JP7278423B2 - 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法 - Google Patents
実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法 Download PDFInfo
- Publication number
- JP7278423B2 JP7278423B2 JP2021569072A JP2021569072A JP7278423B2 JP 7278423 B2 JP7278423 B2 JP 7278423B2 JP 2021569072 A JP2021569072 A JP 2021569072A JP 2021569072 A JP2021569072 A JP 2021569072A JP 7278423 B2 JP7278423 B2 JP 7278423B2
- Authority
- JP
- Japan
- Prior art keywords
- call
- code
- executable
- address
- calls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
- Train Traffic Observation, Control, And Security (AREA)
- Radar Systems Or Details Thereof (AREA)
- Measurement Of Velocity Or Position Using Acoustic Or Ultrasonic Waves (AREA)
Description
本出願は、コンピュータ、サイバーセキュリティのシステム及び方法に関し、特に、実行可能コードを検出し、有用な機械学習特徴を抽出し、位置独立コードを識別するためのシステム及び方法に関する。
説明
実行可能コード検出
導入
ポータブル実行可能(PE)ファイル
実行可能コード検出メカニズム
バイトストリームの前処理
予測モデル
モデルの訓練とテスト
自動特徴抽出(AFE)
導入
ニューラルネットワークアーキテクチャ
チャネルフィルタリング
マルウェア検出の向上
ランタイムテスト
位置独立コード検出
導入
実装
静的フロー
動的フロー
不審なフロー
ローカルフロー
コンピュータシステム
コンピュータシステムのコンポーネント
コンピュータシステムデバイス/オペレーティングシステム
ネットワーク
その他のシステム
URLとCookie
別の実施形態
Claims (22)
- ライブラリ位置独立コード検出用のシステムであって、
複数のコンピュータで実行可能な指示を記憶するように構成された一以上のコンピュータで読取り可能な記憶装置と、
一以上の他のコンピュータで読取り可能な記憶装置と通信可能に接続された一以上のハードウェアコンピュータプロセッサとを備えており、前記一以上のハードウェアコンピュータプロセッサは、複数のコンピュータで実行可能な指示を実行することによって、前記システムに、
監視対象シンボルのインポートアドレステーブル(IAT)エントリを実装する処理を行わせ、前記IATエントリを実装する処理は、
監視対象シンボルのIATエントリ内の監視対象シンボルアドレスを改変アドレスで置換する処理と、
前記改変アドレスの呼び出しに対してトランポリンコードを実行し、監視対象シンボルの呼び出しを検出及び検証する処理と、
前記改変アドレスの呼び出しを監視対象シンボルアドレスにリダイレクトする処理とを含み、
一以上のローダAPI関数を実装する処理を行わせ、前記ローダAPI関数を実装する処理は、
前記一以上のローダAPI関数を改変し、前記トランポリンコードへ導く値を戻す処理と、
前記監視対象シンボルの実行を迂回コードに迂回させて、前記監視対象シンボルの呼び出しを検出及び検証し、
前記監視対象シンボルの呼び出しを前記監視対象シンボルアドレスにリダイレクトする処理とを含み、
前記監視対象シンボルの前記トランポリンコード及び前記迂回コードを監視させて、実行ファイル内の呼び出しが、静的呼び出し、動的呼び出し、又はローカル呼び出しを含んでいるかを判定する処理を行わせ、前記実行ファイルからの呼び出しにローカル呼び出しが含まれているか否かを判定する処理には、前記迂回コードを監視して、リターンアドレスが、前記実行ファイルの前記監視対象シンボルと同じアドレスになっているかを判定する処理が含まれ、
前記システムが、前記実行ファイル内の少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、マルウェア検出システムのために、当該実行ファイルに不審な、又は、悪意ありのフラグを立てる処理を行わせることを特徴とするシステム。 - 請求項1に記載のシステムであって、前記システムが、前記実行可能コード内の少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、当該少なくとも1つの呼び出しを独立した呼び出しとして分類することを特徴とするシステム。
- 請求項1に記載のシステムであって、前記システムが、前記呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれると判断した場合、当該呼び出しを良性呼び出しとして分類することを特徴とするシステム。
- 請求項1に記載のシステムであって、前記システムが、前記呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれると判断した場合、前記実行ファイルを良性として分類することを特徴とするシステム。
- 請求項1に記載のシステムであって、
前記トランポリンコード及び前記迂回コードを含むフッキングエンジンと、
呼び出しに関するデータを記憶するように構成された、一以上の呼び出しデータベースとを含むことを特徴とするシステム。 - 請求項1に記載のシステムであって、前記動的呼び出しは、前記実行ファイルの実行中に、前記監視対象シンボルアドレスの取得を試みることが含まれることを特徴とするシステム。
- 請求項1に記載のシステムであって、前記静的呼び出しには、前記実行ファイルの初期化中に、前記監視対象シンボルアドレスの取得を試みることが含まれることを特徴とするシステム。
- 請求項1に記載のシステムであって、前記一以上のローダAPI関数は、GetModuleHandle又はGetProcAddressのいずれか一方又は両方を含むことを特徴とするシステム。
- 請求項1に記載のシステムであって、前記少なくとも1つの呼び出しは、前記実行ファイルが、前記監視対象シンボルを含むモジュールから取得されたメタデータを用いることによって初期化されることを特徴とするシステム。
- 請求項1に記載のシステムであって、前記少なくとも1つの呼び出しは、前記実行ファイルがローダの内部記録から取得されたデータを用いることによって初期化されることを特徴とするシステム。
- 請求項1に記載のシステムであって、前記少なくとも1つの呼び出しは、前記実行ファイルが、前記トランポリンコードをトリガーすることなく監視対象シンボルを呼び出すことによって初期化されることを特徴とするシステム。
- ライブラリ位置独立コード検出を行うためのコンピュータにより実施される方法であって、前記方法は、
コンピュータシステムによって、監視対象シンボルのインポートアドレステーブル(IAT)エントリを実装する処理であって、前記IATエントリを実装する処理には、
監視対象シンボルのIATエントリ内の監視対象シンボルアドレスを改変アドレスで置換する処理と、
前記改変アドレスの呼び出しに対してトランポリンコードを実行し、監視対象シンボルの静的呼び出しを検出及び検証する処理と、
前記改変アドレスの呼び出しを監視対象シンボルアドレスにリダイレクトする処理とが含まれる、処理と、
前記コンピュータシステムによって、一以上のローダAPI関数を実装する処理であって、前記ローダAPI関数を実装する処理には、
前記一以上のローダAPI関数を改変し、前記トランポリンコードへ導く値を戻す処理と、
前記監視対象シンボルの実行を迂回コードに迂回させて、前記監視対象シンボルの呼び出しを検出及び検証する処理と、
前記監視対象シンボルの呼び出しを前記監視対象シンボルアドレスにリダイレクトする処理とが含まれる、処理と、
前記コンピュータシステムによって、前記監視対象シンボルの前記トランポリンコード及び前記迂回コードを監視する処理であって、実行ファイル内の呼び出しが、静的呼び出し、動的呼び出し、又はローカル呼び出しを含んでいるかを判定する処理と、前記実行ファイルからの呼び出しにローカル呼び出しが含まれているか否かを判定する処理には、前記迂回コードを監視して、リターンアドレスが、前記実行ファイルの前記監視対象シンボルと同じアドレスになっているかを判定する処理が含まれ、
前記コンピュータシステムが、前記実行ファイル内の少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、前記コンピュータシステムがマルウェア検出システムのために、当該実行ファイルに不審な、又は、悪意ありのフラグを立てる処理と、を備え、
前記コンピュータシステムはコンピュータプロセッサと電子記憶媒体を備えていることを特徴とする方法。 - 請求項12に記載の方法であって、前記方法は、前記コンピュータシステムが、少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、当該少なくとも1つの呼び出しを独立した呼び出しとして分類する処理を含むことを特徴とする方法。
- 請求項12に記載の方法であって、前記方法は、前記コンピュータシステムが前記呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれると判断した場合、当該呼び出しを良性呼び出しとして分類する処理を含むことを特徴とする方法。
- 請求項12に記載の方法であって、前記方法は、前記コンピュータシステムが前記呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれると判断した場合、前記実行ファイルを良性として分類する処理を含むことを特徴とする方法。
- 請求項12に記載の方法であって、前記トランポリンコード及び前記迂回コードは、フッキングエンジンの一以上の部分を含んでおり、前記フッキングエンジンは、前記呼び出しに関連するデータを記憶するように構成された呼び出しデータベースに接続されていることを特徴とする方法。
- 請求項12に記載の方法であって、前記動的呼び出しには、前記実行ファイルの実行中に、前記監視対象シンボルアドレスの取得を試みることが含まれることを特徴とする方法。
- 請求項12に記載の方法であって、前記静的呼び出しには、前記実行ファイルの初期化中に、前記監視対象シンボルアドレスの取得を試みることが含まれることを特徴とする方法。
- 請求項12に記載の方法であって、前記一以上のローダAPI関数は、GetModuleHandle又はGetProcAddressのいずれか一方又は両方を含むことを特徴とする方法。
- 請求項12に記載の方法であって、前記少なくとも1つの呼び出しは、前記実行ファイルが、前記監視対象シンボルを含むモジュールから取得されたメタデータを用いることによって初期化されることを特徴とする方法。
- 請求項12に記載の方法であって、前記少なくとも1つの呼び出しは、前記実行ファイルがローダの内部記録から取得されたデータを用いることによって初期化されることを特徴とする方法。
- 請求項12に記載の方法であって、前記少なくとも1つの呼び出しは、前記実行ファイルが、前記トランポリンコードをトリガーすることなく監視対象シンボルを呼び出すことによって初期化されることを特徴とする方法。
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962850182P | 2019-05-20 | 2019-05-20 | |
US201962850170P | 2019-05-20 | 2019-05-20 | |
US62/850,170 | 2019-05-20 | ||
US62/850,182 | 2019-05-20 | ||
US201962854118P | 2019-05-29 | 2019-05-29 | |
US62/854,118 | 2019-05-29 | ||
PCT/US2020/033872 WO2020236981A1 (en) | 2019-05-20 | 2020-05-20 | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2022533715A JP2022533715A (ja) | 2022-07-25 |
JPWO2020236981A5 JPWO2020236981A5 (ja) | 2023-04-03 |
JP7278423B2 true JP7278423B2 (ja) | 2023-05-19 |
Family
ID=72241774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2021569072A Active JP7278423B2 (ja) | 2019-05-20 | 2020-05-20 | 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法 |
Country Status (5)
Country | Link |
---|---|
US (5) | US10762200B1 (ja) |
EP (1) | EP3973427A4 (ja) |
JP (1) | JP7278423B2 (ja) |
IL (1) | IL288122B2 (ja) |
WO (1) | WO2020236981A1 (ja) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US10462171B2 (en) | 2017-08-08 | 2019-10-29 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
GB201810294D0 (en) | 2018-06-22 | 2018-08-08 | Senseon Tech Ltd | Cybe defence system |
US11438357B2 (en) | 2018-06-22 | 2022-09-06 | Senseon Tech Ltd | Endpoint network sensor and related cybersecurity infrastructure |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION |
US11616794B2 (en) * | 2019-05-29 | 2023-03-28 | Bank Of America Corporation | Data management system |
JP7298692B2 (ja) * | 2019-08-08 | 2023-06-27 | 日本電気株式会社 | 機能推定装置、機能推定方法及びプログラム |
GB201915265D0 (en) | 2019-10-22 | 2019-12-04 | Senseon Tech Ltd | Anomaly detection |
US11550911B2 (en) | 2020-01-31 | 2023-01-10 | Palo Alto Networks, Inc. | Multi-representational learning models for static analysis of source code |
US11615184B2 (en) * | 2020-01-31 | 2023-03-28 | Palo Alto Networks, Inc. | Building multi-representational learning models for static analysis of source code |
US20210303662A1 (en) * | 2020-03-31 | 2021-09-30 | Irdeto B.V. | Systems, methods, and storage media for creating secured transformed code from input code using a neural network to obscure a transformation function |
US11568317B2 (en) | 2020-05-21 | 2023-01-31 | Paypal, Inc. | Enhanced gradient boosting tree for risk and fraud modeling |
US11803641B2 (en) * | 2020-09-11 | 2023-10-31 | Zscaler, Inc. | Utilizing Machine Learning to detect malicious executable files efficiently and effectively |
US11599342B2 (en) * | 2020-09-28 | 2023-03-07 | Red Hat, Inc. | Pathname independent probing of binaries |
CN112487430A (zh) * | 2020-12-01 | 2021-03-12 | 杭州电子科技大学 | 一种Android恶意软件检测方法 |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
CN112528293B (zh) * | 2020-12-18 | 2024-04-30 | 中国平安财产保险股份有限公司 | 安全漏洞预警方法、装置、设备及计算机可读存储介质 |
CN112861131B (zh) * | 2021-02-08 | 2022-04-08 | 山东大学 | 基于卷积自编码器的库函数识别检测方法及系统 |
US11681810B2 (en) * | 2021-04-05 | 2023-06-20 | International Business Machines Corporation | Traversing software components and dependencies for vulnerability analysis |
CN113378881B (zh) * | 2021-05-11 | 2022-06-21 | 广西电网有限责任公司电力科学研究院 | 基于信息熵增益svm模型的指令集识别方法及装置 |
CN113837305B (zh) * | 2021-09-29 | 2022-09-23 | 北京百度网讯科技有限公司 | 目标检测及模型训练方法、装置、设备和存储介质 |
GB2626117A (en) * | 2021-10-28 | 2024-07-10 | Imanage Llc | Ransomware detection and mitigation |
US20230195896A1 (en) * | 2021-12-21 | 2023-06-22 | Palo Alto Networks, Inc. | Identification of .net malware with "unmanaged imphash" |
