JP2020522808A - カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護 - Google Patents

カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護 Download PDF

Info

Publication number
JP2020522808A
JP2020522808A JP2019566622A JP2019566622A JP2020522808A JP 2020522808 A JP2020522808 A JP 2020522808A JP 2019566622 A JP2019566622 A JP 2019566622A JP 2019566622 A JP2019566622 A JP 2019566622A JP 2020522808 A JP2020522808 A JP 2020522808A
Authority
JP
Japan
Prior art keywords
file
processor
malware
instructions
size
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2019566622A
Other languages
English (en)
Japanese (ja)
Other versions
JP2020522808A5 (enExample
Inventor
ピー.マクロード スチュワート
ピー.マクロード スチュワート
パイク ロバート
パイク ロバート
Original Assignee
サイエンプティブ テクノロジーズ インコーポレイテッド
サイエンプティブ テクノロジーズ インコーポレイテッド
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by サイエンプティブ テクノロジーズ インコーポレイテッド, サイエンプティブ テクノロジーズ インコーポレイテッド filed Critical サイエンプティブ テクノロジーズ インコーポレイテッド
Publication of JP2020522808A publication Critical patent/JP2020522808A/ja
Publication of JP2020522808A5 publication Critical patent/JP2020522808A5/ja
Priority to JP2022110573A priority Critical patent/JP7460696B2/ja
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2038Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant with a single idle spare processing component
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
JP2019566622A 2017-05-30 2018-05-30 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護 Pending JP2020522808A (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2022110573A JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201762512659P 2017-05-30 2017-05-30
US62/512,659 2017-05-30
PCT/US2018/035205 WO2018222766A1 (en) 2017-05-30 2018-05-30 Real-time detection of and protection from malware and steganography in a kernel mode

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2022110573A Division JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Publications (2)

Publication Number Publication Date
JP2020522808A true JP2020522808A (ja) 2020-07-30
JP2020522808A5 JP2020522808A5 (enExample) 2021-07-26

Family

ID=64455580

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2019566622A Pending JP2020522808A (ja) 2017-05-30 2018-05-30 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護
JP2022110573A Active JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2022110573A Active JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Country Status (6)

Country Link
US (3) US11575704B2 (enExample)
EP (1) EP3635603B1 (enExample)
JP (2) JP2020522808A (enExample)
CN (2) CN111095250A (enExample)
CA (1) CA3065306A1 (enExample)
WO (1) WO2018222766A1 (enExample)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210294910A1 (en) * 2020-03-18 2021-09-23 Veritas Technologies Llc Systems and methods for protecting a folder from unauthorized file modification
JP2023003363A (ja) * 2021-06-23 2023-01-11 アクロニス・インターナショナル・ゲーエムベーハー マルウェア検出の反復メモリ分析
JP2024506157A (ja) * 2021-02-08 2024-02-09 ヴァリ サイバー インコーポレイテッド マルウェア検出システム

Families Citing this family (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9860274B2 (en) 2006-09-13 2018-01-02 Sophos Limited Policy management
US10909239B2 (en) * 2017-06-29 2021-02-02 Webroot, Inc. Advanced file modification heuristics
US10885212B2 (en) 2017-09-12 2021-01-05 Sophos Limited Secure management of process properties
US10733290B2 (en) * 2017-10-26 2020-08-04 Western Digital Technologies, Inc. Device-based anti-malware
US11755758B1 (en) * 2017-10-30 2023-09-12 Amazon Technologies, Inc. System and method for evaluating data files
US10990975B2 (en) * 2017-11-08 2021-04-27 Paypal, Inc. Detecting malware by monitoring client-side memory stacks
US11010233B1 (en) 2018-01-18 2021-05-18 Pure Storage, Inc Hardware-based system monitoring
US11416612B2 (en) * 2018-03-16 2022-08-16 Acronis International Gmbh Protecting against malware code injections in trusted processes
US10846403B2 (en) * 2018-05-15 2020-11-24 International Business Machines Corporation Detecting malicious executable files by performing static analysis on executable files' overlay
RU2708355C1 (ru) * 2018-06-29 2019-12-05 Акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, противодействующих анализу в изолированной среде
JP7151219B2 (ja) * 2018-07-05 2022-10-12 株式会社リコー 組み込み機器、ウィルススキャンプログラム実行方法、プログラム
US11010469B2 (en) * 2018-09-13 2021-05-18 Palo Alto Networks, Inc. Preventing ransomware from encrypting files on a target machine
US10996990B2 (en) * 2018-11-15 2021-05-04 International Business Machines Corporation Interrupt context switching using dedicated processors
US11516247B2 (en) * 2018-12-11 2022-11-29 Acronis International Gmbh System and method for protecting network resources
US11681801B2 (en) 2019-01-14 2023-06-20 Dell Products L.P. Malicious code purification in graphics files
US11200316B2 (en) * 2019-01-14 2021-12-14 Dell Products L.P. System and method for malicious code purification of portable network graphics files
US11228910B2 (en) * 2019-01-25 2022-01-18 V440 Spó£Ka Akcyjna Mobile communication device and method of determining security status thereof
RU2716735C1 (ru) * 2019-03-29 2020-03-16 Акционерное общество "Лаборатория Касперского" Система и способ отложенной авторизации пользователя на вычислительном устройстве
CN110069936A (zh) * 2019-03-29 2019-07-30 合肥高维数据技术有限公司 一种木马隐写方法和检测方法
US12079285B2 (en) * 2019-05-24 2024-09-03 Nippon Telegraph And Telephone Corporation Training device, determination device, training method, determination method, training method, and determination program
CN110232261B (zh) * 2019-06-03 2021-05-11 浙江大华技术股份有限公司 包文件的操作方法、文件处理设备及具有存储功能的设备
US11782790B2 (en) * 2019-07-10 2023-10-10 Centurion Holdings I, Llc Methods and systems for recognizing unintended file system changes
US11693963B2 (en) * 2019-08-13 2023-07-04 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11328064B2 (en) 2019-08-13 2022-05-10 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11409868B2 (en) * 2019-09-26 2022-08-09 At&T Intellectual Property I, L.P. Ransomware detection and mitigation
CN111049724B (zh) * 2019-10-16 2022-06-17 中国平安财产保险股份有限公司 邮件安全性检查方法、装置、计算机设备及存储介质
US11113393B2 (en) * 2019-11-04 2021-09-07 Dell Products L.P. Providing security features in write filter environments
US11645162B2 (en) * 2019-11-22 2023-05-09 Pure Storage, Inc. Recovery point determination for data restoration in a storage system
US12050689B2 (en) 2019-11-22 2024-07-30 Pure Storage, Inc. Host anomaly-based generation of snapshots
US11941116B2 (en) 2019-11-22 2024-03-26 Pure Storage, Inc. Ransomware-based data protection parameter modification
US12079356B2 (en) * 2019-11-22 2024-09-03 Pure Storage, Inc. Measurement interval anomaly detection-based generation of snapshots
US11720714B2 (en) * 2019-11-22 2023-08-08 Pure Storage, Inc. Inter-I/O relationship based detection of a security threat to a storage system
US12204657B2 (en) 2019-11-22 2025-01-21 Pure Storage, Inc. Similar block detection-based detection of a ransomware attack
US11755751B2 (en) 2019-11-22 2023-09-12 Pure Storage, Inc. Modify access restrictions in response to a possible attack against data stored by a storage system
US11615185B2 (en) 2019-11-22 2023-03-28 Pure Storage, Inc. Multi-layer security threat detection for a storage system
US11625481B2 (en) * 2019-11-22 2023-04-11 Pure Storage, Inc. Selective throttling of operations potentially related to a security threat to a storage system
US12411962B2 (en) 2019-11-22 2025-09-09 Pure Storage, Inc. Managed run-time environment-based detection of a ransomware attack
US12079333B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Independent security threat detection and remediation by storage systems in a synchronous replication arrangement
US11341236B2 (en) * 2019-11-22 2022-05-24 Pure Storage, Inc. Traffic-based detection of a security threat to a storage system
US11520907B1 (en) 2019-11-22 2022-12-06 Pure Storage, Inc. Storage system snapshot retention based on encrypted data
US11720692B2 (en) 2019-11-22 2023-08-08 Pure Storage, Inc. Hardware token based management of recovery datasets for a storage system
US12079502B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Storage element attribute-based determination of a data protection policy for use within a storage system
US11651075B2 (en) 2019-11-22 2023-05-16 Pure Storage, Inc. Extensible attack monitoring by a storage system
US11657155B2 (en) * 2019-11-22 2023-05-23 Pure Storage, Inc Snapshot delta metric based determination of a possible ransomware attack against data maintained by a storage system
US12050683B2 (en) * 2019-11-22 2024-07-30 Pure Storage, Inc. Selective control of a data synchronization setting of a storage system based on a possible ransomware attack against the storage system
US11675898B2 (en) 2019-11-22 2023-06-13 Pure Storage, Inc. Recovery dataset management for security threat monitoring
US12153670B2 (en) * 2019-11-22 2024-11-26 Pure Storage, Inc. Host-driven threat detection-based protection of storage elements within a storage system
US12248566B2 (en) 2019-11-22 2025-03-11 Pure Storage, Inc. Snapshot deletion pattern-based determination of ransomware attack against data maintained by a storage system
US11687418B2 (en) 2019-11-22 2023-06-27 Pure Storage, Inc. Automatic generation of recovery plans specific to individual storage elements
US12067118B2 (en) * 2019-11-22 2024-08-20 Pure Storage, Inc. Detection of writing to a non-header portion of a file as an indicator of a possible ransomware attack against a storage system
US11500788B2 (en) 2019-11-22 2022-11-15 Pure Storage, Inc. Logical address based authorization of operations with respect to a storage system
US12425434B1 (en) * 2020-01-09 2025-09-23 John G. Aron System and process for providing network intrusion detection
CN115104097A (zh) * 2020-01-28 2022-09-23 C2A安全有限公司 控制流完整性系统和方法
US11520876B2 (en) * 2020-02-03 2022-12-06 Dell Products L.P. Efficiently authenticating an application during I/O request handling
WO2021181391A1 (en) * 2020-03-09 2021-09-16 Greenberg Netanel System and method for finding, tracking, and capturing a cyber-attacker
WO2021187996A1 (ru) * 2020-03-19 2021-09-23 Айкьюпи Текнолоджи, Элтиди Способ и система блокировки потенциально нежелательного программного обеспечения
US20220050938A1 (en) * 2020-08-12 2022-02-17 Microsoft Technology Licensing, Llc Predictive modeling for cloud capacity management
CN112434285B (zh) * 2020-12-03 2023-12-29 深信服科技股份有限公司 文件管理方法、装置、电子设备及存储介质
CN112487466A (zh) * 2020-12-16 2021-03-12 厦门市美亚柏科信息股份有限公司 一种无特征加密文件检测方法、终端设备及存储介质
US12101323B2 (en) * 2020-12-23 2024-09-24 Acronis International Gmbh Systems and methods for protecting web conferences from intruders
US11914724B2 (en) * 2020-12-24 2024-02-27 Acronis International Gmbh Systems and methods for adjusting data protection levels based on system metadata
US11765188B2 (en) * 2020-12-28 2023-09-19 Mellanox Technologies, Ltd. Real-time detection of network attacks
CN112347499B (zh) * 2021-01-08 2021-04-30 北京东方通软件有限公司 一种程序自我保护的方法
US12192214B2 (en) 2021-05-05 2025-01-07 Sophos Limited Mitigating threats associated with tampering attempts
US11979418B2 (en) * 2021-06-08 2024-05-07 Microsoft Technology Licensing, Llc Detecting potential malicious use of a resource management agent using a resource management log
US11361075B1 (en) * 2021-06-18 2022-06-14 Citrix Systems, Inc. Image steganography detection
US11914709B2 (en) * 2021-07-20 2024-02-27 Bank Of America Corporation Hybrid machine learning and knowledge graph approach for estimating and mitigating the spread of malicious software
US12287872B2 (en) * 2021-08-31 2025-04-29 EMC IP Holding Company LLC System and method for correlating filesystem events into meaningful behaviors
US20240419797A1 (en) * 2021-10-28 2024-12-19 Imanage Llc Ransomware detection and mitigation
CN114553811B (zh) * 2022-01-07 2023-04-28 中国人民解放军战略支援部队信息工程大学 基于时间戳调制和载体选择的高容量行为隐写方法
US11983268B2 (en) 2022-02-15 2024-05-14 Palo Alto Networks, Inc. Prevention of container escape-based attacks of a host system
EP4246351A1 (en) * 2022-03-17 2023-09-20 AO Kaspersky Lab Detecting a harmful file using a database of vulnerable drivers
US11831542B2 (en) * 2022-04-13 2023-11-28 Microsoft Technology Licensing, Llc Platform for routing internet protocol packets using flow-based policy
CN114911658B (zh) * 2022-05-17 2025-11-25 武汉深之度科技有限公司 一种实时运行系统的检测方法及计算设备
US12294615B2 (en) 2022-06-22 2025-05-06 Microsoft Technology Licensing, Llc Using a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol
CN115277804B (zh) * 2022-07-25 2025-02-14 福建福链科技有限公司 一种区块链的远端程序调用方法及服务端
US12147538B2 (en) * 2022-07-25 2024-11-19 Bank Of America Corporation Steganographic modification detection and mitigation for enhanced enterprise security
US12244564B2 (en) 2022-07-29 2025-03-04 Microsoft Technology Licensing, Llc. Security for computer systems
CN115550663B (zh) * 2022-08-02 2025-10-28 杭州网易云音乐科技有限公司 音视频防盗链的方法和装置及设备
US12353557B2 (en) * 2022-10-10 2025-07-08 Hewlett Packard Enterprise Development Lp Generating alerts for unexpected kernel modules
US20240205239A1 (en) * 2022-12-14 2024-06-20 Onfido Ltd. Methods and systems for fraud detection using relative movement of facial features
CN117131497B (zh) * 2023-02-28 2024-06-14 荣耀终端有限公司 一种软件检测方法及电子设备
US12445484B2 (en) * 2023-03-30 2025-10-14 Palo Alto Networks, Inc. Inline ransomware detection via server message block (SMB) traffic
CN116127461B (zh) * 2023-04-04 2023-07-25 阿里巴巴(中国)有限公司 数据保护方法及系统、存储服务器和客户端
US12430457B2 (en) * 2023-04-07 2025-09-30 Dell Products L.P. Reversing symmetric encryptions using keys found in snapshots—per-file keys, random and transmitted outside
CN116842505B (zh) * 2023-04-13 2024-08-20 博智安全科技股份有限公司 基于windows操作系统进程可信域构建方法、装置及存储介质
WO2024220364A1 (en) * 2023-04-19 2024-10-24 Daedalus Cloud Llc Methods of determining entropy for persistent storage devices
US12445294B2 (en) * 2023-06-14 2025-10-14 Sophos Limited Monitoring process data acquisition and exfiltration
US20250047695A1 (en) * 2023-08-01 2025-02-06 Palo Alto Networks, Inc. Advanced threat prevention
US20250111050A1 (en) * 2023-10-02 2025-04-03 Bank Of America Corporation Amalgamation platform providing concealed detection of code-passing using steganography
CN118972376B (zh) * 2024-10-09 2025-02-11 中孚安全技术有限公司 监控视频数据的处理方法、系统、电子设备及存储介质
CN119728020B (zh) * 2024-12-11 2025-10-10 苏州元脑智能科技有限公司 一种数据校验方法、装置及电子设备

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150058987A1 (en) * 2013-08-22 2015-02-26 F-Secure Corporation Detecting File Encrypting Malware
JP5996145B1 (ja) * 2016-07-14 2016-09-21 三井物産セキュアディレクション株式会社 プログラム、情報処理装置、及び情報処理方法
JP2017068822A (ja) * 2015-09-30 2017-04-06 エーオー カスペルスキー ラボAO Kaspersky Lab 悪意あるデータ暗号化プログラムの検出のためのシステムおよび方法

Family Cites Families (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5649095A (en) 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
EP1828902A4 (en) 2004-10-26 2009-07-01 Rudra Technologies Pte Ltd SYSTEM AND METHOD FOR IDENTIFYING AND REMOVING MALWARE ON A COMPUTER SYSTEM
US7441153B1 (en) * 2005-03-28 2008-10-21 Network Appliance Inc. Method and system for secure and reliable event logging
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US8918427B1 (en) * 2006-12-29 2014-12-23 Symantec Operating Corporation Virtualization of file input/output operations
US8069484B2 (en) 2007-01-25 2011-11-29 Mandiant Corporation System and method for determining data entropy to identify malware
US8621610B2 (en) 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
US8621628B2 (en) 2010-02-25 2013-12-31 Microsoft Corporation Protecting user mode processes from improper tampering or termination
US9087199B2 (en) 2011-03-31 2015-07-21 Mcafee, Inc. System and method for providing a secured operating system execution environment
US8656465B1 (en) 2011-05-09 2014-02-18 Google Inc. Userspace permissions service
US8650638B2 (en) * 2011-10-18 2014-02-11 Mcafee, Inc. System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file
CN102646173A (zh) * 2012-02-29 2012-08-22 成都新云软件有限公司 基于黑白名单的安全防护控制方法及系统
US9021589B2 (en) * 2012-06-05 2015-04-28 Los Alamos National Security, Llc Integrating multiple data sources for malware classification
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
CN103116724B (zh) * 2013-03-14 2015-08-12 北京奇虎科技有限公司 探测程序样本危险行为的方法及装置
US9197655B2 (en) * 2013-07-16 2015-11-24 Bank Of America Corporation Steganography detection
CN103679031B (zh) * 2013-12-12 2017-10-31 北京奇虎科技有限公司 一种文件病毒免疫的方法和装置
US9386034B2 (en) * 2013-12-17 2016-07-05 Hoplite Industries, Inc. Behavioral model based malware protection system and method
US10230739B2 (en) * 2015-06-26 2019-03-12 Board Of Regents, The University Of Texas System System and device for preventing attacks in real-time networked environments
US10929537B2 (en) * 2015-07-31 2021-02-23 Digital Guardian, Inc. Systems and methods of protecting data from malware processes
US20170091482A1 (en) * 2015-09-30 2017-03-30 Symantec Corporation Methods for data loss prevention from malicious applications and targeted persistent threats
US12021831B2 (en) 2016-06-10 2024-06-25 Sophos Limited Network security
US10191789B2 (en) 2016-08-18 2019-01-29 Crowdstrike, Inc. Tracing system operations across remote procedure linkages to identify request originators
US10609066B1 (en) 2016-11-23 2020-03-31 EMC IP Holding Company LLC Automated detection and remediation of ransomware attacks involving a storage device of a computer network
US9734337B1 (en) 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US11960603B2 (en) 2017-04-25 2024-04-16 Druva Inc. Multi-step approach for ransomware detection
US10586043B2 (en) * 2017-05-03 2020-03-10 Samsung Electronics Co., Ltd. System and method for detecting malicious software in NVME over fabrics devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150058987A1 (en) * 2013-08-22 2015-02-26 F-Secure Corporation Detecting File Encrypting Malware
JP2017068822A (ja) * 2015-09-30 2017-04-06 エーオー カスペルスキー ラボAO Kaspersky Lab 悪意あるデータ暗号化プログラムの検出のためのシステムおよび方法
JP5996145B1 (ja) * 2016-07-14 2016-09-21 三井物産セキュアディレクション株式会社 プログラム、情報処理装置、及び情報処理方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
安藤 類央 ほか2名: "Windows OS上でのフィルタドライバを用いたセキュアアクセス制御機構の構築 An implementation", コンピュータセキュリティシンポジウム2009 論文集, vol. 2009, no. 11, JPN6021037387, 19 October 2009 (2009-10-19), JP, pages 123 - 128, ISSN: 0004722071 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210294910A1 (en) * 2020-03-18 2021-09-23 Veritas Technologies Llc Systems and methods for protecting a folder from unauthorized file modification
US12056251B2 (en) * 2020-03-18 2024-08-06 Veritas Technologies Llc Systems and methods for protecting a folder from unauthorized file modification
JP2024506157A (ja) * 2021-02-08 2024-02-09 ヴァリ サイバー インコーポレイテッド マルウェア検出システム
JP7550491B2 (ja) 2021-02-08 2024-09-13 ヴァリ サイバー インコーポレイテッド マルウェア検出システム
US12141277B2 (en) 2021-02-08 2024-11-12 Vali Cyber, Inc. Malware detection system
JP2023003363A (ja) * 2021-06-23 2023-01-11 アクロニス・インターナショナル・ゲーエムベーハー マルウェア検出の反復メモリ分析
JP7763609B2 (ja) 2021-06-23 2025-11-04 アクロニス・インターナショナル・ゲーエムベーハー マルウェア検出の反復メモリ分析

Also Published As

Publication number Publication date
JP7460696B2 (ja) 2024-04-02
CN117171743A (zh) 2023-12-05
EP3635603A4 (en) 2021-03-03
CA3065306A1 (en) 2018-12-06
EP3635603A1 (en) 2020-04-15
US11082444B2 (en) 2021-08-03
WO2018222766A1 (en) 2018-12-06
JP2022133461A (ja) 2022-09-13
EP3635603C0 (en) 2024-11-20
US20180351968A1 (en) 2018-12-06
CN111095250A (zh) 2020-05-01
EP3635603B1 (en) 2024-11-20
US20230231872A1 (en) 2023-07-20
US11575704B2 (en) 2023-02-07
US20180351969A1 (en) 2018-12-06
US12273375B2 (en) 2025-04-08

Similar Documents

Publication Publication Date Title
JP7460696B2 (ja) カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護
US11843631B2 (en) Detecting triggering events for distributed denial of service attacks
US10868821B2 (en) Electronic mail security using a heartbeat
US11165797B2 (en) Detecting endpoint compromise based on network usage history
US10972483B2 (en) Electronic mail security using root cause analysis
US10986109B2 (en) Local proxy detection
CN107077566B (zh) 计算平台安全方法和装置
US9251343B1 (en) Detecting bootkits resident on compromised computers
US20190228172A1 (en) Behavioral-based control of access to encrypted content by a process
US12388795B2 (en) Encrypted cache protection
US20210192043A1 (en) Dynamic rules engine in a cloud-based sandbox
GB2551813A (en) Mobile device policy enforcement
CN106796636A (zh) 计算平台安全方法和装置
GB2570543A (en) Detecting triggering events for distributed denial of service attacks
US12430437B2 (en) Specific file detection baked into machine learning pipelines
KR101558054B1 (ko) 안티 멀웨어 시스템 및 안티 멀웨어 시스템에서의 패킷 처리 방법
WO2022208045A1 (en) Encrypted cache protection
WO2019122832A1 (en) Electronic mail security using a user-based inquiry
US20250117471A1 (en) Differential Dynamic Memory Scanning
US20250227116A1 (en) Systems and methods for structural similarity based hashing
US20250390576A1 (en) Specific file detection baked into machine learning pipelines
Jayarathna et al. Hypervisor-based Security Architecture to Protect Web Applications.

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20210531

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20210531

A871 Explanation of circumstances concerning accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A871

Effective date: 20210531

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20210915

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210928

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20211214

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20220308