JP2020522808A5 - - Google Patents

Download PDF

Info

Publication number
JP2020522808A5
JP2020522808A5 JP2019566622A JP2019566622A JP2020522808A5 JP 2020522808 A5 JP2020522808 A5 JP 2020522808A5 JP 2019566622 A JP2019566622 A JP 2019566622A JP 2019566622 A JP2019566622 A JP 2019566622A JP 2020522808 A5 JP2020522808 A5 JP 2020522808A5
Authority
JP
Japan
Prior art keywords
operation request
processor
file operation
identified process
identified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2019566622A
Other languages
English (en)
Japanese (ja)
Other versions
JP2020522808A (ja
Filing date
Publication date
Application filed filed Critical
Priority claimed from PCT/US2018/035205 external-priority patent/WO2018222766A1/en
Publication of JP2020522808A publication Critical patent/JP2020522808A/ja
Publication of JP2020522808A5 publication Critical patent/JP2020522808A5/ja
Priority to JP2022110573A priority Critical patent/JP7460696B2/ja
Pending legal-status Critical Current

Links

JP2019566622A 2017-05-30 2018-05-30 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護 Pending JP2020522808A (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2022110573A JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201762512659P 2017-05-30 2017-05-30
US62/512,659 2017-05-30
PCT/US2018/035205 WO2018222766A1 (en) 2017-05-30 2018-05-30 Real-time detection of and protection from malware and steganography in a kernel mode

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2022110573A Division JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Publications (2)

Publication Number Publication Date
JP2020522808A JP2020522808A (ja) 2020-07-30
JP2020522808A5 true JP2020522808A5 (enExample) 2021-07-26

Family

ID=64455580

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2019566622A Pending JP2020522808A (ja) 2017-05-30 2018-05-30 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護
JP2022110573A Active JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2022110573A Active JP7460696B2 (ja) 2017-05-30 2022-07-08 カーネルモードにおけるマルウェアおよびステガノグラフィのリアルタイム検出ならびにマルウェアおよびステガノグラフィからの保護

Country Status (6)

Country Link
US (3) US11575704B2 (enExample)
EP (1) EP3635603B1 (enExample)
JP (2) JP2020522808A (enExample)
CN (2) CN111095250A (enExample)
CA (1) CA3065306A1 (enExample)
WO (1) WO2018222766A1 (enExample)

Families Citing this family (95)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9860274B2 (en) 2006-09-13 2018-01-02 Sophos Limited Policy management
US10909239B2 (en) * 2017-06-29 2021-02-02 Webroot, Inc. Advanced file modification heuristics
US10885212B2 (en) 2017-09-12 2021-01-05 Sophos Limited Secure management of process properties
US10733290B2 (en) * 2017-10-26 2020-08-04 Western Digital Technologies, Inc. Device-based anti-malware
US11755758B1 (en) * 2017-10-30 2023-09-12 Amazon Technologies, Inc. System and method for evaluating data files
US10990975B2 (en) * 2017-11-08 2021-04-27 Paypal, Inc. Detecting malware by monitoring client-side memory stacks
US11010233B1 (en) 2018-01-18 2021-05-18 Pure Storage, Inc Hardware-based system monitoring
US11416612B2 (en) * 2018-03-16 2022-08-16 Acronis International Gmbh Protecting against malware code injections in trusted processes
US10846403B2 (en) * 2018-05-15 2020-11-24 International Business Machines Corporation Detecting malicious executable files by performing static analysis on executable files' overlay
RU2708355C1 (ru) * 2018-06-29 2019-12-05 Акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, противодействующих анализу в изолированной среде
JP7151219B2 (ja) * 2018-07-05 2022-10-12 株式会社リコー 組み込み機器、ウィルススキャンプログラム実行方法、プログラム
US11010469B2 (en) * 2018-09-13 2021-05-18 Palo Alto Networks, Inc. Preventing ransomware from encrypting files on a target machine
US10996990B2 (en) * 2018-11-15 2021-05-04 International Business Machines Corporation Interrupt context switching using dedicated processors
US11516247B2 (en) * 2018-12-11 2022-11-29 Acronis International Gmbh System and method for protecting network resources
US11681801B2 (en) 2019-01-14 2023-06-20 Dell Products L.P. Malicious code purification in graphics files
US11200316B2 (en) * 2019-01-14 2021-12-14 Dell Products L.P. System and method for malicious code purification of portable network graphics files
US11228910B2 (en) * 2019-01-25 2022-01-18 V440 Spó£Ka Akcyjna Mobile communication device and method of determining security status thereof
RU2716735C1 (ru) * 2019-03-29 2020-03-16 Акционерное общество "Лаборатория Касперского" Система и способ отложенной авторизации пользователя на вычислительном устройстве
CN110069936A (zh) * 2019-03-29 2019-07-30 合肥高维数据技术有限公司 一种木马隐写方法和检测方法
US12079285B2 (en) * 2019-05-24 2024-09-03 Nippon Telegraph And Telephone Corporation Training device, determination device, training method, determination method, training method, and determination program
CN110232261B (zh) * 2019-06-03 2021-05-11 浙江大华技术股份有限公司 包文件的操作方法、文件处理设备及具有存储功能的设备
US11782790B2 (en) * 2019-07-10 2023-10-10 Centurion Holdings I, Llc Methods and systems for recognizing unintended file system changes
US11693963B2 (en) * 2019-08-13 2023-07-04 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11328064B2 (en) 2019-08-13 2022-05-10 International Business Machines Corporation Automatic ransomware detection with an on-demand file system lock down and automatic repair function
US11409868B2 (en) * 2019-09-26 2022-08-09 At&T Intellectual Property I, L.P. Ransomware detection and mitigation
CN111049724B (zh) * 2019-10-16 2022-06-17 中国平安财产保险股份有限公司 邮件安全性检查方法、装置、计算机设备及存储介质
US11113393B2 (en) * 2019-11-04 2021-09-07 Dell Products L.P. Providing security features in write filter environments
US11645162B2 (en) * 2019-11-22 2023-05-09 Pure Storage, Inc. Recovery point determination for data restoration in a storage system
US12050689B2 (en) 2019-11-22 2024-07-30 Pure Storage, Inc. Host anomaly-based generation of snapshots
US11941116B2 (en) 2019-11-22 2024-03-26 Pure Storage, Inc. Ransomware-based data protection parameter modification
US12079356B2 (en) * 2019-11-22 2024-09-03 Pure Storage, Inc. Measurement interval anomaly detection-based generation of snapshots
US11720714B2 (en) * 2019-11-22 2023-08-08 Pure Storage, Inc. Inter-I/O relationship based detection of a security threat to a storage system
US12204657B2 (en) 2019-11-22 2025-01-21 Pure Storage, Inc. Similar block detection-based detection of a ransomware attack
US11755751B2 (en) 2019-11-22 2023-09-12 Pure Storage, Inc. Modify access restrictions in response to a possible attack against data stored by a storage system
US11615185B2 (en) 2019-11-22 2023-03-28 Pure Storage, Inc. Multi-layer security threat detection for a storage system
US11625481B2 (en) * 2019-11-22 2023-04-11 Pure Storage, Inc. Selective throttling of operations potentially related to a security threat to a storage system
US12411962B2 (en) 2019-11-22 2025-09-09 Pure Storage, Inc. Managed run-time environment-based detection of a ransomware attack
US12079333B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Independent security threat detection and remediation by storage systems in a synchronous replication arrangement
US11341236B2 (en) * 2019-11-22 2022-05-24 Pure Storage, Inc. Traffic-based detection of a security threat to a storage system
US11520907B1 (en) 2019-11-22 2022-12-06 Pure Storage, Inc. Storage system snapshot retention based on encrypted data
US11720692B2 (en) 2019-11-22 2023-08-08 Pure Storage, Inc. Hardware token based management of recovery datasets for a storage system
US12079502B2 (en) 2019-11-22 2024-09-03 Pure Storage, Inc. Storage element attribute-based determination of a data protection policy for use within a storage system
US11651075B2 (en) 2019-11-22 2023-05-16 Pure Storage, Inc. Extensible attack monitoring by a storage system
US11657155B2 (en) * 2019-11-22 2023-05-23 Pure Storage, Inc Snapshot delta metric based determination of a possible ransomware attack against data maintained by a storage system
US12050683B2 (en) * 2019-11-22 2024-07-30 Pure Storage, Inc. Selective control of a data synchronization setting of a storage system based on a possible ransomware attack against the storage system
US11675898B2 (en) 2019-11-22 2023-06-13 Pure Storage, Inc. Recovery dataset management for security threat monitoring
US12153670B2 (en) * 2019-11-22 2024-11-26 Pure Storage, Inc. Host-driven threat detection-based protection of storage elements within a storage system
US12248566B2 (en) 2019-11-22 2025-03-11 Pure Storage, Inc. Snapshot deletion pattern-based determination of ransomware attack against data maintained by a storage system
US11687418B2 (en) 2019-11-22 2023-06-27 Pure Storage, Inc. Automatic generation of recovery plans specific to individual storage elements
US12067118B2 (en) * 2019-11-22 2024-08-20 Pure Storage, Inc. Detection of writing to a non-header portion of a file as an indicator of a possible ransomware attack against a storage system
US11500788B2 (en) 2019-11-22 2022-11-15 Pure Storage, Inc. Logical address based authorization of operations with respect to a storage system
US12425434B1 (en) * 2020-01-09 2025-09-23 John G. Aron System and process for providing network intrusion detection
CN115104097A (zh) * 2020-01-28 2022-09-23 C2A安全有限公司 控制流完整性系统和方法
US11520876B2 (en) * 2020-02-03 2022-12-06 Dell Products L.P. Efficiently authenticating an application during I/O request handling
WO2021181391A1 (en) * 2020-03-09 2021-09-16 Greenberg Netanel System and method for finding, tracking, and capturing a cyber-attacker
US12056251B2 (en) * 2020-03-18 2024-08-06 Veritas Technologies Llc Systems and methods for protecting a folder from unauthorized file modification
WO2021187996A1 (ru) * 2020-03-19 2021-09-23 Айкьюпи Текнолоджи, Элтиди Способ и система блокировки потенциально нежелательного программного обеспечения
US20220050938A1 (en) * 2020-08-12 2022-02-17 Microsoft Technology Licensing, Llc Predictive modeling for cloud capacity management
CN112434285B (zh) * 2020-12-03 2023-12-29 深信服科技股份有限公司 文件管理方法、装置、电子设备及存储介质
CN112487466A (zh) * 2020-12-16 2021-03-12 厦门市美亚柏科信息股份有限公司 一种无特征加密文件检测方法、终端设备及存储介质
US12101323B2 (en) * 2020-12-23 2024-09-24 Acronis International Gmbh Systems and methods for protecting web conferences from intruders
US11914724B2 (en) * 2020-12-24 2024-02-27 Acronis International Gmbh Systems and methods for adjusting data protection levels based on system metadata
US11765188B2 (en) * 2020-12-28 2023-09-19 Mellanox Technologies, Ltd. Real-time detection of network attacks
CN112347499B (zh) * 2021-01-08 2021-04-30 北京东方通软件有限公司 一种程序自我保护的方法
JP7550491B2 (ja) * 2021-02-08 2024-09-13 ヴァリ サイバー インコーポレイテッド マルウェア検出システム
US12192214B2 (en) 2021-05-05 2025-01-07 Sophos Limited Mitigating threats associated with tampering attempts
US11979418B2 (en) * 2021-06-08 2024-05-07 Microsoft Technology Licensing, Llc Detecting potential malicious use of a resource management agent using a resource management log
US11361075B1 (en) * 2021-06-18 2022-06-14 Citrix Systems, Inc. Image steganography detection
US11921850B2 (en) * 2021-06-23 2024-03-05 Acronis International Gmbh Iterative memory analysis for malware detection
US11914709B2 (en) * 2021-07-20 2024-02-27 Bank Of America Corporation Hybrid machine learning and knowledge graph approach for estimating and mitigating the spread of malicious software
US12287872B2 (en) * 2021-08-31 2025-04-29 EMC IP Holding Company LLC System and method for correlating filesystem events into meaningful behaviors
US20240419797A1 (en) * 2021-10-28 2024-12-19 Imanage Llc Ransomware detection and mitigation
CN114553811B (zh) * 2022-01-07 2023-04-28 中国人民解放军战略支援部队信息工程大学 基于时间戳调制和载体选择的高容量行为隐写方法
US11983268B2 (en) 2022-02-15 2024-05-14 Palo Alto Networks, Inc. Prevention of container escape-based attacks of a host system
EP4246351A1 (en) * 2022-03-17 2023-09-20 AO Kaspersky Lab Detecting a harmful file using a database of vulnerable drivers
US11831542B2 (en) * 2022-04-13 2023-11-28 Microsoft Technology Licensing, Llc Platform for routing internet protocol packets using flow-based policy
CN114911658B (zh) * 2022-05-17 2025-11-25 武汉深之度科技有限公司 一种实时运行系统的检测方法及计算设备
US12294615B2 (en) 2022-06-22 2025-05-06 Microsoft Technology Licensing, Llc Using a requestor identity to enforce a security policy on a network connection that conforms to a shared-access communication protocol
CN115277804B (zh) * 2022-07-25 2025-02-14 福建福链科技有限公司 一种区块链的远端程序调用方法及服务端
US12147538B2 (en) * 2022-07-25 2024-11-19 Bank Of America Corporation Steganographic modification detection and mitigation for enhanced enterprise security
US12244564B2 (en) 2022-07-29 2025-03-04 Microsoft Technology Licensing, Llc. Security for computer systems
CN115550663B (zh) * 2022-08-02 2025-10-28 杭州网易云音乐科技有限公司 音视频防盗链的方法和装置及设备
US12353557B2 (en) * 2022-10-10 2025-07-08 Hewlett Packard Enterprise Development Lp Generating alerts for unexpected kernel modules
US20240205239A1 (en) * 2022-12-14 2024-06-20 Onfido Ltd. Methods and systems for fraud detection using relative movement of facial features
CN117131497B (zh) * 2023-02-28 2024-06-14 荣耀终端有限公司 一种软件检测方法及电子设备
US12445484B2 (en) * 2023-03-30 2025-10-14 Palo Alto Networks, Inc. Inline ransomware detection via server message block (SMB) traffic
CN116127461B (zh) * 2023-04-04 2023-07-25 阿里巴巴(中国)有限公司 数据保护方法及系统、存储服务器和客户端
US12430457B2 (en) * 2023-04-07 2025-09-30 Dell Products L.P. Reversing symmetric encryptions using keys found in snapshots—per-file keys, random and transmitted outside
CN116842505B (zh) * 2023-04-13 2024-08-20 博智安全科技股份有限公司 基于windows操作系统进程可信域构建方法、装置及存储介质
WO2024220364A1 (en) * 2023-04-19 2024-10-24 Daedalus Cloud Llc Methods of determining entropy for persistent storage devices
US12445294B2 (en) * 2023-06-14 2025-10-14 Sophos Limited Monitoring process data acquisition and exfiltration
US20250047695A1 (en) * 2023-08-01 2025-02-06 Palo Alto Networks, Inc. Advanced threat prevention
US20250111050A1 (en) * 2023-10-02 2025-04-03 Bank Of America Corporation Amalgamation platform providing concealed detection of code-passing using steganography
CN118972376B (zh) * 2024-10-09 2025-02-11 中孚安全技术有限公司 监控视频数据的处理方法、系统、电子设备及存储介质
CN119728020B (zh) * 2024-12-11 2025-10-10 苏州元脑智能科技有限公司 一种数据校验方法、装置及电子设备

Family Cites Families (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5649095A (en) 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
EP1828902A4 (en) 2004-10-26 2009-07-01 Rudra Technologies Pte Ltd SYSTEM AND METHOD FOR IDENTIFYING AND REMOVING MALWARE ON A COMPUTER SYSTEM
US7441153B1 (en) * 2005-03-28 2008-10-21 Network Appliance Inc. Method and system for secure and reliable event logging
US9055093B2 (en) * 2005-10-21 2015-06-09 Kevin R. Borders Method, system and computer program product for detecting at least one of security threats and undesirable computer files
US8918427B1 (en) * 2006-12-29 2014-12-23 Symantec Operating Corporation Virtualization of file input/output operations
US8069484B2 (en) 2007-01-25 2011-11-29 Mandiant Corporation System and method for determining data entropy to identify malware
US8621610B2 (en) 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
US8621628B2 (en) 2010-02-25 2013-12-31 Microsoft Corporation Protecting user mode processes from improper tampering or termination
US9087199B2 (en) 2011-03-31 2015-07-21 Mcafee, Inc. System and method for providing a secured operating system execution environment
US8656465B1 (en) 2011-05-09 2014-02-18 Google Inc. Userspace permissions service
US8650638B2 (en) * 2011-10-18 2014-02-11 Mcafee, Inc. System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file
CN102646173A (zh) * 2012-02-29 2012-08-22 成都新云软件有限公司 基于黑白名单的安全防护控制方法及系统
US9021589B2 (en) * 2012-06-05 2015-04-28 Los Alamos National Security, Llc Integrating multiple data sources for malware classification
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
CN103116724B (zh) * 2013-03-14 2015-08-12 北京奇虎科技有限公司 探测程序样本危险行为的方法及装置
US9197655B2 (en) * 2013-07-16 2015-11-24 Bank Of America Corporation Steganography detection
GB2517483B (en) * 2013-08-22 2015-07-22 F Secure Corp Detecting file encrypting malware
CN103679031B (zh) * 2013-12-12 2017-10-31 北京奇虎科技有限公司 一种文件病毒免疫的方法和装置
US9386034B2 (en) * 2013-12-17 2016-07-05 Hoplite Industries, Inc. Behavioral model based malware protection system and method
US10230739B2 (en) * 2015-06-26 2019-03-12 Board Of Regents, The University Of Texas System System and device for preventing attacks in real-time networked environments
US10929537B2 (en) * 2015-07-31 2021-02-23 Digital Guardian, Inc. Systems and methods of protecting data from malware processes
RU2617631C2 (ru) * 2015-09-30 2017-04-25 Акционерное общество "Лаборатория Касперского" Способ обнаружения работы вредоносной программы, запущенной с клиента, на сервере
US20170091482A1 (en) * 2015-09-30 2017-03-30 Symantec Corporation Methods for data loss prevention from malicious applications and targeted persistent threats
US12021831B2 (en) 2016-06-10 2024-06-25 Sophos Limited Network security
JP5996145B1 (ja) * 2016-07-14 2016-09-21 三井物産セキュアディレクション株式会社 プログラム、情報処理装置、及び情報処理方法
US10191789B2 (en) 2016-08-18 2019-01-29 Crowdstrike, Inc. Tracing system operations across remote procedure linkages to identify request originators
US10609066B1 (en) 2016-11-23 2020-03-31 EMC IP Holding Company LLC Automated detection and remediation of ransomware attacks involving a storage device of a computer network
US9734337B1 (en) 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US11960603B2 (en) 2017-04-25 2024-04-16 Druva Inc. Multi-step approach for ransomware detection
US10586043B2 (en) * 2017-05-03 2020-03-10 Samsung Electronics Co., Ltd. System and method for detecting malicious software in NVME over fabrics devices

Similar Documents

Publication Publication Date Title
JP2020522808A5 (enExample)
US10380337B2 (en) Configuring a sandbox environment for malware testing
US20150089647A1 (en) Distributed Sample Analysis
RU2571723C2 (ru) Система и способ для снижения нагрузки на операционную систему при работе антивирусного приложения
US9646159B2 (en) Multi-file malware analysis
US9111094B2 (en) Malware detection
US10783246B2 (en) Comparing structural information of a snapshot of system memory
US20170026402A1 (en) Detecting stored cross-site scripting vulnerabilities in web applications
US10726119B2 (en) Monitoring application execution in a clone of a virtual computing instance for application whitelisting
US11004082B2 (en) Trust platform
RU2018142303A (ru) Аппаратная виртуализированная изоляция для обеспечения безопасности
JP2014517383A5 (enExample)
CN103595732B (zh) 一种网络攻击取证的方法及装置
RU2015141551A (ru) Способ обнаружения работы вредоносной программы, запущенной с клиента, на сервере
RU2690759C2 (ru) Оценка репутации файла
CN105607986A (zh) 用户行为日志数据采集方法及装置
CN104811453A (zh) 主动防御方法及装置
CN104468563A (zh) 网站漏洞防护方法、装置及系统
JP6000465B2 (ja) プロセス検査装置、プロセス検査プログラムおよびプロセス検査方法
US20170126715A1 (en) Detection device, detection method, and detection program
JP2016181208A (ja) 不正監視装置および不正監視プログラム
CN104504339A (zh) 虚拟化安全检测方法与系统
CN104504330A (zh) 虚拟化安全检测方法与系统
JP6258189B2 (ja) 特定装置、特定方法および特定プログラム
TW201842462A (zh) 惡意軟體分析方法、惡意軟體分析裝置及惡意軟體分析系統