US20230344838A1 (en) * | 2022-04-26 | 2023-10-26 | Palo Alto Networks, Inc. | Detecting microsoft .net malware using machine learning on .net structure |
CN115033895B (zh) * | 2022-08-12 | 2022-12-09 | 中国电子科技集团公司第三十研究所 | 一种二进制程序供应链安全检测方法及装置 |
CN115361027B (zh) * | 2022-10-18 | 2023-03-24 | 江苏量超科技有限公司 | 一种污水处理效果识别方法 |
CN115576840B (zh) * | 2022-11-01 | 2023-04-18 | 中国科学院软件研究所 | 基于机器学习的静态程序插桩检测方法及装置 |
WO2024163094A1 (en) * | 2023-01-31 | 2024-08-08 | Palo Alto Networks, Inc. | Machine learning architecture for detecting malicious files using stream of data |
CN116992447B (zh) * | 2023-09-21 | 2023-12-15 | 北京安天网络安全技术有限公司 | 一种恶意文件检测方法、电子设备及存储介质 |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050198507A1 (en) | 2004-03-05 | 2005-09-08 | Microsoft Corporation | Import address table verification |
JP2006106939A (ja) | 2004-10-01 | 2006-04-20 | Hitachi Ltd | 侵入検知方法及び侵入検知装置並びにプログラム |
JP2013168141A (ja) | 2012-01-31 | 2013-08-29 | Trusteer Ltd | マルウェアの検出方法 |
US20140020046A1 (en) | 2012-07-12 | 2014-01-16 | International Business Machines Corporation | Source code analysis of inter-related code bases |
US20150200955A1 (en) | 2014-01-13 | 2015-07-16 | Cisco Technology, Inc. | Dynamic filtering for sdn api calls across a security boundary |
JP2015534690A (ja) | 2012-10-19 | 2015-12-03 | マカフィー, インコーポレイテッド | モバイル・アプリケーション管理 |
US20160055337A1 (en) | 2013-03-25 | 2016-02-25 | British Telecommunications Plc | Suspicious program detection |
WO2017068889A1 (ja) | 2015-10-19 | 2017-04-27 | 日本電信電話株式会社 | 解析装置、解析方法、および解析プログラム |
US20170206357A1 (en) | 2014-11-17 | 2017-07-20 | Morphisec Information Security Ltd. | Malicious code protection for computer systems based on process modification |
Family Cites Families (436)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4979118A (en) | 1989-03-10 | 1990-12-18 | Gte Laboratories Incorporated | Predictive access-control and routing system for integrated services telecommunication networks |
US5311593A (en) | 1992-05-13 | 1994-05-10 | Chipcom Corporation | Security system for a network concentrator |
US6154844A (en) | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US6167520A (en) | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
SE513828C2 (sv) | 1998-07-02 | 2000-11-13 | Effnet Group Ab | Brandväggsapparat och metod för att kontrollera nätverksdatapakettrafik mellan interna och externa nätverk |
US6157953A (en) | 1998-07-28 | 2000-12-05 | Sun Microsystems, Inc. | Authentication and access control in a management console program for managing services in a computer network |
JP4501280B2 (ja) | 1998-12-09 | 2010-07-14 | インターナショナル・ビジネス・マシーンズ・コーポレーション | ネットワークおよびコンピュータシステムセキュリティを提供する方法および装置 |
US7299294B1 (en) | 1999-11-10 | 2007-11-20 | Emc Corporation | Distributed traffic controller for network data |
US7107347B1 (en) | 1999-11-15 | 2006-09-12 | Fred Cohen | Method and apparatus for network deception/emulation |
US6836888B1 (en) | 2000-03-17 | 2004-12-28 | Lucent Technologies Inc. | System for reverse sandboxing |
US7574740B1 (en) | 2000-04-28 | 2009-08-11 | International Business Machines Corporation | Method and system for intrusion detection in a computer network |
US6728716B1 (en) | 2000-05-16 | 2004-04-27 | International Business Machines Corporation | Client-server filter computing system supporting relational database records and linked external files operable for distributed file system |
US20020010800A1 (en) | 2000-05-18 | 2002-01-24 | Riley Richard T. | Network access control system and method |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US6985845B1 (en) | 2000-09-26 | 2006-01-10 | Koninklijke Philips Electronics N.V. | Security monitor of system runs software simulator in parallel |
US20020078382A1 (en) | 2000-11-29 | 2002-06-20 | Ali Sheikh | Scalable system for monitoring network system and components and methodology therefore |
US6868069B2 (en) | 2001-01-16 | 2005-03-15 | Networks Associates Technology, Inc. | Method and apparatus for passively calculating latency for a network appliance |
US20020095607A1 (en) | 2001-01-18 | 2002-07-18 | Catherine Lin-Hendel | Security protection for computers and computer-networks |
US7613930B2 (en) | 2001-01-19 | 2009-11-03 | Trustware International Limited | Method for protecting computer programs and data from hostile code |
US20110178930A1 (en) | 2001-01-30 | 2011-07-21 | Scheidt Edward M | Multiple Level Access with SILOS |
US7543269B2 (en) | 2001-03-26 | 2009-06-02 | Biglever Software, Inc. | Software customization system and method |
US7188368B2 (en) | 2001-05-25 | 2007-03-06 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for repairing damage to a computer system using a system rollback mechanism |
US20020194489A1 (en) | 2001-06-18 | 2002-12-19 | Gal Almogy | System and method of virus containment in computer networks |
US7370358B2 (en) | 2001-09-28 | 2008-05-06 | British Telecommunications Public Limited Company | Agent-based intrusion detection system |
US7308710B2 (en) | 2001-09-28 | 2007-12-11 | Jp Morgan Chase Bank | Secured FTP architecture |
US7644436B2 (en) | 2002-01-24 | 2010-01-05 | Arxceo Corporation | Intelligent firewall |
US7222366B2 (en) | 2002-01-28 | 2007-05-22 | International Business Machines Corporation | Intrusion event filtering |
US7076803B2 (en) | 2002-01-28 | 2006-07-11 | International Business Machines Corporation | Integrated intrusion detection services |
US7133368B2 (en) | 2002-02-01 | 2006-11-07 | Microsoft Corporation | Peer-to-peer method of quality of service (QoS) probing and analysis and infrastructure employing same |
US7174566B2 (en) | 2002-02-01 | 2007-02-06 | Intel Corporation | Integrated network intrusion detection |
US20030188189A1 (en) | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
WO2003084137A2 (en) | 2002-03-29 | 2003-10-09 | Network Genomics, Inc. | Methods for identifying network traffic flows |
US7322044B2 (en) | 2002-06-03 | 2008-01-22 | Airdefense, Inc. | Systems and methods for automated network policy exception detection and correction |
EP1547337B1 (en) | 2002-07-26 | 2006-03-22 | Green Border Technologies | Watermarking at the packet level |
US20120023572A1 (en) | 2010-07-23 | 2012-01-26 | Q-Track Corporation | Malicious Attack Response System and Associated Method |
US7076696B1 (en) | 2002-08-20 | 2006-07-11 | Juniper Networks, Inc. | Providing failover assurance in a device |
JP3794491B2 (ja) | 2002-08-20 | 2006-07-05 | 日本電気株式会社 | 攻撃防御システムおよび攻撃防御方法 |
US7305546B1 (en) | 2002-08-29 | 2007-12-04 | Sprint Communications Company L.P. | Splicing of TCP/UDP sessions in a firewalled network environment |
US8046835B2 (en) | 2002-10-23 | 2011-10-25 | Frederick S. M. Herz | Distributed computer network security activity model SDI-SCAM |
US9503470B2 (en) | 2002-12-24 | 2016-11-22 | Fred Herz Patents, LLC | Distributed agent based model for security monitoring and response |
US8327442B2 (en) | 2002-12-24 | 2012-12-04 | Herz Frederick S M | System and method for a distributed application and network security system (SDI-SCAM) |
US9197668B2 (en) | 2003-02-28 | 2015-11-24 | Novell, Inc. | Access control to files based on source information |
US7926104B1 (en) | 2003-04-16 | 2011-04-12 | Verizon Corporate Services Group Inc. | Methods and systems for network attack detection and prevention through redirection |
US8024795B2 (en) | 2003-05-09 | 2011-09-20 | Q1 Labs, Inc. | Network intelligence system |
US7562390B1 (en) | 2003-05-21 | 2009-07-14 | Foundry Networks, Inc. | System and method for ARP anti-spoofing security |
US20040243699A1 (en) | 2003-05-29 | 2004-12-02 | Mike Koclanes | Policy based management of storage resources |
US20050108562A1 (en) * | 2003-06-18 | 2005-05-19 | Khazan Roger I. | Technique for detecting executable malicious code using a combination of static and dynamic analyses |
US7596807B2 (en) | 2003-07-03 | 2009-09-29 | Arbor Networks, Inc. | Method and system for reducing scope of self-propagating attack code in network |
US7984129B2 (en) | 2003-07-11 | 2011-07-19 | Computer Associates Think, Inc. | System and method for high-performance profiling of application events |
EP1661025A4 (en) | 2003-08-11 | 2010-05-26 | Chorus Systems Inc | SYSTEMS AND METHOD FOR GENERATING AND USING AN ADAPTIVE REFERENCE MODEL |
US8127356B2 (en) | 2003-08-27 | 2012-02-28 | International Business Machines Corporation | System, method and program product for detecting unknown computer attacks |
US9130921B2 (en) | 2003-09-30 | 2015-09-08 | Ca, Inc. | System and method for bridging identities in a service oriented architectureprofiling |
