JP4051020B2 - ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 - Google Patents
ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 Download PDFInfo
- Publication number
- JP4051020B2 JP4051020B2 JP2003367272A JP2003367272A JP4051020B2 JP 4051020 B2 JP4051020 B2 JP 4051020B2 JP 2003367272 A JP2003367272 A JP 2003367272A JP 2003367272 A JP2003367272 A JP 2003367272A JP 4051020 B2 JP4051020 B2 JP 4051020B2
- Authority
- JP
- Japan
- Prior art keywords
- worm
- communication
- network segment
- determination
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims description 136
- 238000004891 communication Methods 0.000 claims abstract description 488
- 208000014837 parasitic helminthiasis infectious disease Diseases 0.000 claims description 43
- 238000012544 monitoring process Methods 0.000 claims description 25
- 230000004044 response Effects 0.000 claims description 7
- 208000015181 infectious disease Diseases 0.000 claims description 4
- 238000001514 detection method Methods 0.000 abstract description 4
- 230000000903 blocking effect Effects 0.000 description 57
- 230000008569 process Effects 0.000 description 57
- 238000005259 measurement Methods 0.000 description 44
- 238000012545 processing Methods 0.000 description 28
- 230000005856 abnormality Effects 0.000 description 23
- 238000010586 diagram Methods 0.000 description 18
- 230000005540 biological transmission Effects 0.000 description 16
- 230000008859 change Effects 0.000 description 12
- 230000000694 effects Effects 0.000 description 9
- 230000006399 behavior Effects 0.000 description 8
- 238000007689 inspection Methods 0.000 description 4
- 230000035755 proliferation Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 238000012790 confirmation Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000002458 infectious effect Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
Description
情報の取得に係る設定情報に基づいて通信パケットの通信量および該通信パケットの通信アドレスに係る情報を取得する通信情報取得手順と、
前記通信情報取得手順により取得された情報および前記通信がワームによりなされた通信か否かを規定する判定基準に係る情報に基づいて前記通信がワームによりなされた通信か否かを判定するワーム判定手順と、
をコンピュータに実行させることを特徴とするワーム判定プログラム。
情報の取得に係る設定情報に基づいて通信パケットの通信量および該通信パケットの通信アドレスに係る情報を取得する通信情報取得手順と、
前記通信情報取得手順により取得された情報および前記通信がワームによりなされた通信か否かを規定する判定基準に係る情報に基づいて前記通信がワームによりなされた通信か否かを判定するワーム判定手順と、
をコンピュータに実行させるワーム判定プログラムを記録したことを特徴とするコンピュータ読み取り可能な記録媒体。
情報の取得に係る設定情報に基づいて通信パケットの通信量および該通信パケットの通信アドレスに係る情報を取得する通信情報取得工程と、
前記通信情報取得工程により取得された情報および前記通信がワームによりなされた通信か否かを規定する判定基準に係る情報に基づいて前記通信がワームによりなされた通信か否かを判定するワーム判定工程と、
を含んだことを特徴とするワーム判定方法。
情報の取得に係る設定情報に基づいて通信パケットの通信量および該通信パケットの通信アドレスに係る情報を取得する通信情報取得手段と、
前記通信情報取得手段により取得された情報および前記通信がワームによりなされた通信か否かを規定する判定基準に係る情報に基づいて前記通信がワームによりなされた通信か否かを判定するワーム判定手段と、
を備えたことを特徴とするワーム判定装置。
11 ネットワーク
130 キーボード
131 ディスプレイ
132 CPU
133 RAM
134 HDD
135 HD
135a ワーム判定プログラム
136 ROM
137 ネットワークI/F
138 バス
17a〜17c、20a〜20d ワーム判定装置
200 インターフェース部
21 LAN
210 入力部
220 表示部
230 記憶部
230a 設定データ
230b 通信ログデータ
230c ワームデータ
240 制御部
240a 通信情報取得部
240b ワーム判定部
240c 設定データ変更部
240d 通信遮断部
60、70、80、90 ワーム判定結果
Claims (8)
- ネットワークに接続されたネットワークセグメントに係る通信を監視してネットワークセグメント内外におけるワーム感染の有無を判定するワーム判定プログラムであって、
ネットワークセグメント内から外部へ送信される通信パケットの通信量および当該通信パケットの通信アドレスに係る情報を取得する取得工程と、
前記取得工程にて取得された通信パケットの通信量が所定量以上となり、かつ、前記取得工程にて取得された通信アドレス数が所定数以上となった場合に、ネットワークセグメント内外のいずれかにおいてワーム感染があると判定する第1判定工程と、
前記第1判定工程にてネットワークセグメント内にワーム感染があると判定され、かつ、前記取得工程にて取得された通信アドレス数のうち宛先アドレス数が過去の判定結果の履歴における宛先アドレス数の所定数倍以上である場合に、ネットワークセグメント内の複数のコンピュータにワームが感染したと判定する第2判定工程と
をコンピュータに実行させることを特徴とするワーム判定プログラム。 - 前記第2判定工程は、
