JP6598221B2 - マルウェアを特定するための変則検知 - Google Patents

マルウェアを特定するための変則検知 Download PDF

Info

Publication number
JP6598221B2
JP6598221B2 JP2017566782A JP2017566782A JP6598221B2 JP 6598221 B2 JP6598221 B2 JP 6598221B2 JP 2017566782 A JP2017566782 A JP 2017566782A JP 2017566782 A JP2017566782 A JP 2017566782A JP 6598221 B2 JP6598221 B2 JP 6598221B2
Authority
JP
Japan
Prior art keywords
metadata
generality
exception
activity
highly
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2017566782A
Other languages
English (en)
Japanese (ja)
Other versions
JP2018524716A5 (enExample
JP2018524716A (ja
Inventor
ビーン、ジェイムス
アール. スパーロック、ジョエル
Original Assignee
マカフィー,エルエルシー
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by マカフィー,エルエルシー filed Critical マカフィー,エルエルシー
Publication of JP2018524716A publication Critical patent/JP2018524716A/ja
Publication of JP2018524716A5 publication Critical patent/JP2018524716A5/ja
Application granted granted Critical
Publication of JP6598221B2 publication Critical patent/JP6598221B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
JP2017566782A 2015-06-27 2016-05-25 マルウェアを特定するための変則検知 Active JP6598221B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/752,893 2015-06-27
US14/752,893 US10129291B2 (en) 2015-06-27 2015-06-27 Anomaly detection to identify malware
PCT/US2016/033978 WO2017003588A1 (en) 2015-06-27 2016-05-25 Anomaly detection to identify malware

Publications (3)

Publication Number Publication Date
JP2018524716A JP2018524716A (ja) 2018-08-30
JP2018524716A5 JP2018524716A5 (enExample) 2019-05-16
JP6598221B2 true JP6598221B2 (ja) 2019-10-30

Family

ID=57602972

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2017566782A Active JP6598221B2 (ja) 2015-06-27 2016-05-25 マルウェアを特定するための変則検知

Country Status (5)

Country Link
US (1) US10129291B2 (enExample)
EP (1) EP3314511B1 (enExample)
JP (1) JP6598221B2 (enExample)
CN (1) CN107889551B (enExample)
WO (1) WO2017003588A1 (enExample)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10009374B1 (en) * 2015-08-04 2018-06-26 Symantec Corporation Detecting URL scheme hijacking
US10089467B1 (en) 2017-05-23 2018-10-02 Malwarebytes Inc. Static anomaly-based detection of malware files
US10708281B1 (en) * 2018-04-16 2020-07-07 Akamai Technologies, Inc. Content delivery network (CDN) bot detection using primitive and compound feature sets
US10992703B2 (en) 2019-03-04 2021-04-27 Malwarebytes Inc. Facet whitelisting in anomaly detection
CN112583846A (zh) * 2020-12-25 2021-03-30 南京联成科技发展股份有限公司 一种面向中小企业网络安全事件复杂分析系统

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6073142A (en) 1997-06-23 2000-06-06 Park City Group Automated post office based rule analysis of e-mail messages and other data objects for controlled distribution in network environments
US5987610A (en) 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
US6460050B1 (en) 1999-12-22 2002-10-01 Mark Raymond Pace Distributed content identification system
US6901519B1 (en) 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US20070050777A1 (en) * 2003-06-09 2007-03-01 Hutchinson Thomas W Duration of alerts and scanning of large data stores
US8505092B2 (en) * 2007-01-05 2013-08-06 Trend Micro Incorporated Dynamic provisioning of protection software in a host intrusion prevention system
US8171554B2 (en) 2008-02-04 2012-05-01 Yuval Elovici System that provides early detection, alert, and response to electronic threats
US8732825B2 (en) * 2008-05-28 2014-05-20 Symantec Corporation Intelligent hashes for centralized malware detection
US9781148B2 (en) * 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US8561180B1 (en) * 2008-10-29 2013-10-15 Symantec Corporation Systems and methods for aiding in the elimination of false-positive malware detections within enterprises
US8997219B2 (en) * 2008-11-03 2015-03-31 Fireeye, Inc. Systems and methods for detecting malicious PDF network content
US8225406B1 (en) * 2009-03-31 2012-07-17 Symantec Corporation Systems and methods for using reputation data to detect shared-object-based security threats
US7640589B1 (en) 2009-06-19 2009-12-29 Kaspersky Lab, Zao Detection and minimization of false positives in anti-malware processing
US8302194B2 (en) * 2009-10-26 2012-10-30 Symantec Corporation Using file prevalence to inform aggressiveness of behavioral heuristics
US8516576B2 (en) * 2010-01-13 2013-08-20 Microsoft Corporation Network intrusion detection with distributed correlation
US8683216B2 (en) 2010-07-13 2014-03-25 F-Secure Corporation Identifying polymorphic malware
RU2449348C1 (ru) * 2010-11-01 2012-04-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для антивирусной проверки на стороне сервера скачиваемых из сети данных
US8528088B2 (en) 2011-05-26 2013-09-03 At&T Intellectual Property I, L.P. Modeling and outlier detection in threat management system data
US8984581B2 (en) 2011-07-27 2015-03-17 Seven Networks, Inc. Monitoring mobile application activities for malicious traffic on a mobile device
US8806641B1 (en) * 2011-11-15 2014-08-12 Symantec Corporation Systems and methods for detecting malware variants
US8931092B2 (en) 2012-08-23 2015-01-06 Raytheon Bbn Technologies Corp. System and method for computer inspection of information objects for shared malware components
CN102932424B (zh) * 2012-09-29 2015-04-08 浪潮(北京)电子信息产业有限公司 一种分布式并行文件系统缓存数据同步的方法及系统

Also Published As

Publication number Publication date
US20160381041A1 (en) 2016-12-29
CN107889551A8 (zh) 2020-08-28
EP3314511A1 (en) 2018-05-02
JP2018524716A (ja) 2018-08-30
CN107889551B (zh) 2021-07-06
WO2017003588A1 (en) 2017-01-05
EP3314511B1 (en) 2020-05-06
US10129291B2 (en) 2018-11-13
EP3314511A4 (en) 2019-02-13
CN107889551A (zh) 2018-04-06

Similar Documents

Publication Publication Date Title
US11379583B2 (en) Malware detection using a digital certificate
US20210029150A1 (en) Determining a reputation for a process
CN107409120B (zh) 检测恶意外设的装置、方法及系统
US9715597B2 (en) Data verification using enclave attestation
JP6583865B2 (ja) プロファイリングイベントに基づいたエクスプロイト検出
JP6583838B2 (ja) アプリケーションのシミュレーション
US20200065493A1 (en) Identification of malicious execution of a process
US20170091453A1 (en) Enforcement of file characteristics
JP2018519604A (ja) マルウェアの検出
US20180007070A1 (en) String similarity score
JP6598221B2 (ja) マルウェアを特定するための変則検知
JP6668390B2 (ja) マルウェアの軽減
US20150379268A1 (en) System and method for the tracing and detection of malware
JP2018524716A5 (enExample)
US10659479B2 (en) Determination of sensor usage

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20180131

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20181130

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20181220

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20190108

A524 Written submission of copy of amendment under article 19 pct

Free format text: JAPANESE INTERMEDIATE CODE: A524

Effective date: 20190405

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20190903

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20190925

R150 Certificate of patent or registration of utility model

Ref document number: 6598221

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250