US7421734B2 (en) | 2003-10-03 | 2008-09-02 | Verizon Services Corp. | Network firewall test methods and apparatus |
US7886348B2 (en) | 2003-10-03 | 2011-02-08 | Verizon Services Corp. | Security management system for monitoring firewall operation |
US8713306B1 (en) | 2003-10-14 | 2014-04-29 | Symantec Corporation | Network decoys |
WO2005043279A2 (en) | 2003-10-31 | 2005-05-12 | Disksites Research And Development Ltd. | Device, system and method for storage and access of computer files |
US7978716B2 (en) | 2003-11-24 | 2011-07-12 | Citrix Systems, Inc. | Systems and methods for providing a VPN solution |
US20050138402A1 (en) | 2003-12-23 | 2005-06-23 | Yoon Jeonghee M. | Methods and apparatus for hierarchical system validation |
EP1719316B1 (en) | 2003-12-29 | 2012-05-23 | Telefonaktiebolaget LM Ericsson (publ) | Means and method for single sign-on access to a service network through an access network |
US7546587B2 (en) * | 2004-03-01 | 2009-06-09 | Microsoft Corporation | Run-time call stack verification |
US8140694B2 (en) | 2004-03-15 | 2012-03-20 | Hewlett-Packard Development Company, L.P. | Method and apparatus for effecting secure communications |
EP1578082B1 (en) | 2004-03-16 | 2007-04-18 | AT&T Corp. | Method and apparatus for providing mobile honeypots |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US7966658B2 (en) | 2004-04-08 | 2011-06-21 | The Regents Of The University Of California | Detecting public network attacks using signatures and fast content analysis |
US20050240989A1 (en) | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US7596808B1 (en) | 2004-04-30 | 2009-09-29 | Tw Acquisition, Inc. | Zero hop algorithm for network threat identification and mitigation |
US7225468B2 (en) | 2004-05-07 | 2007-05-29 | Digital Security Networks, Llc | Methods and apparatus for computer network security using intrusion detection and prevention |
US8006301B2 (en) | 2004-05-19 | 2011-08-23 | Computer Associates Think, Inc. | Method and systems for computer security |
US7657735B2 (en) | 2004-08-19 | 2010-02-02 | At&T Corp | System and method for monitoring network traffic |
US8196199B2 (en) | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
KR100612452B1 (ko) | 2004-11-08 | 2006-08-16 | 삼성전자주식회사 | 악성 코드 탐지 장치 및 그 방법 |
JP4392029B2 (ja) | 2004-11-11 | 2009-12-24 | 三菱電機株式会社 | 通信ネットワークにおけるipパケット中継方法 |
US8117659B2 (en) | 2005-12-28 | 2012-02-14 | Microsoft Corporation | Malicious code infection cause-and-effect analysis |
US20060161989A1 (en) | 2004-12-13 | 2006-07-20 | Eran Reshef | System and method for deterring rogue users from attacking protected legitimate users |
US7937755B1 (en) | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
CN101147376A (zh) | 2005-02-04 | 2008-03-19 | 诺基亚公司 | 降低tcp洪泛攻击同时节省无线网络带宽的装置、方法和计算机程序产品 |
US20060203774A1 (en) | 2005-03-10 | 2006-09-14 | Nokia Corporation | System, method and apparatus for selecting a remote tunnel endpoint for accessing packet data services |
US8065722B2 (en) | 2005-03-21 | 2011-11-22 | Wisconsin Alumni Research Foundation | Semantically-aware network intrusion signature generator |
US20080098476A1 (en) | 2005-04-04 | 2008-04-24 | Bae Systems Information And Electronic Systems Integration Inc. | Method and Apparatus for Defending Against Zero-Day Worm-Based Attacks |
US10225282B2 (en) | 2005-04-14 | 2019-03-05 | International Business Machines Corporation | System, method and program product to identify a distributed denial of service attack |
US20070097976A1 (en) | 2005-05-20 | 2007-05-03 | Wood George D | Suspect traffic redirection |
GB0513375D0 (en) | 2005-06-30 | 2005-08-03 | Retento Ltd | Computer security |
US20080229415A1 (en) | 2005-07-01 | 2008-09-18 | Harsh Kapoor | Systems and methods for processing data flows |
CA2514039A1 (en) | 2005-07-28 | 2007-01-28 | Third Brigade Inc. | Tcp normalization engine |
US8015605B2 (en) | 2005-08-29 | 2011-09-06 | Wisconsin Alumni Research Foundation | Scalable monitor of malicious network traffic |
US20070067623A1 (en) | 2005-09-22 | 2007-03-22 | Reflex Security, Inc. | Detection of system compromise by correlation of information objects |
US7743418B2 (en) | 2005-10-31 | 2010-06-22 | Microsoft Corporation | Identifying malware that employs stealth techniques |
US7756834B2 (en) | 2005-11-03 | 2010-07-13 | I365 Inc. | Malware and spyware attack recovery system and method |
US7710933B1 (en) | 2005-12-08 | 2010-05-04 | Airtight Networks, Inc. | Method and system for classification of wireless devices in local area computer networks |
US7757289B2 (en) | 2005-12-12 | 2010-07-13 | Finjan, Inc. | System and method for inspecting dynamically generated executable code |
US20070143827A1 (en) | 2005-12-21 | 2007-06-21 | Fiberlink | Methods and systems for intelligently controlling access to computing resources |
US20070143851A1 (en) | 2005-12-21 | 2007-06-21 | Fiberlink | Method and systems for controlling access to computing resources based on known security vulnerabilities |
US7774363B2 (en) | 2005-12-29 | 2010-08-10 | Nextlabs, Inc. | Detecting behavioral patterns and anomalies using information usage data |
US7711800B2 (en) | 2006-01-31 | 2010-05-04 | Microsoft Corporation | Network connectivity determination |
US8443442B2 (en) | 2006-01-31 | 2013-05-14 | The Penn State Research Foundation | Signature-free buffer overflow attack blocker |
US7882538B1 (en) | 2006-02-02 | 2011-02-01 | Juniper Networks, Inc. | Local caching of endpoint security information |
US7774459B2 (en) | 2006-03-01 | 2010-08-10 | Microsoft Corporation | Honey monkey network exploration |
US8528057B1 (en) | 2006-03-07 | 2013-09-03 | Emc Corporation | Method and apparatus for account virtualization |
EP1994486B1 (en) | 2006-03-22 | 2015-03-04 | BRITISH TELECOMMUNICATIONS public limited company | Method and apparatus for automated testing of software |
US9171157B2 (en) | 2006-03-28 | 2015-10-27 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
US8528087B2 (en) | 2006-04-27 | 2013-09-03 | Robot Genius, Inc. | Methods for combating malicious software |
US7849507B1 (en) | 2006-04-29 | 2010-12-07 | Ironport Systems, Inc. | Apparatus for filtering server responses |
US7890612B2 (en) | 2006-05-08 | 2011-02-15 | Electro Guard Corp. | Method and apparatus for regulating data flow between a communications device and a network |
US20070282782A1 (en) | 2006-05-31 | 2007-12-06 | Carey Julie M | Method, system, and program product for managing information for a network topology change |
WO2008002819A2 (en) | 2006-06-29 | 2008-01-03 | Energy Recovery, Inc. | Rotary pressure transfer devices |
US8479288B2 (en) | 2006-07-21 | 2013-07-02 | Research In Motion Limited | Method and system for providing a honeypot mode for an electronic device |
US8190868B2 (en) | 2006-08-07 | 2012-05-29 | Webroot Inc. | Malware management through kernel detection |
US8230505B1 (en) | 2006-08-11 | 2012-07-24 | Avaya Inc. | Method for cooperative intrusion prevention through collaborative inference |
US7934258B2 (en) | 2006-08-17 | 2011-04-26 | Informod Control Inc. | System and method for remote authentication security management |
JP2008066903A (ja) | 2006-09-06 | 2008-03-21 | Nec Corp | 不正侵入検知システム及びその方法並びにそれを用いた通信装置 |
US8453234B2 (en) | 2006-09-20 | 2013-05-28 | Clearwire Ip Holdings Llc | Centralized security management system |
KR100798923B1 (ko) | 2006-09-29 | 2008-01-29 | 한국전자통신연구원 | 컴퓨터 및 네트워크 보안을 위한 공격 분류 방법 및 이를수행하는 프로그램을 기록한 기록 매체 |
US7802050B2 (en) | 2006-09-29 | 2010-09-21 | Intel Corporation | Monitoring a target agent execution pattern on a VT-enabled system |
US9824107B2 (en) | 2006-10-25 | 2017-11-21 | Entit Software Llc | Tracking changing state data to assist in computer network security |
US8181248B2 (en) | 2006-11-23 | 2012-05-15 | Electronics And Telecommunications Research Institute | System and method of detecting anomaly malicious code by using process behavior prediction technique |
US8949986B2 (en) | 2006-12-29 | 2015-02-03 | Intel Corporation | Network security elements using endpoint resources |
US20080162397A1 (en) | 2007-01-03 | 2008-07-03 | Ori Zaltzman | Method for Analyzing Activities Over Information Networks |
US8156557B2 (en) | 2007-01-04 | 2012-04-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
JP2008172483A (ja) | 2007-01-11 | 2008-07-24 | Matsushita Electric Ind Co Ltd | 通信システム及びドアホンシステム |
US8171545B1 (en) | 2007-02-14 | 2012-05-01 | Symantec Corporation | Process profiling for behavioral anomaly detection |
US8082471B2 (en) | 2007-05-11 | 2011-12-20 | Microsoft Corporation | Self healing software |
US9009829B2 (en) | 2007-06-12 | 2015-04-14 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for baiting inside attackers |
US20120084866A1 (en) | 2007-06-12 | 2012-04-05 | Stolfo Salvatore J | Methods, systems, and media for measuring computer security |
US8170712B2 (en) | 2007-06-26 | 2012-05-01 | Amazon Technologies, Inc. | Method and apparatus for non-linear unit-level sortation in order fulfillment processes |
US8140062B1 (en) | 2007-09-12 | 2012-03-20 | Oceans' Edge, Inc. | Mobile device monitoring and control system |
US7620992B2 (en) | 2007-10-02 | 2009-11-17 | Kaspersky Lab Zao | System and method for detecting multi-component malware |
CN101350052B (zh) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | 发现计算机程序的恶意行为的方法和装置 |
US8880435B1 (en) | 2007-10-26 | 2014-11-04 | Bank Of America Corporation | Detection and tracking of unauthorized computer access attempts |
US8667582B2 (en) | 2007-12-10 | 2014-03-04 | Mcafee, Inc. | System, method, and computer program product for directing predetermined network traffic to a honeypot |
US20090158407A1 (en) | 2007-12-13 | 2009-06-18 | Fiberlink Communications Corporation | Api translation for network access control (nac) agent |
KR101407501B1 (ko) | 2007-12-27 | 2014-06-17 | 삼성전자주식회사 | 후면 키패드를 갖는 휴대 단말기 |
US8595834B2 (en) | 2008-02-04 | 2013-11-26 | Samsung Electronics Co., Ltd | Detecting unauthorized use of computing devices based on behavioral patterns |
US8078556B2 (en) | 2008-02-20 | 2011-12-13 | International Business Machines Corporation | Generating complex event processing rules utilizing machine learning from multiple events |
US9130986B2 (en) | 2008-03-19 | 2015-09-08 | Websense, Inc. | Method and system for protection against information stealing software |
US8713666B2 (en) | 2008-03-27 | 2014-04-29 | Check Point Software Technologies, Ltd. | Methods and devices for enforcing network access control utilizing secure packet tagging |
US20090249471A1 (en) | 2008-03-27 | 2009-10-01 | Moshe Litvin | Reversible firewall policies |
US8170123B1 (en) | 2008-04-15 | 2012-05-01 | Desktone, Inc. | Media acceleration for virtual computing services |
US8073945B2 (en) | 2008-04-25 | 2011-12-06 | At&T Intellectual Property I, L.P. | Method and apparatus for providing a measurement of performance for a network |
US8144725B2 (en) | 2008-05-28 | 2012-03-27 | Apple Inc. | Wireless femtocell setup methods and apparatus |
US8229812B2 (en) | 2009-01-28 | 2012-07-24 | Headwater Partners I, Llc | Open transaction central billing system |
US9122895B2 (en) | 2008-06-25 | 2015-09-01 | Microsoft Technology Licensing, Llc | Authorization for transient storage devices with multiple authentication silos |
CN101304409B (zh) | 2008-06-28 | 2011-04-13 | 成都市华为赛门铁克科技有限公司 | 恶意代码检测方法及系统 |
US8181250B2 (en) | 2008-06-30 | 2012-05-15 | Microsoft Corporation | Personalized honeypot for detecting information leaks and security breaches |
US8181033B1 (en) | 2008-07-01 | 2012-05-15 | Mcafee, Inc. | Data leakage prevention system, method, and computer program product for preventing a predefined type of operation on predetermined data |
US8353033B1 (en) | 2008-07-02 | 2013-01-08 | Symantec Corporation | Collecting malware samples via unauthorized download protection |
US7530106B1 (en) | 2008-07-02 | 2009-05-05 | Kaspersky Lab, Zao | System and method for security rating of computer processes |
US8413238B1 (en) | 2008-07-21 | 2013-04-02 | Zscaler, Inc. | Monitoring darknet access to identify malicious activity |
US20130247190A1 (en) | 2008-07-22 | 2013-09-19 | Joel R. Spurlock | System, method, and computer program product for utilizing a data structure including event relationships to detect unwanted activity |
MY146995A (en) | 2008-09-12 | 2012-10-15 | Mimos Bhd | A honeypot host |
US9098698B2 (en) | 2008-09-12 | 2015-08-04 | George Mason Research Foundation, Inc. | Methods and apparatus for application isolation |
US8370931B1 (en) | 2008-09-17 | 2013-02-05 | Trend Micro Incorporated | Multi-behavior policy matching for malware detection |
US9117078B1 (en) | 2008-09-17 | 2015-08-25 | Trend Micro Inc. | Malware behavior analysis and policy creation |
US8984628B2 (en) | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
US9781148B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
US8769684B2 (en) | 2008-12-02 | 2014-07-01 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
MY151479A (en) | 2008-12-16 | 2014-05-30 | Secure Corp M Sdn Bhd F | Method and apparatus for detecting shellcode insertion |
KR20100078081A (ko) | 2008-12-30 | 2010-07-08 | (주) 세인트 시큐리티 | 커널 기반 시스템 행위 분석을 통한 알려지지 않은 악성코드 탐지 시스템 및 방법 |
US8474044B2 (en) | 2009-01-05 | 2013-06-25 | Cisco Technology, Inc | Attack-resistant verification of auto-generated anti-malware signatures |
DE102009016532A1 (de) | 2009-04-06 | 2010-10-07 | Giesecke & Devrient Gmbh | Verfahren zur Durchführung einer Applikation mit Hilfe eines tragbaren Datenträgers |
US8438386B2 (en) | 2009-04-21 | 2013-05-07 | Webroot Inc. | System and method for developing a risk profile for an internet service |
US20140046645A1 (en) | 2009-05-04 | 2014-02-13 | Camber Defense Security And Systems Solutions, Inc. | Systems and methods for network monitoring and analysis of a simulated network |
US8732296B1 (en) | 2009-05-06 | 2014-05-20 | Mcafee, Inc. | System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware |
US20100299430A1 (en) | 2009-05-22 | 2010-11-25 | Architecture Technology Corporation | Automated acquisition of volatile forensic evidence from network devices |
US8205035B2 (en) | 2009-06-22 | 2012-06-19 | Citrix Systems, Inc. | Systems and methods for integration between application firewall and caching |
US8776218B2 (en) | 2009-07-21 | 2014-07-08 | Sophos Limited | Behavioral-based host intrusion prevention system |
US8607340B2 (en) | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
US8793151B2 (en) | 2009-08-28 | 2014-07-29 | Src, Inc. | System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology |
US8413241B2 (en) | 2009-09-17 | 2013-04-02 | Oracle America, Inc. | Integrated intrusion deflection, detection and introspection |
US20120137367A1 (en) | 2009-11-06 | 2012-05-31 | Cataphora, Inc. | Continuous anomaly detection based on behavior modeling and heterogeneous information analysis |
US8850428B2 (en) | 2009-11-12 | 2014-09-30 | Trustware International Limited | User transparent virtualization method for protecting computer programs and data from hostile code |
US8488466B2 (en) | 2009-12-16 | 2013-07-16 | Vss Monitoring, Inc. | Systems, methods, and apparatus for detecting a pattern within a data packet and detecting data packets related to a data packet including a detected pattern |
US8438626B2 (en) | 2009-12-23 | 2013-05-07 | Citrix Systems, Inc. | Systems and methods for processing application firewall session information on owner core in multiple core system |
US8528091B2 (en) | 2009-12-31 | 2013-09-03 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for detecting covert malware |
US8307434B2 (en) | 2010-01-27 | 2012-11-06 | Mcafee, Inc. | Method and system for discrete stateful behavioral analysis |
US8949988B2 (en) | 2010-02-26 | 2015-02-03 | Juniper Networks, Inc. | Methods for proactively securing a web application and apparatuses thereof |
US8984621B2 (en) | 2010-02-27 | 2015-03-17 | Novell, Inc. | Techniques for secure access management in virtual environments |
US20110219449A1 (en) | 2010-03-04 | 2011-09-08 | St Neitzel Michael | Malware detection method, system and computer program product |
US20110219443A1 (en) | 2010-03-05 | 2011-09-08 | Alcatel-Lucent Usa, Inc. | Secure connection initiation with hosts behind firewalls |
US8826268B2 (en) | 2010-03-08 | 2014-09-02 | Microsoft Corporation | Virtual software application deployment configurations |
US8549643B1 (en) | 2010-04-02 | 2013-10-01 | Symantec Corporation | Using decoys by a data loss prevention system to protect against unscripted activity |
US8707427B2 (en) | 2010-04-06 | 2014-04-22 | Triumfant, Inc. | Automated malware detection and remediation |
KR101661161B1 (ko) | 2010-04-07 | 2016-10-10 | 삼성전자주식회사 | 이동통신 단말기에서 인터넷프로토콜 패킷 필터링 장치 및 방법 |
US9213838B2 (en) | 2011-05-13 | 2015-12-15 | Mcafee Ireland Holdings Limited | Systems and methods of processing data associated with detection and/or handling of malware |
US8627475B2 (en) | 2010-04-08 | 2014-01-07 | Microsoft Corporation | Early detection of potential malware |
US8464345B2 (en) | 2010-04-28 | 2013-06-11 | Symantec Corporation | Behavioral signature generation using clustering |
US8733732B2 (en) | 2010-05-24 | 2014-05-27 | Eaton Corporation | Pressurized o-ring pole piece seal for a manifold |
US9239909B2 (en) | 2012-01-25 | 2016-01-19 | Bromium, Inc. | Approaches for protecting sensitive data within a guest operating system |
WO2012011070A1 (en) | 2010-07-21 | 2012-01-26 | Seculert Ltd. | Network protection system and method |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
EP2609537A1 (en) | 2010-08-26 | 2013-07-03 | Verisign, Inc. | Method and system for automatic detection and analysis of malware |
JP4802295B1 (ja) | 2010-08-31 | 2011-10-26 | 株式会社スプリングソフト | ネットワークシステム及び仮想プライベート接続形成方法 |
US8607054B2 (en) | 2010-10-15 | 2013-12-10 | Microsoft Corporation | Remote access to hosted virtual machines by enterprise users |
US8850172B2 (en) | 2010-11-15 | 2014-09-30 | Microsoft Corporation | Analyzing performance of computing devices in usage scenarios |
US9690915B2 (en) | 2010-11-29 | 2017-06-27 | Biocatch Ltd. | Device, method, and system of detecting remote access users and differentiating among users |
WO2012071989A1 (zh) | 2010-11-29 | 2012-06-07 | 北京奇虎科技有限公司 | 基于机器学习的程序识别方法及装置 |
US8782791B2 (en) | 2010-12-01 | 2014-07-15 | Symantec Corporation | Computer virus detection systems and methods |
US20120151565A1 (en) | 2010-12-10 | 2012-06-14 | Eric Fiterman | System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks |
US20120260304A1 (en) | 2011-02-15 | 2012-10-11 | Webroot Inc. | Methods and apparatus for agent-based malware management |
US8555385B1 (en) | 2011-03-14 | 2013-10-08 | Symantec Corporation | Techniques for behavior based malware analysis |
US8725898B1 (en) | 2011-03-17 | 2014-05-13 | Amazon Technologies, Inc. | Scalable port address translations |
US8959569B2 (en) | 2011-03-18 | 2015-02-17 | Juniper Networks, Inc. | Security enforcement in virtualized systems |
US20120255003A1 (en) | 2011-03-31 | 2012-10-04 | Mcafee, Inc. | System and method for securing access to the objects of an operating system |
US8863283B2 (en) | 2011-03-31 | 2014-10-14 | Mcafee, Inc. | System and method for securing access to system calls |
US8042186B1 (en) | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
US9305165B2 (en) | 2011-05-06 | 2016-04-05 | The University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for detecting injected machine code |
US8955037B2 (en) | 2011-05-11 | 2015-02-10 | Oracle International Corporation | Access management architecture |
US9436826B2 (en) | 2011-05-16 | 2016-09-06 | Microsoft Technology Licensing, Llc | Discovering malicious input files and performing automatic and distributed remediation |
US8849880B2 (en) | 2011-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Providing a shadow directory and virtual files to store metadata |
US8966625B1 (en) | 2011-05-24 | 2015-02-24 | Palo Alto Networks, Inc. | Identification of malware sites using unknown URL sites and newly registered DNS addresses |
US8738765B2 (en) | 2011-06-14 | 2014-05-27 | Lookout, Inc. | Mobile device DNS optimization |
KR101206853B1 (ko) | 2011-06-23 | 2012-11-30 | 주식회사 잉카인터넷 | 네트워크 접근 제어시스템 및 방법 |
US8893278B1 (en) | 2011-07-12 | 2014-11-18 | Trustwave Holdings, Inc. | Detecting malware communication on an infected computing device |
WO2013014672A1 (en) | 2011-07-26 | 2013-01-31 | Light Cyber Ltd | A method for detecting anomaly action within a computer network |
KR101380966B1 (ko) | 2011-08-24 | 2014-05-02 | 주식회사 팬택 | 휴대 단말 시스템에서의 보안 장치 |
WO2013033222A1 (en) | 2011-08-29 | 2013-03-07 | Fiberlink Communications Corporation | Platform for deployment and distribution of modules to endpoints |
US9027124B2 (en) | 2011-09-06 | 2015-05-05 | Broadcom Corporation | System for monitoring an operation of a device |
ES2755780T3 (es) | 2011-09-16 | 2020-04-23 | Veracode Inc | Análisis estático y de comportamiento automatizado mediante la utilización de un espacio aislado instrumentado y clasificación de aprendizaje automático para seguridad móvil |
WO2013048986A1 (en) | 2011-09-26 | 2013-04-04 | Knoa Software, Inc. | Method, system and program product for allocation and/or prioritization of electronic resources |
US8473748B2 (en) | 2011-09-27 | 2013-06-25 | George P. Sampas | Mobile device-based authentication |
US8806639B2 (en) | 2011-09-30 | 2014-08-12 | Avaya Inc. | Contextual virtual machines for application quarantine and assessment method and system |
US10025928B2 (en) | 2011-10-03 | 2018-07-17 | Webroot Inc. | Proactive browser content analysis |
US20130104197A1 (en) | 2011-10-23 | 2013-04-25 | Gopal Nandakumar | Authentication system |
US9223978B2 (en) | 2011-10-28 | 2015-12-29 | Confer Technologies, Inc. | Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware |
US20130152200A1 (en) | 2011-12-09 | 2013-06-13 | Christoph Alme | Predictive Heap Overflow Protection |
DE102011056502A1 (de) | 2011-12-15 | 2013-06-20 | Avira Holding GmbH | Verfahren und Vorrichtung zur automatischen Erzeugung von Virenbeschreibungen |
EP2611106A1 (en) | 2012-01-02 | 2013-07-03 | Telefónica, S.A. | System for automated prevention of fraud |
US9772832B2 (en) | 2012-01-20 | 2017-09-26 | S-Printing Solution Co., Ltd. | Computing system with support for ecosystem mechanism and method of operation thereof |
JP5792654B2 (ja) | 2012-02-15 | 2015-10-14 | 株式会社日立製作所 | セキュリティ監視システムおよびセキュリティ監視方法 |
US8904239B2 (en) | 2012-02-17 | 2014-12-02 | American Express Travel Related Services Company, Inc. | System and method for automated test configuration and evaluation |
US9356942B1 (en) | 2012-03-05 | 2016-05-31 | Neustar, Inc. | Method and system for detecting network compromise |
US9081747B1 (en) | 2012-03-06 | 2015-07-14 | Big Bang Llc | Computer program deployment to one or more target devices |
WO2013134616A1 (en) * | 2012-03-09 | 2013-09-12 | RAPsphere, Inc. | Method and apparatus for securing mobile applications |
US9734333B2 (en) | 2012-04-17 | 2017-08-15 | Heat Software Usa Inc. | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks |
US8959362B2 (en) | 2012-04-30 | 2015-02-17 | General Electric Company | Systems and methods for controlling file execution for industrial control systems |
US9027125B2 (en) | 2012-05-01 | 2015-05-05 | Taasera, Inc. | Systems and methods for network flow remediation based on risk correlation |
US8713658B1 (en) | 2012-05-25 | 2014-04-29 | Graphon Corporation | System for and method of providing single sign-on (SSO) capability in an application publishing environment |
US9787589B2 (en) | 2012-06-08 | 2017-10-10 | Apple Inc. | Filtering of unsolicited incoming packets to electronic devices |
US9043903B2 (en) | 2012-06-08 | 2015-05-26 | Crowdstrike, Inc. | Kernel-level security agent |
US8789135B1 (en) | 2012-06-15 | 2014-07-22 | Google Inc. | Scalable stateful firewall design in openflow based networks |
GB2503230A (en) | 2012-06-19 | 2013-12-25 | Appsense Ltd | Location based network access |
US8732791B2 (en) | 2012-06-20 | 2014-05-20 | Sophos Limited | Multi-part internal-external process system for providing virtualization security protection |
US9736260B2 (en) | 2012-06-21 | 2017-08-15 | Cisco Technology, Inc. | Redirecting from a cloud service to a third party website to save costs without sacrificing security |
US9043920B2 (en) | 2012-06-27 | 2015-05-26 | Tenable Network Security, Inc. | System and method for identifying exploitable weak points in a network |
US9319417B2 (en) | 2012-06-28 | 2016-04-19 | Fortinet, Inc. | Data leak protection |
US9245120B2 (en) | 2012-07-13 | 2016-01-26 | Cisco Technologies, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning |
US8821242B2 (en) | 2012-07-25 | 2014-09-02 | Lumos Labs, Inc. | Systems and methods for enhancing cognition |
US20140053267A1 (en) | 2012-08-20 | 2014-02-20 | Trusteer Ltd. | Method for identifying malicious executables |
US9087191B2 (en) * | 2012-08-24 | 2015-07-21 | Vmware, Inc. | Method and system for facilitating isolated workspace for applications |
US8984331B2 (en) | 2012-09-06 | 2015-03-17 | Triumfant, Inc. | Systems and methods for automated memory and thread execution anomaly detection in a computer network |
US9117087B2 (en) | 2012-09-06 | 2015-08-25 | Box, Inc. | System and method for creating a secure channel for inter-application communication based on intents |
US9292688B2 (en) | 2012-09-26 | 2016-03-22 | Northrop Grumman Systems Corporation | System and method for automated machine-learning, zero-day malware detection |
US9485276B2 (en) | 2012-09-28 | 2016-11-01 | Juniper Networks, Inc. | Dynamic service handling using a honeypot |
US20140096229A1 (en) | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US9369476B2 (en) | 2012-10-18 | 2016-06-14 | Deutsche Telekom Ag | System for detection of mobile applications network behavior-netwise |
