JP6590481B2 - ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム - Google Patents

ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム Download PDF

Info

Publication number
JP6590481B2
JP6590481B2 JP2014550901A JP2014550901A JP6590481B2 JP 6590481 B2 JP6590481 B2 JP 6590481B2 JP 2014550901 A JP2014550901 A JP 2014550901A JP 2014550901 A JP2014550901 A JP 2014550901A JP 6590481 B2 JP6590481 B2 JP 6590481B2
Authority
JP
Japan
Prior art keywords
virus
file
intrusion route
operation history
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2014550901A
Other languages
English (en)
Japanese (ja)
Other versions
JPWO2014087597A1 (ja
Inventor
泰志 萩原
泰志 萩原
四柳 敬志
敬志 四柳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Electronics Inc
Original Assignee
Canon Electronics Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Electronics Inc filed Critical Canon Electronics Inc
Publication of JPWO2014087597A1 publication Critical patent/JPWO2014087597A1/ja
Application granted granted Critical
Publication of JP6590481B2 publication Critical patent/JP6590481B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)
JP2014550901A 2012-12-07 2013-11-21 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム Active JP6590481B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2012268785 2012-12-07
JP2012268785 2012-12-07
PCT/JP2013/006842 WO2014087597A1 (ja) 2012-12-07 2013-11-21 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2018137988A Division JP6549767B2 (ja) 2012-12-07 2018-07-23 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム

Publications (2)

Publication Number Publication Date
JPWO2014087597A1 JPWO2014087597A1 (ja) 2017-01-05
JP6590481B2 true JP6590481B2 (ja) 2019-10-16

Family

ID=50883039

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2014550901A Active JP6590481B2 (ja) 2012-12-07 2013-11-21 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム
JP2018137988A Active JP6549767B2 (ja) 2012-12-07 2018-07-23 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2018137988A Active JP6549767B2 (ja) 2012-12-07 2018-07-23 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム

Country Status (3)

Country Link
US (1) US10326792B2 (enExample)
JP (2) JP6590481B2 (enExample)
WO (1) WO2014087597A1 (enExample)

Families Citing this family (43)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014087597A1 (ja) 2012-12-07 2014-06-12 キヤノン電子株式会社 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム
DE102014201908A1 (de) * 2014-02-03 2015-08-06 Duerr Cyplan Ltd. Verfahren zur Führung eines Fluidstroms, Strömungsapparat und dessen Verwendung
CN106796635B (zh) * 2014-10-14 2019-10-22 日本电信电话株式会社 确定装置、确定方法
WO2016072310A1 (ja) * 2014-11-05 2016-05-12 キヤノン電子株式会社 特定装置、その制御方法、及びプログラム
JP2016181191A (ja) * 2015-03-25 2016-10-13 富士通株式会社 管理プログラム、管理装置及び管理方法
JP6577241B2 (ja) * 2015-05-21 2019-09-18 日本電信電話株式会社 ログ抽出システム、ログ抽出方法およびログ抽出プログラム
JP6404771B2 (ja) * 2015-05-26 2018-10-17 日本電信電話株式会社 ログ判定装置、ログ判定方法、およびログ判定プログラム
US10382484B2 (en) 2015-06-08 2019-08-13 Illusive Networks Ltd. Detecting attackers who target containerized clusters
US9553885B2 (en) * 2015-06-08 2017-01-24 Illusive Networks Ltd. System and method for creation, deployment and management of augmented attacker map
US9967273B2 (en) * 2015-06-15 2018-05-08 Microsoft Technology Licensing, Llc. Abusive traffic detection
US10462160B2 (en) * 2015-12-09 2019-10-29 Check Point Software Technologies Ltd. Method and system for identifying uncorrelated suspicious events during an attack
US10440036B2 (en) * 2015-12-09 2019-10-08 Checkpoint Software Technologies Ltd Method and system for modeling all operations and executions of an attack and malicious process entry
US10291634B2 (en) 2015-12-09 2019-05-14 Checkpoint Software Technologies Ltd. System and method for determining summary events of an attack
US10880316B2 (en) * 2015-12-09 2020-12-29 Check Point Software Technologies Ltd. Method and system for determining initial execution of an attack
CN106934287B (zh) * 2015-12-31 2020-02-11 北京金山安全软件有限公司 一种root病毒清理方法、装置及电子设备
CN106934288B (zh) * 2015-12-31 2021-04-16 北京金山安全软件有限公司 一种root病毒清理方法、装置及电子设备
JP6759610B2 (ja) * 2016-02-04 2020-09-23 富士通株式会社 安全性判定装置、安全性判定プログラムおよび安全性判定方法
US10200374B1 (en) * 2016-02-29 2019-02-05 Symantec Corporation Techniques for detecting malicious files
JP6720607B2 (ja) * 2016-03-18 2020-07-08 日本電気株式会社 履歴解析装置、履歴解析方法、履歴解析システム及びプログラム
WO2017175283A1 (ja) * 2016-04-04 2017-10-12 三菱電機株式会社 プロセス探索装置およびプロセス探索プログラム
US12093383B2 (en) 2016-04-15 2024-09-17 Sophos Limited Tracking malware root causes with an event graph
US9967267B2 (en) * 2016-04-15 2018-05-08 Sophos Limited Forensic analysis of computing activity
US9928366B2 (en) 2016-04-15 2018-03-27 Sophos Limited Endpoint malware detection using an event graph
JP6786959B2 (ja) 2016-08-26 2020-11-18 富士通株式会社 サイバー攻撃分析支援プログラム、サイバー攻撃分析支援方法およびサイバー攻撃分析支援装置
CN109690527B (zh) * 2016-09-16 2023-05-02 甲骨文国际公司 具有虚拟数据库的互联网云托管的自然语言交互式消息传送系统
CN106850564B (zh) * 2016-12-29 2020-07-28 北京安天网络安全技术有限公司 一种定位文件横向移动路径的方法及系统
JP2018109910A (ja) * 2017-01-05 2018-07-12 富士通株式会社 類似度判定プログラム、類似度判定方法および情報処理装置
JP6866645B2 (ja) 2017-01-05 2021-04-28 富士通株式会社 類似度判定プログラム、類似度判定方法および情報処理装置
TWI648650B (zh) * 2017-07-20 2019-01-21 Chunghwa Telecom Co., Ltd. 閘道裝置、其惡意網域與受駭主機的偵測方法及非暫態電腦可讀取媒體
EP3882799B1 (en) 2018-02-23 2024-05-01 CrowdStrike, Inc. Computer security event analysis
US11050764B2 (en) 2018-02-23 2021-06-29 Crowdstrike, Inc. Cardinality-based activity pattern detection
US11194903B2 (en) 2018-02-23 2021-12-07 Crowd Strike, Inc. Cross-machine detection techniques
US20210049274A1 (en) * 2018-03-15 2021-02-18 Nec Corporation Analysis device, analysis method, and recording medium
CN108804122B (zh) * 2018-06-04 2022-04-29 北京知道创宇信息技术股份有限公司 信息安全处理系统、虚拟专用服务器及其控制方法
US10404747B1 (en) 2018-07-24 2019-09-03 Illusive Networks Ltd. Detecting malicious activity by using endemic network hosts as decoys
US10382483B1 (en) 2018-08-02 2019-08-13 Illusive Networks Ltd. User-customized deceptions and their deployment in networks
US10333977B1 (en) * 2018-08-23 2019-06-25 Illusive Networks Ltd. Deceiving an attacker who is harvesting credentials
US10432665B1 (en) 2018-09-03 2019-10-01 Illusive Networks Ltd. Creating, managing and deploying deceptions on mobile devices
US11729208B2 (en) 2018-09-25 2023-08-15 Nec Corporation Impact range estimation apparatus, impact range estimation method, and computer-readable recording medium
CN112100618B (zh) * 2019-06-18 2023-12-29 深信服科技股份有限公司 一种病毒文件检测方法、系统、设备及计算机存储介质
JP7281998B2 (ja) * 2019-08-23 2023-05-26 キヤノン電子株式会社 情報処理装置、情報処理方法、情報処理システム及びプログラム
JP6987332B1 (ja) * 2020-03-19 2021-12-22 三菱電機株式会社 汚染範囲特定装置および汚染範囲特定プログラム
CN112052454B (zh) * 2020-10-12 2022-04-15 腾讯科技(深圳)有限公司 应用的病毒查杀方法、装置、设备及计算机存储介质

Family Cites Families (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06110718A (ja) 1992-09-30 1994-04-22 Toshiba Corp ウィルス防御方式
JPH0944432A (ja) * 1995-05-24 1997-02-14 Fuji Xerox Co Ltd 情報処理方法および情報処理装置
JPH11134190A (ja) * 1997-10-31 1999-05-21 Hitachi Ltd ウイルス検出通知システム、方法、および該方法に係るプログラムを格納した記憶媒体
JP2002287991A (ja) 2001-03-26 2002-10-04 Fujitsu Ltd コンピュータウィルス感染情報提供方法及びコンピュータウィルス感染情報提供システム
JP2004086241A (ja) * 2002-08-22 2004-03-18 Hitachi Information Systems Ltd コンピュータウィルス感染元検知システム
US7111000B2 (en) * 2003-01-06 2006-09-19 Microsoft Corporation Retrieval of structured documents
JP3912676B2 (ja) * 2003-02-27 2007-05-09 ソニー株式会社 記録装置、ファイル管理方法、ファイル管理方法のプログラム、ファイル管理方法のプログラムを記録した記録媒体
JP2005025378A (ja) * 2003-06-30 2005-01-27 Nidek Co Ltd コンピュータウイルス検出方法及び該方法を用いたネットワークシステム
US20090144826A2 (en) * 2005-06-30 2009-06-04 Webroot Software, Inc. Systems and Methods for Identifying Malware Distribution
US7937758B2 (en) * 2006-01-25 2011-05-03 Symantec Corporation File origin determination
US20070250818A1 (en) * 2006-04-20 2007-10-25 Boney Matthew L Backwards researching existing pestware
US8201243B2 (en) * 2006-04-20 2012-06-12 Webroot Inc. Backwards researching activity indicative of pestware
US8181244B2 (en) * 2006-04-20 2012-05-15 Webroot Inc. Backward researching time stamped events to find an origin of pestware
JP2008052570A (ja) 2006-08-25 2008-03-06 Hitachi Software Eng Co Ltd 操作履歴管理システム
US7797335B2 (en) 2007-01-18 2010-09-14 International Business Machines Corporation Creation and persistence of action metadata
KR100922582B1 (ko) * 2007-07-20 2009-10-21 한국전자통신연구원 중심점 분할 기법을 이용한 로그 기반의 역추적 시스템 및방법
JP4705961B2 (ja) * 2008-01-25 2011-06-22 Sky株式会社 ウィルス被害範囲予測システム
US8745703B2 (en) * 2008-06-24 2014-06-03 Microsoft Corporation Identifying exploitation of vulnerabilities using error report
US8695094B2 (en) 2008-06-24 2014-04-08 International Business Machines Corporation Detecting secondary infections in virus scanning
US20110029819A1 (en) * 2009-07-31 2011-02-03 Virendra Kumar Mehta System and method for providing program tracking information
JP4788808B2 (ja) * 2009-08-06 2011-10-05 コニカミノルタビジネステクノロジーズ株式会社 ジョブ処理システム、画像処理装置、ウイルス検出方法およびウイルス検出プログラム
US8190647B1 (en) * 2009-09-15 2012-05-29 Symantec Corporation Decision tree induction that is sensitive to attribute computational complexity
WO2012001763A1 (ja) 2010-06-28 2012-01-05 株式会社日立製作所 計算機システムの管理方法及びクライアントコンピュータ
US8413244B1 (en) * 2010-11-11 2013-04-02 Symantec Corporation Using temporal attributes to detect malware
JP5736881B2 (ja) * 2011-03-22 2015-06-17 日本電気株式会社 ログ収集システム、装置、方法及びプログラム
US9038176B2 (en) * 2011-03-31 2015-05-19 Mcafee, Inc. System and method for below-operating system trapping and securing loading of code into memory
US8627465B2 (en) * 2011-04-18 2014-01-07 International Business Machines Corporation Automatic inference of whitelist-based validation as part of static analysis for security
US20140351936A1 (en) * 2011-12-19 2014-11-27 Beijing Rising Information Technology Co., Ltd. Frequency-variable anti-virus technology
US20130312099A1 (en) * 2012-05-21 2013-11-21 Mcafee, Inc. Realtime Kernel Object Table and Type Protection
US9767280B2 (en) 2012-10-09 2017-09-19 Canon Denshi Kabushiki Kaisha Information processing apparatus, method of controlling the same, information processing system, and information processing method
US9275223B2 (en) * 2012-10-19 2016-03-01 Mcafee, Inc. Real-time module protection
WO2014087597A1 (ja) 2012-12-07 2014-06-12 キヤノン電子株式会社 ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム
US10409980B2 (en) 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state
JP2017503222A (ja) * 2013-01-25 2017-01-26 レムテクス, インコーポレイテッド ネットワークセキュリティシステム、方法、及び装置
JP6352140B2 (ja) * 2013-10-22 2018-07-04 キヤノン電子株式会社 ウェブシステム、サーバ切替装置、サーバ切替方法およびプログラム
US9471912B2 (en) * 2014-02-06 2016-10-18 Verto Analytics Oy Behavioral event measurement system and related method
WO2016072310A1 (ja) 2014-11-05 2016-05-12 キヤノン電子株式会社 特定装置、その制御方法、及びプログラム
KR101676366B1 (ko) * 2016-06-23 2016-11-15 국방과학연구소 사이버 공격 대응을 위한 악성코드 침해 경로 및 행위 추적을 수행하는 침해 공격 추적 시스템 및 방법

Also Published As

Publication number Publication date
JPWO2014087597A1 (ja) 2017-01-05
WO2014087597A1 (ja) 2014-06-12
JP6549767B2 (ja) 2019-07-24
JP2018185860A (ja) 2018-11-22
US20150264062A1 (en) 2015-09-17
US10326792B2 (en) 2019-06-18

Similar Documents

Publication Publication Date Title
JP6590481B2 (ja) ウイルス侵入経路特定装置、ウイルス侵入経路特定方法およびプログラム
US11995186B2 (en) Ransomware attack onset detection
CN105721427B (zh) 一种从Web日志中挖掘攻击频繁序列模式的方法
US8856937B1 (en) Methods and systems for identifying fraudulent websites
JP5417533B2 (ja) 計算機システムの管理方法及びクライアントコンピュータ
JP5525048B2 (ja) 不正操作検知方法、及び、不正操作を検知する計算機
US8627404B2 (en) Detecting addition of a file to a computer system and initiating remote analysis of the file for malware
KR100968126B1 (ko) 웹쉘 탐지 시스템 및 웹쉘 탐지 방법
US20150286663A1 (en) Remote processing of memory and files residing on endpoint computing devices from a centralized device
US20210165785A1 (en) Remote processing of memory and files residing on endpoint computing devices from a centralized device
JP2020013532A (ja) コンピュータシステムにおける不正行為を検出するためのシステム及び方法
JP5274227B2 (ja) ウェブページ検査装置、コンピュータシステム、ウェブページ検査方法、及びプログラム
US20220083646A1 (en) Context Based Authorized External Device Copy Detection
JP7001180B2 (ja) フィッシングサイト検知装置、フィッシングサイト検知方法、および、フィッシングサイト検知プログラム
CN110851840A (zh) 基于网站漏洞的web后门检测方法及装置
Quick et al. Quick analysis of digital forensic data
JP7003571B2 (ja) 情報処理装置及びプログラム
Martini et al. Detecting and manipulating compressed alternate data streams in a forensics investigation
JP2016218984A (ja) ログ判定装置、ログ判定方法、およびログ判定プログラム
US20250190594A1 (en) System and Method for Light Data File Upload Prevention
KR100874989B1 (ko) 단말에 대한 감사 장치, 방법 및 프로그램이 기록된기록매체
Turedi et al. Automatic forensic log file analysis for Mac OS X systems
JP2017037575A (ja) 情報処理装置、情報処理方法、情報処理システムおよびプログラム
JP2015001864A (ja) 情報処理装置、プログラム、および方法

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20150522

A524 Written submission of copy of amendment under article 19 pct

Free format text: JAPANESE INTERMEDIATE CODE: A527

Effective date: 20150522

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20161118

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20170915

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20171106

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20180423

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20180723

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20180730

A912 Re-examination (zenchi) completed and case transferred to appeal board

Free format text: JAPANESE INTERMEDIATE CODE: A912

Effective date: 20180831

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20190523

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20190917

R150 Certificate of patent or registration of utility model

Ref document number: 6590481

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250