JP6161807B2 - 構成経路に基づく起こり得る悪意のある挙動の事前識別 - Google Patents

構成経路に基づく起こり得る悪意のある挙動の事前識別 Download PDF

Info

Publication number
JP6161807B2
JP6161807B2 JP2016519988A JP2016519988A JP6161807B2 JP 6161807 B2 JP6161807 B2 JP 6161807B2 JP 2016519988 A JP2016519988 A JP 2016519988A JP 2016519988 A JP2016519988 A JP 2016519988A JP 6161807 B2 JP6161807 B2 JP 6161807B2
Authority
JP
Japan
Prior art keywords
configuration
mobile computing
computing device
malicious
behavior
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2016519988A
Other languages
English (en)
Japanese (ja)
Other versions
JP2016538618A (ja
JP2016538618A5 (enExample
Inventor
ヴィナイ・シュリダラ
サティヤジト・プラバカール・パトネ
ラジャルシ・グプタ
Original Assignee
クアルコム,インコーポレイテッド
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by クアルコム,インコーポレイテッド filed Critical クアルコム,インコーポレイテッド
Publication of JP2016538618A publication Critical patent/JP2016538618A/ja
Publication of JP2016538618A5 publication Critical patent/JP2016538618A5/ja
Application granted granted Critical
Publication of JP6161807B2 publication Critical patent/JP6161807B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
JP2016519988A 2013-10-03 2014-09-19 構成経路に基づく起こり得る悪意のある挙動の事前識別 Expired - Fee Related JP6161807B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/044,937 US9519775B2 (en) 2013-10-03 2013-10-03 Pre-identifying probable malicious behavior based on configuration pathways
US14/044,937 2013-10-03
PCT/US2014/056666 WO2015050727A1 (en) 2013-10-03 2014-09-19 Pre-identifying probable malicious behavior based on configuration pathways

Publications (3)

Publication Number Publication Date
JP2016538618A JP2016538618A (ja) 2016-12-08
JP2016538618A5 JP2016538618A5 (enExample) 2017-05-25
JP6161807B2 true JP6161807B2 (ja) 2017-07-12

Family

ID=51842755

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2016519988A Expired - Fee Related JP6161807B2 (ja) 2013-10-03 2014-09-19 構成経路に基づく起こり得る悪意のある挙動の事前識別

Country Status (6)

Country Link
US (1) US9519775B2 (enExample)
EP (1) EP3053319A1 (enExample)
JP (1) JP6161807B2 (enExample)
KR (1) KR101810346B1 (enExample)
CN (1) CN105637833A (enExample)
WO (1) WO2015050727A1 (enExample)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9213831B2 (en) * 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
US9519775B2 (en) 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
AU2013101573A4 (en) * 2013-11-29 2014-01-09 Macau University Of Science And Technology Method for predicting and detecting network intrusion into a computer network
RU2595511C2 (ru) * 2014-12-05 2016-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ ограничения работы доверенных приложений при наличии подозрительных приложений
US9785776B2 (en) 2015-04-27 2017-10-10 Iboss, Inc. High risk program identification based on program behavior
US10148678B2 (en) * 2015-10-01 2018-12-04 The Boeing Company Cybersecurity system with differentiated capacity to deal with complex cyber attacks
US9906551B2 (en) * 2016-02-09 2018-02-27 International Business Machines Corporation Forecasting and classifying cyber-attacks using crossover neural embeddings
US10402563B2 (en) * 2016-02-11 2019-09-03 Morphisec Information Security Ltd. Automated classification of exploits based on runtime environmental features
US11108816B2 (en) * 2016-03-17 2021-08-31 Johann Schlamp Constructible automata for internet routes
US10826933B1 (en) * 2016-03-31 2020-11-03 Fireeye, Inc. Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints
US10893059B1 (en) 2016-03-31 2021-01-12 Fireeye, Inc. Verification and enhancement using detection systems located at the network periphery and endpoint devices
US10491610B2 (en) 2016-05-20 2019-11-26 International Business Machines Corporation Remote monitoring of software
US10803177B2 (en) * 2017-07-19 2020-10-13 International Business Machines Corporation Compliance-aware runtime generation based on application patterns and risk assessment
US10462162B2 (en) * 2017-07-24 2019-10-29 Rapid7, Inc. Detecting malicious processes based on process location
CN109936545B (zh) * 2017-12-18 2020-07-24 华为技术有限公司 暴力破解攻击的检测方法和相关装置
US11431748B2 (en) 2017-12-20 2022-08-30 Mounir Talal NSOULI Predictive crowdsourcing-based endpoint protection system
EP3762849B1 (en) * 2018-03-05 2023-05-17 British Telecommunications public limited company Improved application deployment
US11301568B1 (en) * 2018-04-05 2022-04-12 Veritas Technologies Llc Systems and methods for computing a risk score for stored information
US10885226B1 (en) * 2018-06-06 2021-01-05 NortonLifeLock, Inc. Systems and methods for enforcing secure shared access on computing devices by content state pinning
US11201855B1 (en) 2018-06-22 2021-12-14 Vmware, Inc. Distributed firewall that learns from traffic patterns to prevent attacks
US11750624B2 (en) * 2018-06-22 2023-09-05 Vmware, Inc. Statistical approach for augmenting signature detection in web application firewall
MX2021000598A (es) * 2018-07-17 2021-04-13 Netflix Inc Motor de diferenciacion para la ciencia forense digital.
CN109195154B (zh) * 2018-08-13 2021-06-29 中国联合网络通信集团有限公司 物联网窜卡用户识别方法和装置
CN109348065B (zh) * 2018-11-27 2020-12-25 湘潭大学 一种基于qq聊天互动行为的手机电磁辐射预测方法
US20220279007A1 (en) * 2019-07-17 2022-09-01 Nec Corporation Analysis system, method, and program
US12130908B2 (en) * 2020-05-01 2024-10-29 Forcepoint Llc Progressive trigger data and detection model
CN115606151A (zh) * 2020-05-28 2023-01-13 松下电器(美国)知识产权公司(Us) 控制方法、程序及不正当数据检测系统
US20220329664A1 (en) * 2021-04-09 2022-10-13 Apple Inc. Secure data caching for edge networks
US12346788B2 (en) * 2021-06-04 2025-07-01 Dell Products L.P. Systems and methods for gauging differences between network configurations
US12287877B1 (en) 2022-07-12 2025-04-29 Wells Fargo Bank, N.A. Determining false positives of file change events detected by file integrity monitoring tools

Family Cites Families (45)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7257523B1 (en) * 1999-05-06 2007-08-14 Fisher-Rosemount Systems, Inc. Integrated distributed process control system functionality on a single computer
JP2002251374A (ja) * 2000-12-20 2002-09-06 Fujitsu Ltd 情報管理システム、情報管理方法、およびその方法をコンピュータに実行させるプログラム、並びにそのプログラムを記録したコンピュータ読み取り可能な記録媒体
US7028338B1 (en) * 2001-12-18 2006-04-11 Sprint Spectrum L.P. System, computer program, and method of cooperative response to threat to domain security
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
JP4320013B2 (ja) 2003-02-26 2009-08-26 株式会社セキュアウェア 不正処理判定方法、データ処理装置、コンピュータプログラム、及び記録媒体
US7024548B1 (en) * 2003-03-10 2006-04-04 Cisco Technology, Inc. Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device
US7409593B2 (en) * 2003-06-30 2008-08-05 At&T Delaware Intellectual Property, Inc. Automated diagnosis for computer networks
JP2007516495A (ja) 2003-08-11 2007-06-21 コーラス システムズ インコーポレイテッド 適応基準モデルの作成及び使用のためのシステム及び方法
JP3999188B2 (ja) * 2003-10-28 2007-10-31 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法および不正アクセス検知プログラム
JP4371905B2 (ja) * 2004-05-27 2009-11-25 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法、不正アクセス検知プログラムおよび分散型サービス不能化攻撃検知装置
EP1619572A1 (en) 2004-07-23 2006-01-25 Texas Instruments Incorporated System and method of identifying and preventing security violations within a computing system
US7389444B2 (en) * 2004-07-27 2008-06-17 Microsoft Corporation Method and system for troubleshooting a misconfiguration of a computer system based on product support services information
US20060075494A1 (en) 2004-10-01 2006-04-06 Bertman Justin R Method and system for analyzing data for potential malware
US7770785B2 (en) 2005-06-13 2010-08-10 Qualcomm Incorporated Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device
JP4528680B2 (ja) * 2005-07-05 2010-08-18 株式会社日立製作所 自己再組織化システム
US8832827B2 (en) 2005-07-14 2014-09-09 Gryphonet Ltd. System and method for detection and recovery of malfunction in mobile devices
WO2007053708A2 (en) * 2005-10-31 2007-05-10 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for securing communications between a first node and a second node
US7774843B1 (en) 2005-11-16 2010-08-10 Mcafee, Inc. System, method and computer program product for preventing the execution of unwanted code
WO2007089786A2 (en) * 2006-01-30 2007-08-09 Sudhakar Govindavajhala Identifying unauthorized privilege escalations
US8365286B2 (en) 2006-06-30 2013-01-29 Sophos Plc Method and system for classification of software using characteristics and combinations of such characteristics
US20080005797A1 (en) * 2006-06-30 2008-01-03 Microsoft Corporation Identifying malware in a boot environment
US9069957B2 (en) * 2006-10-06 2015-06-30 Juniper Networks, Inc. System and method of reporting and visualizing malware on mobile networks
US8201246B1 (en) 2008-02-25 2012-06-12 Trend Micro Incorporated Preventing malicious codes from performing malicious actions in a computer system
US8566256B2 (en) * 2008-04-01 2013-10-22 Certona Corporation Universal system and method for representing and predicting human behavior
US8745703B2 (en) 2008-06-24 2014-06-03 Microsoft Corporation Identifying exploitation of vulnerabilities using error report
US8667583B2 (en) 2008-09-22 2014-03-04 Microsoft Corporation Collecting and analyzing malware data
CN101483658B (zh) * 2009-01-09 2012-11-28 招商银行股份有限公司 浏览器输入内容保护的系统和方法
US8528080B2 (en) 2009-09-15 2013-09-03 Reefedge Networks, Llc Short-range mobile honeypot for sampling and tracking threats
US8375450B1 (en) 2009-10-05 2013-02-12 Trend Micro, Inc. Zero day malware scanner
US8464345B2 (en) 2010-04-28 2013-06-11 Symantec Corporation Behavioral signature generation using clustering
US20120137369A1 (en) * 2010-11-29 2012-05-31 Infosec Co., Ltd. Mobile terminal with security functionality and method of implementing the same
US9100425B2 (en) 2010-12-01 2015-08-04 Cisco Technology, Inc. Method and apparatus for detecting malicious software using generic signatures
TW201227385A (en) 2010-12-16 2012-07-01 Univ Nat Taiwan Science Tech Method of detecting malicious script and system thereof
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
EP2610776B1 (en) 2011-09-16 2019-08-21 Veracode, Inc. Automated behavioural and static analysis using an instrumented sandbox and machine learning classification for mobile security
US20130097660A1 (en) * 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment
US9832211B2 (en) 2012-03-19 2017-11-28 Qualcomm, Incorporated Computing device to detect malware
WO2013147859A1 (en) * 2012-03-30 2013-10-03 Intel Corporation Reporting malicious activity to an operating system
US20130311385A1 (en) * 2012-05-18 2013-11-21 Park S. Foreman Third Party Security Monitoring & Audit
US8819772B2 (en) * 2012-06-25 2014-08-26 Appthority, Inc. In-line filtering of insecure or unwanted mobile device software components or communications
US10180851B2 (en) * 2013-01-14 2019-01-15 Cisco Technology, Inc. Detection of unauthorized use of virtual resources
US20140259167A1 (en) * 2013-03-11 2014-09-11 Samsung Electronics Co. Ltd. Behavior based application blacklisting
US9069955B2 (en) * 2013-04-30 2015-06-30 International Business Machines Corporation File system level data protection during potential security breach
US9519775B2 (en) 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
US9213831B2 (en) 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline

Also Published As

Publication number Publication date
CN105637833A (zh) 2016-06-01
US20150101047A1 (en) 2015-04-09
JP2016538618A (ja) 2016-12-08
KR20160065863A (ko) 2016-06-09
KR101810346B1 (ko) 2018-01-18
WO2015050727A1 (en) 2015-04-09
US9519775B2 (en) 2016-12-13
EP3053319A1 (en) 2016-08-10

Similar Documents

Publication Publication Date Title
JP6161807B2 (ja) 構成経路に基づく起こり得る悪意のある挙動の事前識別
US10089459B2 (en) Malware detection and prevention by monitoring and modifying a hardware pipeline
US9690635B2 (en) Communicating behavior information in a mobile computing device
JP6050560B1 (ja) 挙動契約を使用する、起こり得る悪意のあるルートキット挙動の事前識別
JP6235000B2 (ja) クライアントクラウド挙動アナライザのためのアーキテクチャ
EP3117361B1 (en) Behavioral analysis for securing peripheral devices
US9491187B2 (en) APIs for obtaining device-specific behavior classifier models from the cloud
US9357397B2 (en) Methods and systems for detecting malware and attacks that target behavioral security mechanisms of a mobile device
US9298494B2 (en) Collaborative learning for efficient behavioral analysis in networked mobile device
US9609456B2 (en) Methods, devices, and systems for communicating behavioral analysis information
US9652362B2 (en) Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors
TWI530141B (zh) 動態地產生及使用裝置特定及裝置狀態特定之分類器模型以高效率分類行動裝置行為之方法及系統
US20160232353A1 (en) Determining Model Protection Level On-Device based on Malware Detection in Similar Devices

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160405

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20170404

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20170404

A871 Explanation of circumstances concerning accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A871

Effective date: 20170404

A975 Report on accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A971005

Effective date: 20170502

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20170515

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20170613

R150 Certificate of patent or registration of utility model

Ref document number: 6161807

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees