JP7084778B2 - 標的型攻撃をクラウド型検出、探索および除去するシステムおよび方法 - Google Patents

標的型攻撃をクラウド型検出、探索および除去するシステムおよび方法 Download PDF

Info

Publication number
JP7084778B2
JP7084778B2 JP2018095395A JP2018095395A JP7084778B2 JP 7084778 B2 JP7084778 B2 JP 7084778B2 JP 2018095395 A JP2018095395 A JP 2018095395A JP 2018095395 A JP2018095395 A JP 2018095395A JP 7084778 B2 JP7084778 B2 JP 7084778B2
Authority
JP
Japan
Prior art keywords
computer
database
tag
suspicious
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2018095395A
Other languages
English (en)
Japanese (ja)
Other versions
JP2019082989A5 (https=
JP2019082989A (ja
Inventor
ヴィー. ゴルジェーチク セルゲイ
ヴィー. サプロノフ コンスタンティン
ジー. パルシン ユーリー
エス. ヘイルハバロフ チェムール
ヴィー. ソルダトフ セルゲイ
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kaspersky Lab AO
Original Assignee
Kaspersky Lab AO
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from RU2017133842A external-priority patent/RU2661533C1/ru
Application filed by Kaspersky Lab AO filed Critical Kaspersky Lab AO
Publication of JP2019082989A publication Critical patent/JP2019082989A/ja
Publication of JP2019082989A5 publication Critical patent/JP2019082989A5/ja
Application granted granted Critical
Publication of JP7084778B2 publication Critical patent/JP7084778B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/121Timestamp

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
JP2018095395A 2017-09-29 2018-05-17 標的型攻撃をクラウド型検出、探索および除去するシステムおよび方法 Active JP7084778B2 (ja)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
RU2017133842 2017-09-29
RU2017133842A RU2661533C1 (ru) 2017-09-29 2017-09-29 Система и способ обнаружения признаков компьютерной атаки
US201762573830P 2017-10-18 2017-10-18
US62/573,830 2017-10-18
US15/923,581 US10873590B2 (en) 2017-09-29 2018-03-16 System and method of cloud detection, investigation and elimination of targeted attacks
US15/923,581 2018-03-16

Publications (3)

Publication Number Publication Date
JP2019082989A JP2019082989A (ja) 2019-05-30
JP2019082989A5 JP2019082989A5 (https=) 2020-11-19
JP7084778B2 true JP7084778B2 (ja) 2022-06-15

Family

ID=62148273

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2018095395A Active JP7084778B2 (ja) 2017-09-29 2018-05-17 標的型攻撃をクラウド型検出、探索および除去するシステムおよび方法

Country Status (4)

Country Link
US (2) US10873590B2 (https=)
EP (1) EP3462698B1 (https=)
JP (1) JP7084778B2 (https=)
CN (1) CN109583193B (https=)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10902114B1 (en) * 2015-09-09 2021-01-26 ThreatQuotient, Inc. Automated cybersecurity threat detection with aggregation and analysis
US11277423B2 (en) * 2017-12-29 2022-03-15 Crowdstrike, Inc. Anomaly-based malicious-behavior detection
US11381984B2 (en) * 2018-03-27 2022-07-05 Forescout Technologies, Inc. Device classification based on rank
US11528287B2 (en) 2018-06-06 2022-12-13 Reliaquest Holdings, Llc Threat mitigation system and method
US11709946B2 (en) 2018-06-06 2023-07-25 Reliaquest Holdings, Llc Threat mitigation system and method
US11444957B2 (en) * 2018-07-31 2022-09-13 Fortinet, Inc. Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
USD926809S1 (en) 2019-06-05 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926810S1 (en) 2019-06-05 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926200S1 (en) 2019-06-06 2021-07-27 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926782S1 (en) 2019-06-06 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
USD926811S1 (en) 2019-06-06 2021-08-03 Reliaquest Holdings, Llc Display screen or portion thereof with a graphical user interface
US11533323B2 (en) * 2019-10-10 2022-12-20 Target Brands, Inc. Computer security system for ingesting and analyzing network traffic
CN111079144B (zh) * 2019-11-25 2022-07-01 杭州迪普科技股份有限公司 一种病毒传播行为检测方法及装置
US11438373B2 (en) * 2020-01-09 2022-09-06 Cymulate Ltd. Monitoring for security threats from lateral movements
WO2021144978A1 (ja) * 2020-01-17 2021-07-22 三菱電機株式会社 攻撃推定装置、攻撃推定方法及び攻撃推定プログラム
CN112287339B (zh) * 2020-03-06 2024-06-04 杭州奇盾信息技术有限公司 Apt入侵检测方法、装置以及计算机设备
CN111475818B (zh) * 2020-04-17 2023-08-11 北京墨云科技有限公司 一种基于ai的自动化渗透测试系统的渗透攻击方法
US11847214B2 (en) * 2020-04-21 2023-12-19 Bitdefender IPR Management Ltd. Machine learning systems and methods for reducing the false positive malware detection rate
US20220075871A1 (en) * 2020-09-09 2022-03-10 Microsoft Technology Licensing, Llc Detecting hacker tools by learning network signatures
CN112269316B (zh) * 2020-10-28 2022-06-07 中国科学院信息工程研究所 一种基于图神经网络的高鲁棒性威胁狩猎系统与方法
US20240137382A1 (en) 2021-07-16 2024-04-25 Wiz, Inc. Techniques for cybersecurity identity risk detection utilizing disk cloning and unified identity mapping
US12278840B1 (en) 2021-07-16 2025-04-15 Wiz, Inc. Efficient representation of multiple cloud computing environments through unified identity mapping
US12278819B1 (en) 2021-07-16 2025-04-15 Wiz, Inc. Cybersecurity threat detection utilizing unified identity mapping and permission detection
US12505200B2 (en) 2022-05-23 2025-12-23 Wiz, Inc. Techniques for improved virtual instance inspection utilizing disk cloning
US12579251B2 (en) 2021-11-24 2026-03-17 Wiz, Inc. System and method for detecting excessive permissions in identity and access management
US12019730B2 (en) * 2021-09-28 2024-06-25 Red Hat, Inc. Systems and methods for identifying computing devices
US12489781B2 (en) 2021-11-24 2025-12-02 Wiz, Inc. Techniques for lateral movement detection in a cloud computing environment
US12524550B2 (en) 2021-11-24 2026-01-13 Wiz, Inc. System and method for recursive inspection of workloads from configuration code to production environments
US12063228B2 (en) * 2021-12-22 2024-08-13 Cisco Technology, Inc. Mitigating security threats in daisy chained serverless FaaS functions
US12219048B1 (en) 2021-12-27 2025-02-04 Wiz, Inc. Techniques for encrypted disk cybersecurity inspection utilizing disk cloning
US11936785B1 (en) 2021-12-27 2024-03-19 Wiz, Inc. System and method for encrypted disk inspection utilizing disk cloning techniques
US12081656B1 (en) 2021-12-27 2024-09-03 Wiz, Inc. Techniques for circumventing provider-imposed limitations in snapshot inspection of disks for cybersecurity
US11841945B1 (en) 2022-01-31 2023-12-12 Wiz, Inc. System and method for cybersecurity threat detection utilizing static and runtime data
US12531881B2 (en) 2022-01-31 2026-01-20 Wiz, Inc. Detection of cybersecurity threats utilizing established baselines
WO2023144805A1 (en) * 2022-01-31 2023-08-03 Wiz, Inc. Techniques for cloud detection and response from cloud logs utilizing a security graph
US12267326B2 (en) 2022-04-13 2025-04-01 Wiz, Inc. Techniques for detecting resources without authentication using exposure analysis
US12395488B2 (en) 2022-04-13 2025-08-19 Wiz, Inc. Techniques for analyzing external exposure in cloud environments
US12443720B2 (en) 2022-08-10 2025-10-14 Wiz, Inc. Techniques for detecting applications paths utilizing exposure analysis
US12244627B2 (en) 2022-04-13 2025-03-04 Wiz, Inc. Techniques for active inspection of vulnerability exploitation using exposure
US11936693B2 (en) 2022-04-13 2024-03-19 Wiz, Inc. System and method for applying a policy on a network path
CN114844691B (zh) * 2022-04-20 2023-07-14 安天科技集团股份有限公司 一种数据处理方法、装置、电子设备及存储介质
US12212586B2 (en) 2022-05-23 2025-01-28 Wiz, Inc. Techniques for cybersecurity inspection based on runtime data and static analysis from cloned resources
US12079328B1 (en) 2022-05-23 2024-09-03 Wiz, Inc. Techniques for inspecting running virtualizations for cybersecurity risks
US12506755B2 (en) 2022-05-23 2025-12-23 Wiz, Inc. Technology discovery techniques in cloud computing environments utilizing disk cloning
US12287899B2 (en) 2022-05-23 2025-04-29 Wiz, Inc. Techniques for detecting sensitive data in cloud computing environments utilizing cloning
US12217079B2 (en) 2022-05-23 2025-02-04 Wiz, Inc. Detecting security exceptions across multiple compute environments
US12061719B2 (en) 2022-09-28 2024-08-13 Wiz, Inc. System and method for agentless detection of sensitive data in computing environments
US12061925B1 (en) 2022-05-26 2024-08-13 Wiz, Inc. Techniques for inspecting managed workloads deployed in a cloud computing environment
EP4544433A1 (en) 2022-06-24 2025-04-30 Binalyze Yazlim A.S. Systems and methods for detection of advanced persistent threats in an information network
US20250384127A1 (en) * 2022-07-15 2025-12-18 Bluevoyant Llc Devices, systems, and methods for utilizing a networked, computer-assisted, threat hunting platform to enhance network security
CN117792745B (zh) * 2023-12-28 2025-02-11 北京江民新科技术有限公司 基于att&ck模型的apt攻击检测方法及系统
CN118890214B (zh) * 2024-09-27 2024-12-06 奇安星城网络安全技术(湖南)有限公司 一种针对apt攻击的检测和防御方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016061038A1 (en) 2014-10-14 2016-04-21 Symantec Corporation Systems and methods for classifying security events as targeted attacks
JP2017021777A (ja) 2015-06-30 2017-01-26 エーオー カスペルスキー ラボAO Kaspersky Lab 仮想スタックマシンで実行可能な有害なファイルを検出するためのシステムおよび方法

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9703950B2 (en) 2012-03-30 2017-07-11 Irdeto B.V. Method and system for preventing and detecting security threats
US9088606B2 (en) * 2012-07-05 2015-07-21 Tenable Network Security, Inc. System and method for strategic anti-malware monitoring
RU141239U1 (ru) 2013-06-04 2014-05-27 Федеральное государственное казенное военное образовательное учреждение высшего профессионального образования "ВОЕННАЯ АКАДЕМИЯ СВЯЗИ имени Маршала Советского Союза С.М. Буденного" Министерства обороны Российской Федерации Устройство для обнаружения компьютерных атак на информационно-телекоммуникационные сети военного назначения
RU2538292C1 (ru) 2013-07-24 2015-01-10 Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" Способ обнаружения компьютерных атак на сетевую компьютерную систему
US10089461B1 (en) * 2013-09-30 2018-10-02 Fireeye, Inc. Page replacement code injection
WO2015066604A1 (en) 2013-11-04 2015-05-07 Crypteia Networks S.A. Systems and methods for identifying infected network infrastructure
RU2587426C2 (ru) 2013-12-27 2016-06-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обнаружения направленных атак на корпоративную инфраструктуру
US20150326592A1 (en) * 2014-05-07 2015-11-12 Attivo Networks Inc. Emulating shellcode attacks
US9507946B2 (en) 2015-04-07 2016-11-29 Bank Of America Corporation Program vulnerability identification
CN106888196A (zh) * 2015-12-16 2017-06-23 国家电网公司 一种未知威胁检测的协同防御系统
US9530016B1 (en) 2016-01-29 2016-12-27 International Business Machines Corporation Using source taint analysis to reduce false positives in an advanced persistent threat (APT) protection solution
CN107046543A (zh) * 2017-04-26 2017-08-15 国家电网公司 一种面向攻击溯源的威胁情报分析系统

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016061038A1 (en) 2014-10-14 2016-04-21 Symantec Corporation Systems and methods for classifying security events as targeted attacks
JP2017021777A (ja) 2015-06-30 2017-01-26 エーオー カスペルスキー ラボAO Kaspersky Lab 仮想スタックマシンで実行可能な有害なファイルを検出するためのシステムおよび方法

Also Published As

Publication number Publication date
CN109583193B (zh) 2023-07-04
US11489855B2 (en) 2022-11-01
JP2019082989A (ja) 2019-05-30
US20190104140A1 (en) 2019-04-04
EP3462698B1 (en) 2021-06-23
US20210067529A1 (en) 2021-03-04
EP3462698A1 (en) 2019-04-03
US10873590B2 (en) 2020-12-22
CN109583193A (zh) 2019-04-05

Similar Documents

Publication Publication Date Title
JP7084778B2 (ja) 標的型攻撃をクラウド型検出、探索および除去するシステムおよび方法
US11829473B2 (en) System and method for detecting malicious files by a user computer
US10348771B2 (en) Learned behavior based security
RU2762528C1 (ru) Способ обработки событий информационной безопасности перед передачей на анализ
US10009370B1 (en) Detection and remediation of potentially malicious files
JP6134395B2 (ja) アプリケーション制御のためのリスクベースの規則のシステム及び方法
CN110119619B (zh) 创建防病毒记录的系统和方法
US20120102568A1 (en) System and method for malware alerting based on analysis of historical network and process activity
US8955138B1 (en) Systems and methods for reevaluating apparently benign behavior on computing devices
CN113824678B (zh) 处理信息安全事件的系统、方法和非暂时性计算机可读介质
RU2750628C2 (ru) Система и способ определения уровня доверия файла
RU2661533C1 (ru) Система и способ обнаружения признаков компьютерной атаки
CN112149126B (zh) 确定文件的信任级别的系统和方法
RU2763115C1 (ru) Способ корректировки параметров модели машинного обучения для определения ложных срабатываний и инцидентов информационной безопасности
RU2673407C1 (ru) Система и способ определения вредоносного файла
Aljaidi et al. An assessment of obfuscated bad rabbit ransomware detection and prevention methods
Deep et al. Security In Smartphone: A Comparison of Viruses and Security Breaches in Phones and Computers
Major A Taxonomic Evaluation of Rootkit Deployment, Behavior and Detection
Kavithamani et al. An analysis of remotely triggered malware exploits in content management system-based web applications
CN117972676A (zh) 应用检测方法、装置、电子设备及存储介质
Decloedt et al. Rootkits, trojans, backdoors and new developments

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20201005

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20201005

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20210831

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210907

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20211207

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20220510

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20220603

R150 Certificate of patent or registration of utility model

Ref document number: 7084778

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250