US10447711B2 (en) | 2012-10-18 | 2019-10-15 | White Ops Inc. | System and method for identification of automated browser agents |
US9483642B2 (en) | 2012-10-30 | 2016-11-01 | Gabriel Kedma | Runtime detection of self-replicating malware |
US8839369B1 (en) | 2012-11-09 | 2014-09-16 | Trend Micro Incorporated | Methods and systems for detecting email phishing attacks |
US8931101B2 (en) | 2012-11-14 | 2015-01-06 | International Business Machines Corporation | Application-level anomaly detection |
US9288227B2 (en) | 2012-11-28 | 2016-03-15 | Verisign, Inc. | Systems and methods for transparently monitoring network traffic for denial of service attacks |
JP2017503222A (ja) | 2013-01-25 | 2017-01-26 | レムテクス, インコーポレイテッド | ネットワークセキュリティシステム、方法、及び装置 |
US9106692B2 (en) | 2013-01-31 | 2015-08-11 | Northrop Grumman Systems Corporation | System and method for advanced malware analysis |
KR20150119895A (ko) | 2013-02-15 | 2015-10-26 | 퀄컴 인코포레이티드 | 다수의 분석기 모델 제공자들을 갖는 이동 디바이스에서의 온-라인 거동 분석 엔진 |
US9491187B2 (en) | 2013-02-15 | 2016-11-08 | Qualcomm Incorporated | APIs for obtaining device-specific behavior classifier models from the cloud |
US9246774B2 (en) | 2013-02-21 | 2016-01-26 | Hewlett Packard Enterprise Development Lp | Sample based determination of network policy violations |
US9467465B2 (en) | 2013-02-25 | 2016-10-11 | Beyondtrust Software, Inc. | Systems and methods of risk based rules for application control |
US10713356B2 (en) | 2013-03-04 | 2020-07-14 | Crowdstrike, Inc. | Deception-based responses to security attacks |
US10127379B2 (en) | 2013-03-13 | 2018-11-13 | Mcafee, Llc | Profiling code execution |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10742601B2 (en) | 2013-03-14 | 2020-08-11 | Fortinet, Inc. | Notifying users within a protected network regarding events and information |
US9871766B2 (en) | 2013-03-15 | 2018-01-16 | Hewlett Packard Enterprise Development Lp | Secure path determination between devices |
US9330259B2 (en) | 2013-03-19 | 2016-05-03 | Trusteer, Ltd. | Malware discovery method and system |
EP2785008A1 (en) | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
EP2992471A4 (en) | 2013-05-03 | 2016-12-14 | Webroot Inc | METHOD AND DEVICE FOR PROVIDING FORENSIC VISIBILITY IN SYSTEMS AND NETWORKS |
US9716996B2 (en) | 2013-05-21 | 2017-07-25 | Brocade Communications Systems, Inc. | Method and system for selective and secure interaction of BYOD (bring your own device) with enterprise network through mobile wireless networks |
US9197601B2 (en) | 2013-06-05 | 2015-11-24 | Bat Blue Networks, Inc. | System and method for providing a single global borderless virtual perimeter through distributed points of presence |
US8943594B1 (en) | 2013-06-24 | 2015-01-27 | Haystack Security LLC | Cyber attack disruption through multiple detonations of received payloads |
US20150006384A1 (en) | 2013-06-28 | 2015-01-01 | Zahid Nasiruddin Shaikh | Device fingerprinting |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US8973142B2 (en) | 2013-07-02 | 2015-03-03 | Imperva, Inc. | Compromised insider honey pots using reverse honey tokens |
US9117080B2 (en) | 2013-07-05 | 2015-08-25 | Bitdefender IPR Management Ltd. | Process evaluation for malware detection in virtual machines |
US9807092B1 (en) | 2013-07-05 | 2017-10-31 | Dcs7, Llc | Systems and methods for classification of internet devices as hostile or benign |
US10284570B2 (en) | 2013-07-24 | 2019-05-07 | Wells Fargo Bank, National Association | System and method to detect threats to computer based devices and systems |
US9166993B1 (en) | 2013-07-25 | 2015-10-20 | Symantec Corporation | Anomaly detection based on profile history and peer history |
CN103649915B (zh) | 2013-07-31 | 2016-11-02 | 华为技术有限公司 | 关联插件管理方法、设备及系统 |
US9553867B2 (en) | 2013-08-01 | 2017-01-24 | Bitglass, Inc. | Secure application access system |
US10084817B2 (en) | 2013-09-11 | 2018-09-25 | NSS Labs, Inc. | Malware and exploit campaign detection system and method |
US9607146B2 (en) | 2013-09-18 | 2017-03-28 | Qualcomm Incorporated | Data flow based behavioral analysis on mobile devices |
US20150089655A1 (en) | 2013-09-23 | 2015-03-26 | Electronics And Telecommunications Research Institute | System and method for detecting malware based on virtual host |
US9601000B1 (en) | 2013-09-27 | 2017-03-21 | EMC IP Holding Company LLC | Data-driven alert prioritization |
CN105493046B (zh) | 2013-09-28 | 2019-08-13 | 迈克菲有限公司 | 面向服务的中介、方法和计算机可读存储介质 |
US9576145B2 (en) | 2013-09-30 | 2017-02-21 | Acalvio Technologies, Inc. | Alternate files returned for suspicious processes in a compromised computer network |
US20150156214A1 (en) | 2013-10-18 | 2015-06-04 | White Ops, Inc. | Detection and prevention of online user interface manipulation via remote control |
US9147072B2 (en) | 2013-10-28 | 2015-09-29 | Qualcomm Incorporated | Method and system for performing behavioral analysis operations in a mobile device based on application state |
US20150128206A1 (en) | 2013-11-04 | 2015-05-07 | Trusteer Ltd. | Early Filtering of Events Using a Kernel-Based Filter |
US9407602B2 (en) | 2013-11-07 | 2016-08-02 | Attivo Networks, Inc. | Methods and apparatus for redirecting attacks on a network |
IN2013MU03602A (ja) | 2013-11-18 | 2015-07-31 | Tata Consultancy Services Ltd | |
CN103607399B (zh) | 2013-11-25 | 2016-07-27 | 中国人民解放军理工大学 | 基于暗网的专用ip网络安全监测系统及方法 |
US9323929B2 (en) | 2013-11-26 | 2016-04-26 | Qualcomm Incorporated | Pre-identifying probable malicious rootkit behavior using behavioral contracts |
US9185136B2 (en) | 2013-11-28 | 2015-11-10 | Cyber-Ark Software Ltd. | Correlation based security risk identification |
US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
US9652362B2 (en) | 2013-12-06 | 2017-05-16 | Qualcomm Incorporated | Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors |
US9386034B2 (en) | 2013-12-17 | 2016-07-05 | Hoplite Industries, Inc. | Behavioral model based malware protection system and method |
JP6236704B2 (ja) | 2013-12-27 | 2017-11-29 | マカフィー, エルエルシー | ネットワークアクティビティを示す実行可能ファイルの分離 |
US9432360B1 (en) | 2013-12-31 | 2016-08-30 | Emc Corporation | Security-aware split-server passcode verification for one-time authentication tokens |
KR102017756B1 (ko) | 2014-01-13 | 2019-09-03 | 한국전자통신연구원 | 이상행위 탐지 장치 및 방법 |
US20150205962A1 (en) | 2014-01-23 | 2015-07-23 | Cylent Systems, Inc. | Behavioral analytics driven host-based malicious behavior and data exfiltration disruption |
US9639426B2 (en) | 2014-01-24 | 2017-05-02 | Commvault Systems, Inc. | Single snapshot for multiple applications |
WO2015113052A1 (en) | 2014-01-27 | 2015-07-30 | Webroot Inc. | Detecting and preventing execution of software exploits |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
US20150039513A1 (en) | 2014-02-14 | 2015-02-05 | Brighterion, Inc. | User device profiling in transaction authentications |
KR101671336B1 (ko) * | 2014-02-27 | 2016-11-16 | (주)스마일게이트엔터테인먼트 | 코드 분리가 적용된 언패킹 보호 방법 및 장치 |
US9594665B2 (en) | 2014-03-05 | 2017-03-14 | Microsoft Technology Licensing, Llc | Regression evaluation using behavior models of software applications |
WO2015138508A1 (en) | 2014-03-11 | 2015-09-17 | Vectra Networks, Inc. | Method and system for detecting bot behavior |
US9832217B2 (en) | 2014-03-13 | 2017-11-28 | International Business Machines Corporation | Computer implemented techniques for detecting, investigating and remediating security violations to IT infrastructure |
US9838424B2 (en) | 2014-03-20 | 2017-12-05 | Microsoft Technology Licensing, Llc | Techniques to provide network security through just-in-time provisioned accounts |
US10289405B2 (en) | 2014-03-20 | 2019-05-14 | Crowdstrike, Inc. | Integrity assurance and rebootless updating during runtime |
US20160078365A1 (en) | 2014-03-21 | 2016-03-17 | Philippe Baumard | Autonomous detection of incongruous behaviors |
EP3123390A4 (en) | 2014-03-27 | 2017-10-25 | Barkly Protects, Inc. | Malicious software identification integrating behavioral analytics and hardware events |
US9684787B2 (en) | 2014-04-08 | 2017-06-20 | Qualcomm Incorporated | Method and system for inferring application states by performing behavioral analysis operations in a mobile device |
US9912690B2 (en) | 2014-04-08 | 2018-03-06 | Capital One Financial Corporation | System and method for malware detection using hashing techniques |
US9356950B2 (en) | 2014-05-07 | 2016-05-31 | Attivo Networks Inc. | Evaluating URLS for malicious content |
US9609019B2 (en) | 2014-05-07 | 2017-03-28 | Attivo Networks Inc. | System and method for directing malicous activity to a monitoring system |
US20150326592A1 (en) | 2014-05-07 | 2015-11-12 | Attivo Networks Inc. | Emulating shellcode attacks |
US10243985B2 (en) | 2014-06-03 | 2019-03-26 | Hexadite Ltd. | System and methods thereof for monitoring and preventing security incidents in a computerized environment |
US9628502B2 (en) | 2014-06-09 | 2017-04-18 | Meadow Hills, LLC | Active attack detection system |
US10212176B2 (en) | 2014-06-23 | 2019-02-19 | Hewlett Packard Enterprise Development Lp | Entity group behavior profiling |
US9490987B2 (en) | 2014-06-30 | 2016-11-08 | Paypal, Inc. | Accurately classifying a computer program interacting with a computer system using questioning and fingerprinting |
US9705914B2 (en) | 2014-07-23 | 2017-07-11 | Cisco Technology, Inc. | Signature creation for unknown attacks |
US20160042180A1 (en) | 2014-08-07 | 2016-02-11 | Ut Battelle, Llc | Behavior specification, finding main, and call graph visualizations |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US10102374B1 (en) | 2014-08-11 | 2018-10-16 | Sentinel Labs Israel Ltd. | Method of remediating a program and system thereof by undoing operations |
JP6432210B2 (ja) | 2014-08-22 | 2018-12-05 | 富士通株式会社 | セキュリティシステム、セキュリティ方法、セキュリティ装置、及び、プログラム |
US9547516B2 (en) | 2014-08-22 | 2017-01-17 | Nicira, Inc. | Method and system for migrating virtual machines in virtual infrastructure |
US9807115B2 (en) | 2014-09-05 | 2017-10-31 | Topspin Security Ltd | System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints |
US9807114B2 (en) | 2014-09-05 | 2017-10-31 | Topspin Securtiy Ltd | System and a method for identifying the presence of malware using mini-traps set at network endpoints |
US9225734B1 (en) | 2014-09-10 | 2015-12-29 | Fortinet, Inc. | Data leak protection in upper layer protocols |
US9992225B2 (en) | 2014-09-12 | 2018-06-05 | Topspin Security Ltd. | System and a method for identifying malware network activity using a decoy environment |
US9591006B2 (en) | 2014-09-18 | 2017-03-07 | Microsoft Technology Licensing, Llc | Lateral movement detection |
US9495188B1 (en) | 2014-09-30 | 2016-11-15 | Palo Alto Networks, Inc. | Synchronizing a honey network configuration to reflect a target network environment |
US10044675B1 (en) | 2014-09-30 | 2018-08-07 | Palo Alto Networks, Inc. | Integrating a honey network with a target network to counter IP and peer-checking evasion techniques |
US9578015B2 (en) | 2014-10-31 | 2017-02-21 | Vmware, Inc. | Step-up authentication for single sign-on |
US10225245B2 (en) | 2014-11-18 | 2019-03-05 | Auth0, Inc. | Identity infrastructure as a service |
WO2016081561A1 (en) | 2014-11-20 | 2016-05-26 | Attivo Networks Inc. | System and method for directing malicious activity to a monitoring system |
US9240976B1 (en) | 2015-01-06 | 2016-01-19 | Blackpoint Holdings, Llc | Systems and methods for providing network security monitoring |
WO2016138067A1 (en) | 2015-02-24 | 2016-09-01 | Cloudlock, Inc. | System and method for securing an enterprise computing environment |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
EP3231133B1 (en) | 2015-04-07 | 2020-05-27 | Hewlett-Packard Development Company, L.P. | Providing selective access to resources |
US10135633B2 (en) | 2015-04-21 | 2018-11-20 | Cujo LLC | Network security analysis for smart appliances |
US9954870B2 (en) | 2015-04-29 | 2018-04-24 | International Business Machines Corporation | System conversion in a networked computing environment |
US10599844B2 (en) | 2015-05-12 | 2020-03-24 | Webroot, Inc. | Automatic threat detection of executable files based on static data analysis |
US9553885B2 (en) | 2015-06-08 | 2017-01-24 | Illusive Networks Ltd. | System and method for creation, deployment and management of augmented attacker map |
US10382484B2 (en) | 2015-06-08 | 2019-08-13 | Illusive Networks Ltd. | Detecting attackers who target containerized clusters |
US10237280B2 (en) | 2015-06-25 | 2019-03-19 | Websafety, Inc. | Management and control of mobile computing device using local and remote software agents |
US9680833B2 (en) | 2015-06-25 | 2017-06-13 | Imperva, Inc. | Detection of compromised unmanaged client end stations using synchronized tokens from enterprise-managed client end stations |
US10476891B2 (en) | 2015-07-21 | 2019-11-12 | Attivo Networks Inc. | Monitoring access of network darkspace |
US9641544B1 (en) | 2015-09-18 | 2017-05-02 | Palo Alto Networks, Inc. | Automated insider threat prevention |
US20170093910A1 (en) | 2015-09-25 | 2017-03-30 | Acalvio Technologies, Inc. | Dynamic security mechanisms |
EP3885951B1 (en) | 2015-10-15 | 2022-06-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US10116674B2 (en) | 2015-10-30 | 2018-10-30 | Citrix Systems, Inc. | Framework for explaining anomalies in accessing web applications |
US20170134405A1 (en) | 2015-11-09 | 2017-05-11 | Qualcomm Incorporated | Dynamic Honeypot System |
US9672538B1 (en) | 2015-11-09 | 2017-06-06 | Radiumone, Inc. | Delivering personalized content based on geolocation information in a social graph with sharing activity of users of the open web |
US10594656B2 (en) | 2015-11-17 | 2020-03-17 | Zscaler, Inc. | Multi-tenant cloud-based firewall systems and methods |
US10116536B2 (en) | 2015-11-18 | 2018-10-30 | Adobe Systems Incorporated | Identifying multiple devices belonging to a single user |
GB2534459B (en) | 2015-11-19 | 2018-08-01 | F Secure Corp | Improving security of computer resources |
US9886563B2 (en) | 2015-11-25 | 2018-02-06 | Box, Inc. | Personalized online content access experiences using inferred user intent to configure online session attributes |
US9942270B2 (en) | 2015-12-10 | 2018-04-10 | Attivo Networks Inc. | Database deception in directory services |
US10348739B2 (en) | 2016-02-09 | 2019-07-09 | Ca, Inc. | Automated data risk assessment |
US10791097B2 (en) | 2016-04-14 | 2020-09-29 | Sophos Limited | Portable encryption format |
US10628597B2 (en) | 2016-04-14 | 2020-04-21 | Sophos Limited | Just-in-time encryption |
US9984248B2 (en) | 2016-02-12 | 2018-05-29 | Sophos Limited | Behavioral-based control of access to encrypted content by a process |
US10686827B2 (en) | 2016-04-14 | 2020-06-16 | Sophos Limited | Intermediate encryption for exposed content |
US10681078B2 (en) | 2016-06-10 | 2020-06-09 | Sophos Limited | Key throttling to mitigate unauthorized file access |
US9602531B1 (en) | 2016-02-16 | 2017-03-21 | Cylance, Inc. | Endpoint-based man in the middle attack detection |
US9843602B2 (en) | 2016-02-18 | 2017-12-12 | Trend Micro Incorporated | Login failure sequence for detecting phishing |
US10771478B2 (en) | 2016-02-18 | 2020-09-08 | Comcast Cable Communications, Llc | Security monitoring at operating system kernel level |
US10469523B2 (en) | 2016-02-24 | 2019-11-05 | Imperva, Inc. | Techniques for detecting compromises of enterprise end stations utilizing noisy tokens |
US20170264639A1 (en) | 2016-03-10 | 2017-09-14 | Acalvio Technologies, Inc. | Active deception system |
US20170302665A1 (en) | 2016-03-22 | 2017-10-19 | Holonet Security, Inc. | Network hologram for enterprise security |
US10187413B2 (en) | 2016-03-25 | 2019-01-22 | Cisco Technology, Inc. | Network-based approach for training supervised learning classifiers |
US10652271B2 (en) | 2016-03-25 | 2020-05-12 | Verisign, Inc. | Detecting and remediating highly vulnerable domain names using passive DNS measurements |
US10542044B2 (en) | 2016-04-29 | 2020-01-21 | Attivo Networks Inc. | Authentication incident detection and management |
US9888032B2 (en) | 2016-05-03 | 2018-02-06 | Check Point Software Technologies Ltd. | Method and system for mitigating the effects of ransomware |
US20170324777A1 (en) | 2016-05-05 | 2017-11-09 | Javelin Networks, Inc. | Injecting supplemental data into data queries at network end-points |
US20170324774A1 (en) | 2016-05-05 | 2017-11-09 | Javelin Networks, Inc. | Adding supplemental data to a security-related query |
US10515062B2 (en) | 2016-05-09 | 2019-12-24 | Sumo Logic, Inc. | Searchable investigation history for event data store |
US10375110B2 (en) | 2016-05-12 | 2019-08-06 | Attivo Networks Inc. | Luring attackers towards deception servers |
US9948652B2 (en) | 2016-05-16 | 2018-04-17 | Bank Of America Corporation | System for resource-centric threat modeling and identifying controls for securing technology resources |
US10362013B2 (en) | 2016-05-27 | 2019-07-23 | Dropbox, Inc. | Out of box experience application API integration |
US10440053B2 (en) | 2016-05-31 | 2019-10-08 | Lookout, Inc. | Methods and systems for detecting and preventing network connection compromise |
US11409870B2 (en) * | 2016-06-16 | 2022-08-09 | Virsec Systems, Inc. | Systems and methods for remediating memory corruption in a computer application |
US10250636B2 (en) | 2016-07-07 | 2019-04-02 | Attivo Networks Inc | Detecting man-in-the-middle attacks |
US9721097B1 (en) * | 2016-07-21 | 2017-08-01 | Cylance Inc. | Neural attention mechanisms for malware analysis |
US10650141B2 (en) * | 2016-08-03 | 2020-05-12 | Sophos Limited | Mitigation of return-oriented programming attacks |
US10805325B2 (en) | 2016-08-09 | 2020-10-13 | Imperva, Inc. | Techniques for detecting enterprise intrusions utilizing active tokens |
US10110627B2 (en) | 2016-08-30 | 2018-10-23 | Arbor Networks, Inc. | Adaptive self-optimzing DDoS mitigation |
GB2554390B (en) * | 2016-09-23 | 2018-10-31 | 1E Ltd | Computer security profiling |
US20180183815A1 (en) * | 2016-10-17 | 2018-06-28 | Kerry Wayne Enfinger | System and method for detecting malware |
US10609074B2 (en) | 2016-11-23 | 2020-03-31 | Attivo Networks Inc. | Implementing decoys in network endpoints |
US10599842B2 (en) | 2016-12-19 | 2020-03-24 | Attivo Networks Inc. | Deceiving attackers in endpoint systems |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US10169586B2 (en) | 2016-12-31 | 2019-01-01 | Fortinet, Inc. | Ransomware detection and damage mitigation |
US20180248896A1 (en) | 2017-02-24 | 2018-08-30 | Zitovault Software, Inc. | System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning |
GB201708671D0 (en) | 2017-05-31 | 2017-07-12 | Inquisitive Systems Ltd | Forensic analysis |
KR101960869B1 (ko) * | 2017-06-30 | 2019-03-21 | 주식회사 씨티아이랩 | 인공지능 기반 악성코드 검출 시스템 및 방법 |
US10462171B2 (en) | 2017-08-08 | 2019-10-29 | Sentinel Labs Israel Ltd. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US10979453B2 (en) | 2017-08-31 | 2021-04-13 | International Business Machines Corporation | Cyber-deception using network port projection |
US10574698B1 (en) | 2017-09-01 | 2020-02-25 | Amazon Technologies, Inc. | Configuration and deployment of decoy content over a network |
US10509905B2 (en) | 2017-09-05 | 2019-12-17 | Attivo Networks Inc. | Ransomware mitigation system |
US10938854B2 (en) | 2017-09-22 | 2021-03-02 | Acronis International Gmbh | Systems and methods for preventive ransomware detection using file honeypots |
US10848519B2 (en) * | 2017-10-12 | 2020-11-24 | Charles River Analytics, Inc. | Cyber vaccine and predictive-malware-defense methods and systems |
US10360012B2 (en) | 2017-11-09 | 2019-07-23 | International Business Machines Corporation | Dynamic selection of deployment configurations of software applications |
US10915631B2 (en) * | 2017-12-28 | 2021-02-09 | Intel Corporation | Deep learning on execution trace data for exploit detection |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US10826941B2 (en) | 2018-05-10 | 2020-11-03 | Fortinet, Inc. | Systems and methods for centrally managed host and network firewall services |
KR101969572B1 (ko) * | 2018-06-22 | 2019-04-16 | 주식회사 에프원시큐리티 | 악성코드 탐지 장치 및 방법 |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | SYSTEMS AND METHODS FOR EXECUTABLE CODE DETECTION, AUTOMATIC FEATURE EXTRACTION, AND POSITION-INDEPENDENT CODE DETECTION |
US11038658B2 (en) | 2019-05-22 | 2021-06-15 | Attivo Networks Inc. | Deceiving attackers in endpoint systems |
US11108861B1 (en) | 2020-08-26 | 2021-08-31 | Commvault Systems, Inc. | System for managing multiple information management cells |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
-
2020
- 2020-05-20 EP EP20810142.8A patent/EP3973427A4/en not_active Withdrawn
- 2020-05-20 JP JP2021569072A patent/JP7278423B2/ja active Active
- 2020-05-20 WO PCT/US2020/033872 patent/WO2020236981A1/en unknown
- 2020-05-20 US US16/879,625 patent/US10762200B1/en active Active
- 2020-07-03 US US16/920,630 patent/US11210392B2/en active Active
-
2021
- 2021-09-21 US US17/448,327 patent/US11580218B2/en active Active
- 2021-11-15 IL IL288122A patent/IL288122B2/en unknown
-
2022
- 2022-12-27 US US18/089,038 patent/US11790079B2/en active Active
-
2023
- 2023-10-16 US US18/487,657 patent/US20240184884A1/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050198507A1 (en) | 2004-03-05 | 2005-09-08 | Microsoft Corporation | Import address table verification |
JP2006106939A (ja) | 2004-10-01 | 2006-04-20 | Hitachi Ltd | 侵入検知方法及び侵入検知装置並びにプログラム |
JP2013168141A (ja) | 2012-01-31 | 2013-08-29 | Trusteer Ltd | マルウェアの検出方法 |
US20140020046A1 (en) | 2012-07-12 | 2014-01-16 | International Business Machines Corporation | Source code analysis of inter-related code bases |
JP2015534690A (ja) | 2012-10-19 | 2015-12-03 | マカフィー, インコーポレイテッド | モバイル・アプリケーション管理 |
US20160055337A1 (en) | 2013-03-25 | 2016-02-25 | British Telecommunications Plc | Suspicious program detection |
US20150200955A1 (en) | 2014-01-13 | 2015-07-16 | Cisco Technology, Inc. | Dynamic filtering for sdn api calls across a security boundary |
US20170206357A1 (en) | 2014-11-17 | 2017-07-20 | Morphisec Information Security Ltd. | Malicious code protection for computer systems based on process modification |
WO2017068889A1 (ja) | 2015-10-19 | 2017-04-27 | 日本電信電話株式会社 | 解析装置、解析方法、および解析プログラム |
Also Published As
Publication number | Publication date |
---|---|
US20240184884A1 (en) | 2024-06-06 |
IL288122A (en) | 2022-01-01 |
US20220019659A1 (en) | 2022-01-20 |
JP2022533715A (ja) | 2022-07-25 |
US20200372150A1 (en) | 2020-11-26 |
US20230146847A1 (en) | 2023-05-11 |
US11210392B2 (en) | 2021-12-28 |
US11790079B2 (en) | 2023-10-17 |
EP3973427A4 (en) | 2023-06-21 |
US11580218B2 (en) | 2023-02-14 |
US20220391496A9 (en) | 2022-12-08 |
WO2020236981A1 (en) | 2020-11-26 |
EP3973427A1 (en) | 2022-03-30 |
US10762200B1 (en) | 2020-09-01 |
IL288122B2 (en) | 2023-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7278423B2 (ja) | 実行可能コード検出、自動特徴抽出及び位置独立コード検出のためのシステム及び方法 | |
Gibert et al. | The rise of machine learning for detection and classification of malware: Research developments, trends and challenges | |
US11714905B2 (en) | Attribute relevance tagging in malware recognition | |
US11188650B2 (en) | Detection of malware using feature hashing | |
Gao et al. | Malware classification for the cloud via semi-supervised transfer learning | |
Kasim | An ensemble classification-based approach to detect attack level of SQL injections | |
Li et al. | I-mad: Interpretable malware detector using galaxy transformer | |
Rizvi et al. | PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable | |
US11574054B2 (en) | System, method and apparatus for malicious software detection | |
Ali et al. | Deep learning methods for malware and intrusion detection: A systematic literature review | |
Ullah et al. | A malware detection system using a hybrid approach of multi-heads attention-based control flow traces and image visualization | |
Maniriho et al. | API-MalDetect: Automated malware detection framework for windows based on API calls and deep learning techniques | |
Fadadu et al. | Evading API call sequence based malware classifiers | |
Huang et al. | TagSeq: Malicious behavior discovery using dynamic analysis | |
Li et al. | SynDroid: An adaptive enhanced Android malware classification method based on CTGAN-SVM | |
Jha et al. | A novel framework for metamorphic malware detection | |
Luh et al. | SEQUIN: a grammar inference framework for analyzing malicious system behavior | |
Švec et al. | Semantic Data Representation for Explainable Windows Malware Detection Models | |
Thakur et al. | Hybrid deep learning approach based on lstm and cnn for malware detection | |
Geden et al. | Classification of malware families based on runtime behaviour | |
Samantray et al. | An efficient hybrid approach for malware detection using frequent opcodes and API call sequences | |
Yousuf et al. | Multi-feature Dataset for Windows PE Malware Classification | |
US20240241956A1 (en) | Classifying cybersecurity threats using machine learning on non-euclidean data | |
Xiong et al. | Universal adversarial triggers for attacking against API sequence: based malware detector | |
Andow | Privacy Risks of Sensitive User Data Exposure in Mobile Ecosystems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20230323 |
|
A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20230323 |
|
A871 | Explanation of circumstances concerning accelerated examination |
Free format text: JAPANESE INTERMEDIATE CODE: A871 Effective date: 20230323 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20230411 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20230509 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 7278423 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |