JP6583865B2 - プロファイリングイベントに基づいたエクスプロイト検出 - Google Patents

プロファイリングイベントに基づいたエクスプロイト検出 Download PDF

Info

Publication number
JP6583865B2
JP6583865B2 JP2017566793A JP2017566793A JP6583865B2 JP 6583865 B2 JP6583865 B2 JP 6583865B2 JP 2017566793 A JP2017566793 A JP 2017566793A JP 2017566793 A JP2017566793 A JP 2017566793A JP 6583865 B2 JP6583865 B2 JP 6583865B2
Authority
JP
Japan
Prior art keywords
application
instruction pointer
event trace
code
area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2017566793A
Other languages
English (en)
Japanese (ja)
Other versions
JP2018523220A5 (enExample
JP2018523220A (ja
Inventor
ピクニール、ヴォロディミル
マートゥル、ラチット
Original Assignee
マカフィー,エルエルシー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by マカフィー,エルエルシー filed Critical マカフィー,エルエルシー
Publication of JP2018523220A publication Critical patent/JP2018523220A/ja
Publication of JP2018523220A5 publication Critical patent/JP2018523220A5/ja
Application granted granted Critical
Publication of JP6583865B2 publication Critical patent/JP6583865B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Stored Programmes (AREA)
JP2017566793A 2015-06-26 2016-05-23 プロファイリングイベントに基づいたエクスプロイト検出 Active JP6583865B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/751,762 2015-06-26
US14/751,762 US9984230B2 (en) 2015-06-26 2015-06-26 Profiling event based exploit detection
PCT/US2016/033691 WO2016209449A1 (en) 2015-06-26 2016-05-23 Profiling event based exploit detection

Publications (3)

Publication Number Publication Date
JP2018523220A JP2018523220A (ja) 2018-08-16
JP2018523220A5 JP2018523220A5 (enExample) 2019-01-31
JP6583865B2 true JP6583865B2 (ja) 2019-10-02

Family

ID=57586426

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2017566793A Active JP6583865B2 (ja) 2015-06-26 2016-05-23 プロファイリングイベントに基づいたエクスプロイト検出

Country Status (5)

Country Link
US (1) US9984230B2 (enExample)
EP (1) EP3314508A4 (enExample)
JP (1) JP6583865B2 (enExample)
CN (1) CN107960126B (enExample)
WO (1) WO2016209449A1 (enExample)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9984230B2 (en) 2015-06-26 2018-05-29 Mcafee, Llc Profiling event based exploit detection
RU2665911C2 (ru) 2017-02-08 2018-09-04 Акционерное общество "Лаборатория Касперского" Система и способ анализа файла на вредоносность в виртуальной машине
US11463472B2 (en) * 2018-10-24 2022-10-04 Nec Corporation Unknown malicious program behavior detection using a graph neural network
US12381890B2 (en) 2019-09-24 2025-08-05 Pribit Technology, Inc. System and method for secure network access of terminal
US12166759B2 (en) 2019-09-24 2024-12-10 Pribit Technology, Inc. System for remote execution code-based node control flow management, and method therefor
US12267304B2 (en) 2019-09-24 2025-04-01 Pribit Technology, Inc. System for authenticating and controlling network access of terminal, and method therefor
US11652801B2 (en) 2019-09-24 2023-05-16 Pribit Technology, Inc. Network access control system and method therefor
US11381557B2 (en) 2019-09-24 2022-07-05 Pribit Technology, Inc. Secure data transmission using a controlled node flow
US11271777B2 (en) 2019-09-24 2022-03-08 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US11082256B2 (en) 2019-09-24 2021-08-03 Pribit Technology, Inc. System for controlling network access of terminal based on tunnel and method thereof
US12348494B2 (en) 2019-09-24 2025-07-01 Pribit Technology, Inc. Network access control system and method therefor
CN114679315B (zh) * 2022-03-25 2024-05-14 中国工商银行股份有限公司 攻击检测方法、装置、计算机设备、存储介质和程序产品
FR3137471B1 (fr) * 2022-07-04 2024-12-13 Stmicroelectronics Grand Ouest Sas Procédé de gestion de droits d’accès de régions mémoires et système sur puce correspondant

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073142A (en) 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
US6460050B1 (en) 1999-12-22 2002-10-01 Mark Raymond Pace Distributed content identification system
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US20030145230A1 (en) * 2002-01-31 2003-07-31 Huimin Chiu System for exchanging data utilizing remote direct memory access
US7530093B2 (en) 2004-04-30 2009-05-05 Microsoft Corporation Securing applications and operating systems
US7631356B2 (en) * 2005-04-08 2009-12-08 Microsoft Corporation System and method for foreign code detection
US7911481B1 (en) * 2006-12-14 2011-03-22 Disney Enterprises, Inc. Method and apparatus of graphical object selection
US8832682B2 (en) * 2008-03-28 2014-09-09 Vmware, Inc. Trace collection for a virtual machine
SG183332A1 (en) * 2010-03-01 2012-09-27 Silver Tail Systems System and method for network security including detection of attacks through partner websites
US8566944B2 (en) 2010-04-27 2013-10-22 Microsoft Corporation Malware investigation by analyzing computer memory
US8925089B2 (en) 2011-03-29 2014-12-30 Mcafee, Inc. System and method for below-operating system modification of malicious code on an electronic device
JP2014514651A (ja) * 2011-03-28 2014-06-19 マカフィー, インコーポレイテッド バーチャルマシーンモニタベースのアンチマルウェアセキュリティのためのシステム及び方法
RU2510074C2 (ru) 2012-02-24 2014-03-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ проверки исполняемого кода перед его выполнением
JP5951879B2 (ja) * 2012-03-30 2016-07-13 インテル コーポレイション オペレーティングシステムに対する悪意ある活動のレポート
KR101265173B1 (ko) * 2012-05-11 2013-05-15 주식회사 안랩 비실행 파일 검사 장치 및 방법
US9275223B2 (en) * 2012-10-19 2016-03-01 Mcafee, Inc. Real-time module protection
CN105408911A (zh) 2013-08-28 2016-03-16 英特尔公司 硬件和软件执行概况分析
CN103714292B (zh) * 2014-01-15 2016-10-05 四川师范大学 一种漏洞利用代码的检测方法
US9984230B2 (en) 2015-06-26 2018-05-29 Mcafee, Llc Profiling event based exploit detection

Also Published As

Publication number Publication date
WO2016209449A1 (en) 2016-12-29
CN107960126B (zh) 2021-05-04
EP3314508A1 (en) 2018-05-02
US9984230B2 (en) 2018-05-29
EP3314508A4 (en) 2018-12-05
CN107960126A (zh) 2018-04-24
JP2018523220A (ja) 2018-08-16
US20160378975A1 (en) 2016-12-29

Similar Documents

Publication Publication Date Title
JP6583865B2 (ja) プロファイリングイベントに基づいたエクスプロイト検出
US11941119B2 (en) Mitigation of ransomware
US11328063B2 (en) Identification of malicious execution of a process
US10176344B2 (en) Data verification using enclave attestation
JP6526842B2 (ja) マルウェアの検出
CN107409120B (zh) 检测恶意外设的装置、方法及系统
US20170091453A1 (en) Enforcement of file characteristics
JP2018520437A (ja) デジタル証明書を使用したマルウェア検出
JP6598221B2 (ja) マルウェアを特定するための変則検知
JP2018524716A5 (enExample)
US10963561B2 (en) System and method to identify a no-operation (NOP) sled attack
US10574672B2 (en) System and method to detect bypass of a sandbox application

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20180219

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20181214

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20190122

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20190205

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20190507

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20190806

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20190827

R150 Certificate of patent or registration of utility model

Ref document number: 6583865

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250