JP2017509962A - 構造化ファイルからの静的特徴抽出 - Google Patents
構造化ファイルからの静的特徴抽出 Download PDFInfo
- Publication number
- JP2017509962A JP2017509962A JP2016549252A JP2016549252A JP2017509962A JP 2017509962 A JP2017509962 A JP 2017509962A JP 2016549252 A JP2016549252 A JP 2016549252A JP 2016549252 A JP2016549252 A JP 2016549252A JP 2017509962 A JP2017509962 A JP 2017509962A
- Authority
- JP
- Japan
- Prior art keywords
- data
- structured file
- feature
- file
- structured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/11—File system administration, e.g. details of archiving or snapshots
- G06F16/116—Details of conversion of file system types or formats
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/188—Virtual file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/205—Parsing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- Artificial Intelligence (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- User Interface Of Digital Computer (AREA)
- Document Processing Apparatus (AREA)
Abstract
Description
Claims (16)
- 構造化ファイル内部でラップされる実行コードを管理するために実行環境によって要求されるデータをカプセル化する構造化ファイルを含むデータを受信する又はデータにアクセスするステップと、
構造化ファイル内のコード及びデータ領域を繰り返し特定するステップと、
特定されたコード及びデータ領域の少なくとも一部を分析することによって、構造化ファイルから少なくとも一つの特徴を抽出するステップと、
を含む方法。 - 構造化ファイルは、ポータブル エグゼキュータブル(PE)フォーマットファイル、ディスク オペレーティング システム(DOS)実行ファイル、ニュー エグゼキュータブル(NE)ファイル、リニア エグゼキュータブル(LE)ファイル、エグゼキュータブル アンド リンカブル フォーマット(ELF)ファイル、ジャバ アチーブ(JAR)ファイル、及びショックウェーブ/フラッシュ(SWF)ファイルを含むグループから選択される、請求項1に記載の方法。
- 実行環境は、オペレーティングシステム又はバーチャルマシンである、請求項1又は2に記載の方法。
- 構造化ファイルが有効なシグネチャをカプセル化するかどうかを判別するために構造化ファイル内部の少なくとも一つのヘッダを調べることによって、構造化ファイルが有効であることを判別するステップをさらに含む、請求項1から3のいずれか一に記載の方法。
- 抽出された少なくとも一つの特徴は、1次の特徴である、請求項1から4のいずれか一に記載の方法。
- 抽出された少なくとも一つの1次の特徴を、高次の特徴の中へ導出するステップをさらに含む、請求項5に記載の方法。
- 少なくとも一つのさらなる特徴を抽出するために構造化ファイル内部のネガティブスペースを分析するステップをさらに含み、ネガティブスペースは、特定されたコード及びデータ領域と異なる、請求項1から6のいずれか一に記載の方法。
- 抽出された少なくとも一つの特徴を変換するステップをさらに含む、請求項1から7のいずれか一に記載の方法。
- 変換するステップが、
抽出された少なくとも一つの特徴をサニタイズするステップと、
抽出された少なくとも一つの特徴を切り詰めるステップと、及び
少なくとも一つの特徴の少なくとも一部をエンコードするステップと、
のうちの一つ又はそれ以上を含む、請求項8に記載の方法。 - 構造化ファイル内のコード及びデータ領域を特定するステップが、構造化ファイルを構文解析して逆アセンブリするステップを含む、請求項1から9のいずれか一に記載の方法。
- 構造化ファイル内部のデータは、階層的に配置され、構造化ファイルは、第2のデータ構造体をカプセル化する第1のデータ構造体をカプセル化するトップレベルヘッダを含む、請求項1から10のいずれか一に記載の方法。
- 構造化ファイル内部のコード及びデータ領域を特定するステップは、構造化ファイル内のコード及び/又はデータ領域のタイプを特定するステップを含む、請求項1から11のいずれか一に記載の方法。
- 機械学習モデルに、抽出された少なくとも一つの特徴を提供するステップをさらに含む、請求項1から12のいずれか一に記載の方法。
- 機械学習モデルが、中間の処理するステップ又は構文解析するステップを介さずに抽出された少なくとも一つの特徴を消費する、請求項13に記載の方法。
- 命令をストアする持続性のコンピュータプログラムプロダクトであって、
少なくとも一つのコンピュータシステムの一部を形成する少なくとも一つのデータプロセッサによって実行される際に、前記命令は請求項1から14のいずれか一に記載の方法を実装するように稼働する、
持続性のコンピュータプログラムプロダクト。 - 少なくとも一つのデータプロセッサ、及び
命令をストアするメモリを含み、命令は、少なくとも一つのデータプロセッサによって実行される際に、請求項1から15のいずれか一に記載の方法を実装するように稼働する、
システム。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/169,808 US9262296B1 (en) | 2014-01-31 | 2014-01-31 | Static feature extraction from structured files |
US14/169,808 | 2014-01-31 | ||
PCT/US2015/013933 WO2015117012A1 (en) | 2014-01-31 | 2015-01-30 | Static feature extraction from structured files |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2017509962A true JP2017509962A (ja) | 2017-04-06 |
JP2017509962A5 JP2017509962A5 (ja) | 2018-03-01 |
JP6726620B2 JP6726620B2 (ja) | 2020-07-22 |
Family
ID=52484574
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2016549252A Active JP6726620B2 (ja) | 2014-01-31 | 2015-01-30 | 構造化ファイルからの静的特徴抽出 |
Country Status (6)
Country | Link |
---|---|
US (4) | US9262296B1 (ja) |
EP (2) | EP3100198B1 (ja) |
JP (1) | JP6726620B2 (ja) |
AU (1) | AU2015210760B2 (ja) |
CA (1) | CA2938266C (ja) |
WO (1) | WO2015117012A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2021039732A (ja) * | 2019-08-30 | 2021-03-11 | 深▲セン▼精匠云創科技有限公司 | データ伝送方法 |
WO2021250792A1 (ja) * | 2020-06-09 | 2021-12-16 | 日本電気株式会社 | ソフトウェア修正装置、ソフトウェア修正方法、及び非一時的なコンピュータ可読媒体 |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3722954B1 (en) | 2013-06-24 | 2023-09-06 | Cylance Inc. | Automated system for generative multimodel multiclass classification and similarity analysis using machine learning |
US9262296B1 (en) | 2014-01-31 | 2016-02-16 | Cylance Inc. | Static feature extraction from structured files |
US8930916B1 (en) | 2014-01-31 | 2015-01-06 | Cylance Inc. | Generation of API call graphs from static disassembly |
US10235518B2 (en) | 2014-02-07 | 2019-03-19 | Cylance Inc. | Application execution control utilizing ensemble machine learning for discernment |
WO2016053282A1 (en) * | 2014-09-30 | 2016-04-07 | Hewlett Packard Enterprise Development Lp | String property labels for static analysis |
US9465940B1 (en) | 2015-03-30 | 2016-10-11 | Cylance Inc. | Wavelet decomposition of software entropy to identify malware |
US9495633B2 (en) | 2015-04-16 | 2016-11-15 | Cylance, Inc. | Recurrent neural networks for malware analysis |
US10599844B2 (en) * | 2015-05-12 | 2020-03-24 | Webroot, Inc. | Automatic threat detection of executable files based on static data analysis |
US9602531B1 (en) | 2016-02-16 | 2017-03-21 | Cylance, Inc. | Endpoint-based man in the middle attack detection |
US10715533B2 (en) * | 2016-07-26 | 2020-07-14 | Microsoft Technology Licensing, Llc. | Remediation for ransomware attacks on cloud drive folders |
US10628585B2 (en) | 2017-01-23 | 2020-04-21 | Microsoft Technology Licensing, Llc | Ransomware resilient databases |
US10621349B2 (en) * | 2017-01-24 | 2020-04-14 | Cylance Inc. | Detection of malware using feature hashing |
US10884981B1 (en) | 2017-06-19 | 2021-01-05 | Wells Fargo Bank, N.A. | Tagging tool for managing data |
US10740216B1 (en) * | 2017-06-26 | 2020-08-11 | Amazon Technologies, Inc. | Automatic bug classification using machine learning |
US10678682B2 (en) * | 2017-12-04 | 2020-06-09 | Bank Of America Corporation | Intelligent batch job testing |
KR102456579B1 (ko) * | 2017-12-07 | 2022-10-20 | 삼성전자주식회사 | 암호화 관련 취약점 공격에 강인한 전자 장치 및 그 방법 |
US11032251B2 (en) * | 2018-06-29 | 2021-06-08 | International Business Machines Corporation | AI-powered cyber data concealment and targeted mission execution |
US11449677B2 (en) * | 2018-10-18 | 2022-09-20 | International Business Machines Corporation | Cognitive hierarchical content distribution |
CN109828758A (zh) * | 2018-12-05 | 2019-05-31 | 苏州蜗牛数字科技股份有限公司 | 一种so文件的解析方法 |
US11386205B2 (en) | 2019-01-14 | 2022-07-12 | Mcafee, Llc | Detection of malicious polyglot files |
US11755728B2 (en) * | 2020-12-08 | 2023-09-12 | Mcafee, Llc | Systems, methods, and media for analyzing structured files for malicious content |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006510089A (ja) * | 2002-12-12 | 2006-03-23 | メッセージラボズ リミテッド | 実行可能コード内のウイルスを発見的に検出する方法およびシステム |
EP1762957A1 (en) * | 2005-09-13 | 2007-03-14 | Cloudmark, Inc | Signature for executable code |
US20090133125A1 (en) * | 2007-11-21 | 2009-05-21 | Yang Seo Choi | Method and apparatus for malware detection |
EP2199941A2 (en) * | 2008-12-18 | 2010-06-23 | Symantec Corporation | Methods and systems for detecting malware |
US20130291111A1 (en) * | 2010-11-29 | 2013-10-31 | Beijing Qihoo Technology Company Limited | Method and Device for Program Identification Based on Machine Learning |
Family Cites Families (55)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5841947A (en) | 1996-07-12 | 1998-11-24 | Nordin; Peter | Computer implemented machine learning method and system |
US6430590B1 (en) | 1999-01-29 | 2002-08-06 | International Business Machines Corporation | Method and apparatus for processing executable program modules having multiple dependencies |
US6546551B1 (en) | 1999-09-28 | 2003-04-08 | International Business Machines Corporation | Method for accurately extracting library-based object-oriented applications |
US7181768B1 (en) | 1999-10-28 | 2007-02-20 | Cigital | Computer intrusion detection system and method based on application monitoring |
US6898737B2 (en) | 2001-05-24 | 2005-05-24 | Microsoft Corporation | Automatic classification of event data |
US7065764B1 (en) | 2001-07-20 | 2006-06-20 | Netrendered, Inc. | Dynamically allocated cluster system |
US7487544B2 (en) * | 2001-07-30 | 2009-02-03 | The Trustees Of Columbia University In The City Of New York | System and methods for detection of new malicious executables |
WO2004013777A1 (en) | 2002-08-05 | 2004-02-12 | Fish Robert | System and method of parallel pattern matching |
CN1839391A (zh) | 2003-06-25 | 2006-09-27 | 美国西门子医疗解决公司 | 用于乳房成像的自动诊断和决策支持的系统和方法 |
JP2005044330A (ja) | 2003-07-24 | 2005-02-17 | Univ Of California San Diego | 弱仮説生成装置及び方法、学習装置及び方法、検出装置及び方法、表情学習装置及び方法、表情認識装置及び方法、並びにロボット装置 |
US20060047807A1 (en) | 2004-08-25 | 2006-03-02 | Fujitsu Limited | Method and system for detecting a network anomaly in a network |
US20060112388A1 (en) | 2004-11-22 | 2006-05-25 | Masaaki Taniguchi | Method for dynamic scheduling in a distributed environment |
US7716645B2 (en) | 2005-06-10 | 2010-05-11 | International Business Machines Corporation | Using atomic sets of memory locations |
US7945902B1 (en) | 2005-07-13 | 2011-05-17 | Oracle America, Inc. | Detection of non-standard application programming interface usage via analysis of executable code |
WO2007117574A2 (en) * | 2006-04-06 | 2007-10-18 | Smobile Systems Inc. | Non-signature malware detection system and method for mobile platforms |
WO2007135723A1 (ja) | 2006-05-22 | 2007-11-29 | Fujitsu Limited | ニューラルネットワーク学習装置、方法、及びプログラム |
US8135994B2 (en) | 2006-10-30 | 2012-03-13 | The Trustees Of Columbia University In The City Of New York | Methods, media, and systems for detecting an anomalous sequence of function calls |
US8370818B2 (en) | 2006-12-02 | 2013-02-05 | Time Warner Cable Inc. | Methods and apparatus for analyzing software interface usage |
US20080133571A1 (en) | 2006-12-05 | 2008-06-05 | International Business Machines Corporation | Modifying Behavior in Messaging Systems According to Organizational Hierarchy |
US9009649B2 (en) | 2007-05-16 | 2015-04-14 | Accenture Global Services Limited | Application search tool for rapid prototyping and development of new applications |
US20090013405A1 (en) * | 2007-07-06 | 2009-01-08 | Messagelabs Limited | Heuristic detection of malicious code |
US8347272B2 (en) | 2008-07-23 | 2013-01-01 | International Business Machines Corporation | Call graph dependency extraction by static source code analysis |
US8504504B2 (en) | 2008-09-26 | 2013-08-06 | Oracle America, Inc. | System and method for distributed denial of service identification and prevention |
US20100082400A1 (en) | 2008-09-29 | 2010-04-01 | Yahoo! Inc.. | Scoring clicks for click fraud prevention |
US8505015B2 (en) | 2008-10-29 | 2013-08-06 | Teradata Us, Inc. | Placing a group work item into every prioritized work queue of multiple parallel processing units based on preferred placement of the work queues |
US20100107245A1 (en) | 2008-10-29 | 2010-04-29 | Microsoft Corporation | Tamper-tolerant programs |
US9239740B2 (en) | 2009-06-16 | 2016-01-19 | Microsoft Technology Licensing, Llc | Program partitioning across client and cloud |
US8726254B2 (en) | 2009-06-20 | 2014-05-13 | Microsoft Corporation | Embedded annotation and program analysis |
US8370613B1 (en) | 2009-06-30 | 2013-02-05 | Symantec Corporation | Method and apparatus for automatically optimizing a startup sequence to improve system boot time |
US8560465B2 (en) | 2009-07-02 | 2013-10-15 | Samsung Electronics Co., Ltd | Execution allocation cost assessment for computing systems and environments including elastic computing systems and environments |
US9081958B2 (en) | 2009-08-13 | 2015-07-14 | Symantec Corporation | Using confidence about user intent in a reputation system |
US8516452B2 (en) | 2009-12-08 | 2013-08-20 | International Business Machines Corporation | Feedback-directed call graph expansion |
US8818923B1 (en) | 2011-06-27 | 2014-08-26 | Hrl Laboratories, Llc | Neural network device with engineered delays for pattern storage and matching |
US8887163B2 (en) | 2010-06-25 | 2014-11-11 | Ebay Inc. | Task scheduling based on dependencies and resources |
US9262228B2 (en) | 2010-09-23 | 2016-02-16 | Microsoft Technology Licensing, Llc | Distributed workflow in loosely coupled computing |
US8549647B1 (en) | 2011-01-14 | 2013-10-01 | The United States Of America As Represented By The Secretary Of The Air Force | Classifying portable executable files as malware or whiteware |
US9398033B2 (en) | 2011-02-25 | 2016-07-19 | Cavium, Inc. | Regular expression processing automaton |
US9286182B2 (en) | 2011-06-17 | 2016-03-15 | Microsoft Technology Licensing, Llc | Virtual machine snapshotting and analysis |
US8631395B2 (en) | 2011-09-02 | 2014-01-14 | Microsoft Corporation | Inter-procedural dead catch handler optimizations |
US9329887B2 (en) * | 2011-10-19 | 2016-05-03 | Hob Gmbh & Co. Kg | System and method for controlling multiple computer peripheral devices using a generic driver |
US20130152200A1 (en) | 2011-12-09 | 2013-06-13 | Christoph Alme | Predictive Heap Overflow Protection |
CN103186406B (zh) | 2011-12-30 | 2016-08-17 | 国际商业机器公司 | 用于控制流分析的方法和装置 |
US8713684B2 (en) | 2012-02-24 | 2014-04-29 | Appthority, Inc. | Quantifying the risks of applications for mobile devices |
US8627291B2 (en) | 2012-04-02 | 2014-01-07 | International Business Machines Corporation | Identification of localizable function calls |
US9292688B2 (en) | 2012-09-26 | 2016-03-22 | Northrop Grumman Systems Corporation | System and method for automated machine-learning, zero-day malware detection |
US20140180738A1 (en) | 2012-12-21 | 2014-06-26 | Cloudvu, Inc. | Machine learning for systems management |
US9104525B2 (en) | 2013-01-22 | 2015-08-11 | Microsoft Technology Licensing, Llc | API usage pattern mining |
US9015685B2 (en) | 2013-03-01 | 2015-04-21 | International Business Machines Corporation | Code analysis for simulation efficiency improvement |
US20140358828A1 (en) | 2013-05-29 | 2014-12-04 | Purepredictive, Inc. | Machine learning generated action plan |
US20140372513A1 (en) | 2013-06-12 | 2014-12-18 | Cloudvu, Inc. | Multi-tenant enabling a single-tenant computer program product |
EP3722954B1 (en) | 2013-06-24 | 2023-09-06 | Cylance Inc. | Automated system for generative multimodel multiclass classification and similarity analysis using machine learning |
EP2833594A1 (en) | 2013-07-31 | 2015-02-04 | Siemens Aktiengesellschaft | Feature based three stage neural networks intrusion detection method and system |
US10095718B2 (en) | 2013-10-16 | 2018-10-09 | University Of Tennessee Research Foundation | Method and apparatus for constructing a dynamic adaptive neural network array (DANNA) |
US8930916B1 (en) | 2014-01-31 | 2015-01-06 | Cylance Inc. | Generation of API call graphs from static disassembly |
US9262296B1 (en) | 2014-01-31 | 2016-02-16 | Cylance Inc. | Static feature extraction from structured files |
-
2014
- 2014-01-31 US US14/169,808 patent/US9262296B1/en active Active
-
2015
- 2015-01-30 AU AU2015210760A patent/AU2015210760B2/en active Active
- 2015-01-30 EP EP15705432.1A patent/EP3100198B1/en active Active
- 2015-01-30 WO PCT/US2015/013933 patent/WO2015117012A1/en active Application Filing
- 2015-01-30 JP JP2016549252A patent/JP6726620B2/ja active Active
- 2015-01-30 CA CA2938266A patent/CA2938266C/en active Active
- 2015-01-30 EP EP21218344.6A patent/EP4050494A1/en active Pending
-
2016
- 2016-02-12 US US15/043,276 patent/US9959276B2/en active Active
-
2018
- 2018-02-06 US US15/890,186 patent/US10394686B2/en active Active
-
2019
- 2019-05-28 US US16/424,261 patent/US10838844B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006510089A (ja) * | 2002-12-12 | 2006-03-23 | メッセージラボズ リミテッド | 実行可能コード内のウイルスを発見的に検出する方法およびシステム |
EP1762957A1 (en) * | 2005-09-13 | 2007-03-14 | Cloudmark, Inc | Signature for executable code |
JP2007080281A (ja) * | 2005-09-13 | 2007-03-29 | Cloudmark Inc | 実行可能コードのためのシグネチャ |
US20090133125A1 (en) * | 2007-11-21 | 2009-05-21 | Yang Seo Choi | Method and apparatus for malware detection |
EP2199941A2 (en) * | 2008-12-18 | 2010-06-23 | Symantec Corporation | Methods and systems for detecting malware |
JP2010146566A (ja) * | 2008-12-18 | 2010-07-01 | Symantec Corp | マルウェア検出方法およびシステム |
US20130291111A1 (en) * | 2010-11-29 | 2013-10-31 | Beijing Qihoo Technology Company Limited | Method and Device for Program Identification Based on Machine Learning |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2021039732A (ja) * | 2019-08-30 | 2021-03-11 | 深▲セン▼精匠云創科技有限公司 | データ伝送方法 |
WO2021250792A1 (ja) * | 2020-06-09 | 2021-12-16 | 日本電気株式会社 | ソフトウェア修正装置、ソフトウェア修正方法、及び非一時的なコンピュータ可読媒体 |
Also Published As
Publication number | Publication date |
---|---|
AU2015210760B2 (en) | 2019-09-12 |
US9262296B1 (en) | 2016-02-16 |
US20190278690A1 (en) | 2019-09-12 |
EP4050494A1 (en) | 2022-08-31 |
CA2938266C (en) | 2024-01-02 |
US9959276B2 (en) | 2018-05-01 |
EP3100198B1 (en) | 2022-03-09 |
JP6726620B2 (ja) | 2020-07-22 |
US20160246800A1 (en) | 2016-08-25 |
US20180157670A1 (en) | 2018-06-07 |
US10394686B2 (en) | 2019-08-27 |
CA2938266A1 (en) | 2015-08-06 |
WO2015117012A1 (en) | 2015-08-06 |
US10838844B2 (en) | 2020-11-17 |
EP3100198A1 (en) | 2016-12-07 |
AU2015210760A1 (en) | 2016-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10838844B2 (en) | Static feature extraction from structured files | |
Laskov et al. | Static detection of malicious JavaScript-bearing PDF documents | |
US8209599B2 (en) | Method and system for handling references in markup language documents | |
JP6503141B2 (ja) | アクセス分類装置、アクセス分類方法及びアクセス分類プログラム | |
WO2015139507A1 (zh) | 一种检测下载文件安全性的方法及装置 | |
WO2018159010A1 (ja) | 選択装置、選択方法及び選択プログラム | |
CN109104421B (zh) | 一种网站内容篡改检测方法、装置、设备及可读存储介质 | |
CN105653949B (zh) | 一种恶意程序检测方法及装置 | |
Li et al. | FEPDF: a robust feature extractor for malicious PDF detection | |
CN110807194A (zh) | 一种webshell检测方法及装置 | |
JP2009129127A (ja) | プログラムの不変物抽出処理プログラム,処理装置,および処理方法,ならびに該プログラムを記憶する記憶媒体 | |
KR20190058141A (ko) | 문서로부터 추출되는 데이터를 생성하는 방법 및 그 장치 | |
Jackson | Formats over time: Exploring uk web history | |
CN111241496B (zh) | 确定小程序特征向量的方法、装置和电子设备 | |
US11797617B2 (en) | Method and apparatus for collecting information regarding dark web | |
CN103279711A (zh) | 一种静态特征值稳定的pe文件加壳检测方法 | |
Tsafrir et al. | Efficient feature extraction methodologies for unknown MP4-Malware detection using Machine learning algorithms | |
CN117435480A (zh) | 一种二进制文件检测方法、装置、电子设备及存储介质 | |
WO2016107309A1 (zh) | 文件扫描方法、装置及系统 | |
US20170344529A1 (en) | Method and system to convert document source data to xml via annotation | |
CN107239704A (zh) | 恶意网页发现方法及装置 | |
JP2012174138A (ja) | データ処理装置及びデータ処理方法及びプログラム | |
JP7131704B2 (ja) | 抽出装置、抽出方法及び抽出プログラム | |
PRUŽINEC | Extraction of static features from binary applications for malware analysis | |
Chaudhary et al. | Comparative Study of Static and Hybrid Analysis Using Machine Learning and Artificial Intelligence in Smart Cities |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20180119 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20180119 |
|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20181127 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20181204 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20190222 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20190806 |
|
RD03 | Notification of appointment of power of attorney |
Free format text: JAPANESE INTERMEDIATE CODE: A7423 Effective date: 20191028 |
|
A601 | Written request for extension of time |
Free format text: JAPANESE INTERMEDIATE CODE: A601 Effective date: 20191105 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20191209 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20200602 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20200629 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 6726620 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |