 2019-07-30 International Business Machines Corporation Clustering based process deviation detection
IL226747B (en) 2013-06-04 2019-01-31 Verint Systems Ltd A system and method for studying malware detection
JP6000465B2 (ja) * 2013-09-25 2016-09-28 三菱電機株式会社 プロセス検査装置、プロセス検査プログラムおよびプロセス検査方法
US9519775B2 (en) * 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
US9213831B2 (en) 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
US9769189B2 (en) * 2014-02-21 2017-09-19 Verisign, Inc. Systems and methods for behavior-based automated malware analysis and classification
TWI553503B (zh) 2014-02-27 2016-10-11 國立交通大學 產生候選鈎點以偵測惡意程式之方法及其系統
US9569617B1 (en) * 2014-03-05 2017-02-14 Symantec Corporation Systems and methods for preventing false positive malware identification
US9805115B1 (en) 2014-03-13 2017-10-31 Symantec Corporation Systems and methods for updating generic file-classification definitions
US9684705B1 (en) 2014-03-14 2017-06-20 Symantec Corporation Systems and methods for clustering data
CN103955645B (zh) * 2014-04-28 2017-03-08 百度在线网络技术(北京)有限公司 恶意进程行为的检测方法、装置及系统
JP6314036B2 (ja) * 2014-05-28 2018-04-18 株式会社日立製作所 マルウェア特徴抽出装置、マルウェア特徴抽出システム、マルウェア特徴方法及び対策指示装置
US9015814B1 (en) 2014-06-10 2015-04-21 Kaspersky Lab Zao System and methods for detecting harmful files of different formats
US9892270B2 (en) 2014-07-18 2018-02-13 Empow Cyber Security Ltd. System and method for programmably creating and customizing security applications via a graphical user interface
US9565204B2 (en) 2014-07-18 2017-02-07 Empow Cyber Security Ltd. Cyber-security system and methods thereof
IL233776B (en) 2014-07-24 2019-02-28 Verint Systems Ltd A system and method for adjusting domains
US11507663B2 (en) * 2014-08-11 2022-11-22 Sentinel Labs Israel Ltd. Method of remediating operations performed by a program and system thereof
US10102374B1 (en) * 2014-08-11 2018-10-16 Sentinel Labs Israel Ltd. Method of remediating a program and system thereof by undoing operations
US9710648B2 (en) * 2014-08-11 2017-07-18 Sentinel Labs Israel Ltd. Method of malware detection and system thereof
CN106664201A (zh) 2014-08-28 2017-05-10 三菱电机株式会社 进程解析装置、进程解析方法和进程解析程序
US9762593B1 (en) * 2014-09-09 2017-09-12 Symantec Corporation Automatic generation of generic file signatures
JP6267089B2 (ja) * 2014-09-25 2018-01-24 株式会社日立製作所 ウイルス検知システム及び方法
CN104298920A (zh) * 2014-10-14 2015-01-21 百度在线网络技术(北京)有限公司 一种病毒文件的处理方法、系统及设备
US10038706B2 (en) * 2014-10-31 2018-07-31 Verisign, Inc. Systems, devices, and methods for separating malware and background events
CN104573515A (zh) * 2014-12-19 2015-04-29 百度在线网络技术(北京)有限公司 一种病毒处理方法、装置和系统
US10044750B2 (en) * 2015-01-16 2018-08-07 Microsoft Technology Licensing, Llc Code labeling based on tokenized code samples
US10560842B2 (en) 2015-01-28 2020-02-11 Verint Systems Ltd. System and method for combined network-side and off-air monitoring of wireless networks
WO2016133271A1 (ko) * 2015-02-16 2016-08-25 에스케이플래닛 주식회사 크래시 리포트 처리 시스템 및 그 시스템에서의 크래시 리포트 처리를 위한 장치
IL238001B (en) 2015-03-29 2020-05-31 Verint Systems Ltd System and method for identifying communication conversation participants based on communication traffic patterns
US9813437B2 (en) 2015-06-15 2017-11-07 Symantec Corporation Systems and methods for determining malicious-download risk based on user behavior
WO2017003580A1 (en) * 2015-06-27 2017-01-05 Mcafee, Inc. Mitigation of malware
RU2614557C2 (ru) * 2015-06-30 2017-03-28 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обнаружения вредоносных файлов на мобильных устройствах
RU2606564C1 (ru) * 2015-09-30 2017-01-10 Акционерное общество "Лаборатория Касперского" Система и способ блокировки выполнения сценариев
IL242219B (en) 2015-10-22 2020-11-30 Verint Systems Ltd System and method for keyword searching using both static and dynamic dictionaries
IL242218B (en) 2015-10-22 2020-11-30 Verint Systems Ltd A system and method for maintaining a dynamic dictionary
US10210331B2 (en) * 2015-12-24 2019-02-19 Mcafee, Llc Executing full logical paths for malware detection
US9836603B2 (en) 2015-12-30 2017-12-05 Symantec Corporation Systems and methods for automated generation of generic signatures used to detect polymorphic malware
KR20170108330A (ko) * 2016-03-17 2017-09-27 한국전자통신연구원 악성 코드 탐지 장치 및 방법
IL245299B (en) 2016-04-25 2021-05-31 Verint Systems Ltd A system and method for decoding communication transmitted in a wireless local communication network
US10116680B1 (en) 2016-06-21 2018-10-30 Symantec Corporation Systems and methods for evaluating infection risks based on profiled user behaviors
CN109564613B (zh) 2016-07-27 2023-05-30 日本电气株式会社 签名创建设备、签名创建方法、记录签名创建程序的记录介质、以及软件确定系统
US11616812B2 (en) 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US11695800B2 (en) 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US10104101B1 (en) * 2017-04-28 2018-10-16 Qualys, Inc. Method and apparatus for intelligent aggregation of threat behavior for the detection of malware
IL252041B (en) 2017-04-30 2020-09-30 Verint Systems Ltd System and method for tracking computer application users
IL252037B (en) 2017-04-30 2021-12-01 Verint Systems Ltd System and method for identifying relationships between computer application users
WO2019032728A1 (en) 2017-08-08 2019-02-14 Sentinel Labs, Inc. METHODS, SYSTEMS AND DEVICES FOR DYNAMICALLY MODELING AND REGROUPING END POINTS FOR ONBOARD NETWORKING
US10432648B1 (en) 2017-08-28 2019-10-01 Palo Alto Networks, Inc. Automated malware family signature generation
KR102046262B1 (ko) * 2017-12-18 2019-11-18 고려대학교 산학협력단 모바일 운영체제 환경에서 악성 코드 행위에 따른 위험을 관리하는 장치 및 방법, 이 방법을 수행하기 위한 기록 매체
IL256690B (en) 2018-01-01 2022-02-01 Cognyte Tech Israel Ltd System and method for identifying pairs of related application users
US11470115B2 (en) 2018-02-09 2022-10-11 Attivo Networks, Inc. Implementing decoys in a network environment
KR102189829B1 (ko) 2018-09-19 2020-12-11 주식회사 맥데이타 네트워크 보안 모니터링 방법, 네트워크 보안 모니터링 장치 및 시스템
WO2020060231A1 (ko) * 2018-09-19 2020-03-26 주식회사 맥데이타 네트워크 보안 모니터링 방법, 네트워크 보안 모니터링 장치 및 시스템
FR3092921A1 (fr) 2019-02-14 2020-08-21 Orange Procédé de construction de signatures comportementales de logiciels
JP7278423B2 (ja) 2019-05-20 2023-05-19 センチネル ラブス イスラエル リミテッド 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法
US12013937B1 (en) * 2019-06-04 2024-06-18 Trend Micro Incorporated Detection and identification of malware using a hierarchical evolutionary tree
US11258813B2 (en) * 2019-06-27 2022-02-22 Intel Corporation Systems and methods to fingerprint and classify application behaviors using telemetry
US20220366044A1 (en) * 2019-09-26 2022-11-17 Nec Corporation Learning apparatus, determination system, learning method, and non-transitory computer readable medium
US20220327210A1 (en) * 2019-09-27 2022-10-13 Nec Corporation Learning apparatus, determination system, learning method, and non-transitory computer readable medium storing learning program
EP4046337A1 (en) 2019-11-03 2022-08-24 Cognyte Technologies Israel Ltd System and method for identifying exchanges of encrypted communication traffic
US11729207B2 (en) * 2020-06-12 2023-08-15 Vmware, Inc. Hierarchical novelty detection using intended states for network security
US11601446B2 (en) 2020-08-20 2023-03-07 Saudi Arabian Oil Company Method to detect database management system SQL code anomalies
RU2748518C1 (ru) 2020-08-27 2021-05-26 Общество с ограниченной ответственностью "Траст" Способ противодействия вредоносному программному обеспечению (ВПО) путем имитации проверочной среды
US11579857B2 (en) 2020-12-16 2023-02-14 Sentinel Labs Israel Ltd. Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach
US11743286B2 (en) * 2021-01-29 2023-08-29 Palo Alto Networks, Inc. Combination rule mining for malware signature generation
US20240152615A1 (en) * 2021-03-16 2024-05-09 Nippon Telegraph And Telephone Corporation Device for extracting trace of act, method for extracting trace of act, and program for extracting trace of act
JP7571858B2 (ja) * 2021-03-16 2024-10-23 日本電信電話株式会社 判定装置、判定方法および判定プログラム
US11899782B1 (en) 2021-07-13 2024-02-13 SentinelOne, Inc. Preserving DLL hooks
US12177181B2 (en) * 2021-08-31 2024-12-24 Palo Alto Networks, Inc. Automatic network signature generation
WO2023089674A1 (ja) * 2021-11-16 2023-05-25 日本電信電話株式会社 生成装置、生成方法および生成プログラム
US20230185692A1 (en) * 2021-12-14 2023-06-15 John D. Campbell Highly Tested Systems
US12452273B2 (en) 2022-03-30 2025-10-21 SentinelOne, Inc Systems, methods, and devices for preventing credential passing attacks
US12468810B2 (en) 2023-01-13 2025-11-11 SentinelOne, Inc. Classifying cybersecurity threats using machine learning on non-euclidean data

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7013A (en) * 1850-01-15 Gate for fences
US7975305B2 (en) * 1997-11-06 2011-07-05 Finjan, Inc. Method and system for adaptive rule-based content scanners for desktop computers
US7809659B1 (en) * 2000-02-24 2010-10-05 Paiz Richard S Method for presenting optimal internet keyword based search result sets using an environmental bitmap and environmental bitmap pyramid structure
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US7017186B2 (en) * 2002-07-30 2006-03-21 Steelcloud, Inc. Intrusion detection system using self-organizing clusters
US7694150B1 (en) * 2004-06-22 2010-04-06 Cisco Technology, Inc System and methods for integration of behavioral and signature based security
US7634813B2 (en) * 2004-07-21 2009-12-15 Microsoft Corporation Self-certifying alert
US7519998B2 (en) * 2004-07-28 2009-04-14 Los Alamos National Security, Llc Detection of malicious computer executables
US20070079375A1 (en) * 2005-10-04 2007-04-05 Drew Copley Computer Behavioral Management Using Heuristic Analysis
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US7809670B2 (en) * 2005-12-09 2010-10-05 Microsoft Corporation Classification of malware using clustering that orders events in accordance with the time of occurance
US8201244B2 (en) * 2006-09-19 2012-06-12 Microsoft Corporation Automated malware signature generation
IL181426A (en) 2007-02-19 2011-06-30 Deutsche Telekom Ag Automatic removal of signatures for malware
US8091093B2 (en) * 2007-10-05 2012-01-03 Equilibrium Networks, Incorporated System and method for information assurance based on thermal analysis techniques
IL191744A0 (en) 2008-05-27 2009-02-11 Yuval Elovici Unknown malcode detection using classifiers with optimal training sets
US7530106B1 (en) * 2008-07-02 2009-05-05 Kaspersky Lab, Zao System and method for security rating of computer processes
US8635694B2 (en) * 2009-01-10 2014-01-21 Kaspersky Lab Zao Systems and methods for malware classification
US20100251369A1 (en) * 2009-03-25 2010-09-30 Grant Calum A M Method and system for preventing data leakage from a computer facilty

Similar Documents

Publication Publication Date Title
JP2013529335A5 (enExample)
CN110737895B (zh) 使用静态和动态恶意软件分析来扩展恶意软件的动态检测
Bhatia et al. Malware detection in android based on dynamic analysis
CN107392025B (zh) 基于深度学习的恶意安卓应用程序检测方法
US9417859B2 (en) Purity analysis using white list/black list analysis
US8839204B2 (en) Determination of function purity for memoization
US8826254B2 (en) Memoizing with read only side effects
US8978141B2 (en) System and method for detecting malicious software using malware trigger scenarios
US8694574B2 (en) Optimized settings in a configuration database with boundaries
US20130074057A1 (en) Selecting Functions for Memoization Analysis
US8656134B2 (en) Optimized memory configuration deployed on executing code
JP5656136B2 (ja) クラスタリングを使用した行動シグネチャの生成
Ghiasi et al. Dynamic VSA: a framework for malware detection based on register contents
Rathnayaka et al. An efficient approach for advanced malware analysis using memory forensic technique
CN103136471B (zh) 一种恶意Android应用程序检测方法和系统
KR101228899B1 (ko) 벡터량 산출을 이용한 악성코드의 분류 및 진단 방법과 장치
CN109586282B (zh) 一种电网未知威胁检测系统及方法
WO2014074163A1 (en) Input vector analysis for memoization estimation
US20160021174A1 (en) Computer implemented method for classifying mobile applications and computer programs thereof
WO2021182986A1 (ru) Способ и система поиска схожих вредоносных программ по результатам их динамического анализа
WO2017036335A1 (zh) 一种代码提交方法和设备
US20150254163A1 (en) Origin Trace Behavior Model for Application Behavior
CN106503558A (zh) 一种基于社团结构分析的Android恶意代码检测方法
CN102750475A (zh) 基于虚拟机内外视图交叉比对恶意代码行为检测方法及系统
CN102708309A (zh) 恶意代码自动分析方法及系统