前記第1判定工程にてワーム感染があると判定され、かつ、過去の判定結果の履歴においてネットワークセグメント外部のワーム感染がある場合に、ネットワークセグメント外部からのパケット通信によってネットワークセグメント内のワーム感染が発生したと判定することを特徴とする請求項1記載のワーム判定プログラム。 - 前記第2判定工程は、
前記第1判定工程にてワーム感染があると判定され、かつ、過去の判定結果の履歴においてネットワークセグメント外部のワーム感染がない場合に、パケット通信以外の原因によってネットワークセグメント内のワーム感染が発生したと判定することを特徴とする請求項1記載のワーム判定プログラム。 - 前記第2判定工程は、
前記第1判定工程にてワーム感染があると判定された時点から所定時間以内の過去の判定結果を参照することを特徴とする請求項1記載のワーム判定プログラム。 - 前記第1判定工程は、
ネットワークセグメント内から外部へ送信される通信パケットの通信量が所定量以上となり、かつ、通信パケットの宛先アドレス数が所定数以上となった場合に、ネットワークセグメント内においてワーム感染があると判定することを特徴とする請求項1記載のワーム判定プログラム。 - 前記第1判定工程は、
外部からネットワークセグメント内へ送信される通信パケットに対する応答通信パケットの通信量が所定量以上となり、かつ、通信パケットの送信元アドレス数が所定数以上となった場合に、ネットワークセグメント外部においてワーム感染があると判定することを特徴とする請求項1記載のワーム判定プログラム。 - ネットワークに接続されたネットワークセグメントに係る通信を監視してネットワークセグメント内外におけるワーム感染の有無を判定するワーム判定方法であって、
ネットワークセグメント内から外部へ送信される通信パケットの通信量および当該通信パケットの通信アドレスに係る情報を取得する取得工程と、
前記取得工程にて取得された通信パケットの通信量が所定量以上となり、かつ、前記取得工程にて取得された通信アドレス数が所定数以上となった場合に、ネットワークセグメント内外のいずれかにおいてワーム感染があると判定する第1判定工程と、
前記第1判定工程にてネットワークセグメント内にワーム感染があると判定され、かつ、前記取得工程にて取得された通信アドレス数のうち宛先アドレス数が過去の判定結果の履歴における宛先アドレス数の所定数倍以上である場合に、ネットワークセグメント内の複数のコンピュータにワームが感染したと判定する第2判定工程と
を有することを特徴とするワーム判定方法。 - ネットワークに接続されたネットワークセグメントに係る通信を監視してネットワークセグメント内外におけるワーム感染の有無を判定するワーム判定装置であって、
ネットワークセグメント内から外部へ送信される通信パケットの通信量および当該通信パケットの通信アドレスに係る情報を取得する取得手段と、
前記取得手段によって取得された通信パケットの通信量が所定量以上となり、かつ、前記取得手段によって取得された通信アドレス数が所定数以上となった場合に、ネットワークセグメント内外のいずれかにおいてワーム感染があると判定する第1判定手段と、
前記第1判定手段によってネットワークセグメント内にワーム感染があると判定され、かつ、前記取得手段によって取得された通信アドレス数のうち宛先アドレス数が過去の判定結果の履歴における宛先アドレス数の所定数倍以上である場合に、ネットワークセグメント内の複数のコンピュータにワームが感染したと判定する第2判定手段と
を有することを特徴とするワーム判定装置。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003367272A JP4051020B2 (ja) | 2003-10-28 | 2003-10-28 | ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 |
US10/812,622 US20050091533A1 (en) | 2003-10-28 | 2004-03-30 | Device and method for worm detection, and computer product |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003367272A JP4051020B2 (ja) | 2003-10-28 | 2003-10-28 | ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 |
Related Child Applications (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2006266091A Division JP4303741B2 (ja) | 2006-09-28 | 2006-09-28 | 通信遮断装置、通信遮断プログラムおよび通信遮断方法 |
JP2006266089A Division JP2007074738A (ja) | 2006-09-28 | 2006-09-28 | ワーム判定装置、ワーム判定プログラムおよびワーム判定方法 |
JP2006266088A Division JP2007082241A (ja) | 2006-09-28 | 2006-09-28 | 通信遮断装置、通信遮断プログラムおよび通信遮断方法 |
JP2006266090A Division JP4441517B2 (ja) | 2006-09-28 | 2006-09-28 | ワーム判定装置、ワーム判定プログラムおよびワーム判定方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2005134974A JP2005134974A (ja) | 2005-05-26 |
JP4051020B2 true JP4051020B2 (ja) | 2008-02-20 |
Family
ID=34510288
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2003367272A Expired - Fee Related JP4051020B2 (ja) | 2003-10-28 | 2003-10-28 | ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 |
Country Status (2)
Country | Link |
---|---|
US (1) | US20050091533A1 (ja) |
JP (1) | JP4051020B2 (ja) |
Families Citing this family (172)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8407798B1 (en) | 2002-10-01 | 2013-03-26 | Skybox Secutiry Inc. | Method for simulation aided security event management |
US8359650B2 (en) * | 2002-10-01 | 2013-01-22 | Skybox Secutiry Inc. | System, method and computer readable medium for evaluating potential attacks of worms |
WO2005057345A2 (en) * | 2003-12-05 | 2005-06-23 | Cambia Security, Inc. | Real-time change detection for network systems |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8528086B1 (en) * | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
JP2006072684A (ja) * | 2004-09-02 | 2006-03-16 | Hitachi Ltd | ストレージネットワークシステム及び管理サーバ、ホストとストレージ装置 |
JP4547342B2 (ja) * | 2005-04-06 | 2010-09-22 | アラクサラネットワークス株式会社 | ネットワーク制御装置と制御システム並びに制御方法 |
US7860006B1 (en) * | 2005-04-27 | 2010-12-28 | Extreme Networks, Inc. | Integrated methods of performing network switch functions |
US20060294588A1 (en) * | 2005-06-24 | 2006-12-28 | International Business Machines Corporation | System, method and program for identifying and preventing malicious intrusions |
JP2007013263A (ja) * | 2005-06-28 | 2007-01-18 | Fujitsu Ltd | ワーム判定プログラム、ワーム判定方法およびワーム判定装置 |
JP2007013343A (ja) * | 2005-06-28 | 2007-01-18 | Fujitsu Ltd | ワーム検出パラメータ設定プログラム及びワーム検出パラメータ設定装置 |
CN101069164B (zh) * | 2005-09-30 | 2010-04-14 | 株式会社Ntt都科摩 | 信息通信装置和消息显示方法 |
US7881700B2 (en) | 2005-09-30 | 2011-02-01 | Ntt Docomo, Inc. | Information communication apparatus and message displaying method |
US7971256B2 (en) * | 2005-10-20 | 2011-06-28 | Cisco Technology, Inc. | Mechanism to correlate the presence of worms in a network |
JP4725724B2 (ja) * | 2005-10-27 | 2011-07-13 | 日本電気株式会社 | クラスタ障害推定システム |
US8255996B2 (en) | 2005-12-30 | 2012-08-28 | Extreme Networks, Inc. | Network threat detection and mitigation |
JP2007249579A (ja) * | 2006-03-15 | 2007-09-27 | Fujitsu Ltd | ワーム対策パラメータ決定プログラム、ワーム対策パラメータ決定装置、ノード数決定プログラム、ノード数決定装置およびノード数制限システム |
US20080028180A1 (en) * | 2006-07-31 | 2008-01-31 | Newman Alex P | Inappropriate access detector based on system segmentation faults |
KR100789722B1 (ko) * | 2006-09-26 | 2008-01-02 | 한국정보보호진흥원 | 웹 기술을 사용하여 전파되는 악성코드 차단시스템 및 방법 |
JP2008129707A (ja) * | 2006-11-17 | 2008-06-05 | Lac Co Ltd | プログラム分析装置、プログラム分析方法、及びプログラム |
JP4883409B2 (ja) * | 2007-01-22 | 2012-02-22 | 独立行政法人情報通信研究機構 | データ類似性検査方法及び装置 |
US20080295153A1 (en) * | 2007-05-24 | 2008-11-27 | Zhidan Cheng | System and method for detection and communication of computer infection status in a networked environment |
JP5050781B2 (ja) | 2007-10-30 | 2012-10-17 | 富士通株式会社 | マルウエア検出装置、監視装置、マルウエア検出プログラム、およびマルウエア検出方法 |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US9191399B2 (en) * | 2012-09-11 | 2015-11-17 | The Boeing Company | Detection of infected network devices via analysis of responseless outgoing network traffic |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9507935B2 (en) | 2014-01-16 | 2016-11-29 | Fireeye, Inc. | Exploit detection system with threat-aware microvisor |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL152502A0 (en) * | 2000-04-28 | 2003-05-29 | Internet Security Systems Inc | Method and system for managing computer security information |
JP2002063084A (ja) * | 2000-08-21 | 2002-02-28 | Toshiba Corp | パケット転送装置、パケット転送方法、及びそのプログラムが格納された記憶媒体 |
US20060265746A1 (en) * | 2001-04-27 | 2006-11-23 | Internet Security Systems, Inc. | Method and system for managing computer security information |
US20030056116A1 (en) * | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US20030084321A1 (en) * | 2001-10-31 | 2003-05-01 | Tarquini Richard Paul | Node and mobile device for a mobile telecommunications network providing intrusion detection |
JP4088082B2 (ja) * | 2002-02-15 | 2008-05-21 | 株式会社東芝 | 未知コンピュータウイルスの感染を防止する装置およびプログラム |
US7359962B2 (en) * | 2002-04-30 | 2008-04-15 | 3Com Corporation | Network security system integration |
US7159149B2 (en) * | 2002-10-24 | 2007-01-02 | Symantec Corporation | Heuristic detection and termination of fast spreading network worm attacks |
-
2003
- 2003-10-28 JP JP2003367272A patent/JP4051020B2/ja not_active Expired - Fee Related
-
2004
- 2004-03-30 US US10/812,622 patent/US20050091533A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
JP2005134974A (ja) | 2005-05-26 |
US20050091533A1 (en) | 2005-04-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4051020B2 (ja) | ワーム判定プログラム、ワーム判定プログラムを記憶したコンピュータ読み取り可能な記憶媒体、ワーム判定方法およびワーム判定装置 | |
US7752668B2 (en) | Network virus activity detecting system, method, and program, and storage medium storing said program | |
CN105721461B (zh) | 利用专用计算机安全服务的系统和方法 | |
JP4709160B2 (ja) | サービス不能攻撃検知システムおよびサービス不能攻撃検知方法 | |
JP4827972B2 (ja) | ネットワーク監視装置、ネットワーク監視方法およびネットワーク監視プログラム | |
JP6291135B2 (ja) | コネクション制御装置、コネクション制御方法およびコネクション制御プログラム | |
JP4429218B2 (ja) | ネットワーク遮断制御プログラム及びネットワーク遮断装置 | |
US8966630B2 (en) | Generating and distributing a malware countermeasure | |
JP2006319982A (ja) | 通信ネットワーク内ワーム特定及び不活化方法及び装置 | |
US8539581B2 (en) | Efficient distribution of a malware countermeasure | |
JP4303741B2 (ja) | 通信遮断装置、通信遮断プログラムおよび通信遮断方法 | |
JP5286018B2 (ja) | 情報処理装置、プログラム、および記録媒体 | |
JP2008278272A (ja) | 電子システム、電子機器、中央装置、プログラム、および記録媒体 | |
EP1754348B1 (en) | Using address ranges to detect malicious activity | |
JP5531064B2 (ja) | 通信装置、通信システム、通信方法、および、通信プログラム | |
JP4161989B2 (ja) | ネットワーク監視システム | |
JP4437107B2 (ja) | コンピュータシステム | |
US20130346602A1 (en) | System, method, and computer program product for selecting a wireless network based on security information | |
JP4441517B2 (ja) | ワーム判定装置、ワーム判定プログラムおよびワーム判定方法 | |
JP2007082241A (ja) | 通信遮断装置、通信遮断プログラムおよび通信遮断方法 | |
CN113783892B (zh) | 反射攻击检测方法、系统、设备及计算机可读存储介质 | |
JP2007074738A (ja) | ワーム判定装置、ワーム判定プログラムおよびワーム判定方法 | |
JP5952220B2 (ja) | ファイル監視周期算出装置、ファイル監視周期算出システム、ファイル監視周期算出方法及びファイル監視周期算出プログラム | |
JP2008165601A (ja) | 通信監視システム、通信監視装置、及び通信制御装置 | |
CN107733927B (zh) | 一种僵尸网络文件检测的方法、云服务器、装置及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20050413 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20070220 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20070420 |
|
A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20070612 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20070810 |
|
A911 | Transfer to examiner for re-examination before appeal (zenchi) |
Free format text: JAPANESE INTERMEDIATE CODE: A911 Effective date: 20070817 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20070904 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20071102 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20071127 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20071130 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 4051020 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20101207 Year of fee payment: 3 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20111207 Year of fee payment: 4 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20111207 Year of fee payment: 4 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20121207 Year of fee payment: 5 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20121207 Year of fee payment: 5 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20131207 Year of fee payment: 6 |
|
LAPS | Cancellation because of no payment of annual fees |