JP7537661B2 - 高度なランサムウェア検出 - Google Patents

高度なランサムウェア検出 Download PDF

Info

Publication number
JP7537661B2
JP7537661B2 JP2023503075A JP2023503075A JP7537661B2 JP 7537661 B2 JP7537661 B2 JP 7537661B2 JP 2023503075 A JP2023503075 A JP 2023503075A JP 2023503075 A JP2023503075 A JP 2023503075A JP 7537661 B2 JP7537661 B2 JP 7537661B2
Authority
JP
Japan
Prior art keywords
thread
classifying
whitelisted
file
suspicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2023503075A
Other languages
English (en)
Japanese (ja)
Other versions
JP2023534502A5 (https=
JP2023534502A (ja
JPWO2022023828A5 (https=
Inventor
レヴィ,エレズ
チェチック,オル
ジゲルバウム,リアヴ
アハロニ,エルダー
Original Assignee
パロ アルト ネットワークス (イスラエル アナリティクス) リミテッド
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by パロ アルト ネットワークス (イスラエル アナリティクス) リミテッド filed Critical パロ アルト ネットワークス (イスラエル アナリティクス) リミテッド
Publication of JP2023534502A publication Critical patent/JP2023534502A/ja
Publication of JP2023534502A5 publication Critical patent/JP2023534502A5/ja
Publication of JPWO2022023828A5 publication Critical patent/JPWO2022023828A5/ja
Application granted granted Critical
Publication of JP7537661B2 publication Critical patent/JP7537661B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
  • Pharmaceuticals Containing Other Organic And Inorganic Compounds (AREA)
  • Investigating Or Analysing Materials By The Use Of Chemical Reactions (AREA)
  • Immobilizing And Processing Of Enzymes And Microorganisms (AREA)
  • Debugging And Monitoring (AREA)
JP2023503075A 2020-07-26 2021-06-09 高度なランサムウェア検出 Active JP7537661B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/939,013 US11520886B2 (en) 2020-07-26 2020-07-26 Advanced ransomware detection
US16/939,013 2020-07-26
PCT/IB2021/055061 WO2022023828A1 (en) 2020-07-26 2021-06-09 Advanced ransomware detection

Publications (4)

Publication Number Publication Date
JP2023534502A JP2023534502A (ja) 2023-08-09
JP2023534502A5 JP2023534502A5 (https=) 2024-05-31
JPWO2022023828A5 JPWO2022023828A5 (https=) 2024-05-31
JP7537661B2 true JP7537661B2 (ja) 2024-08-21

Family

ID=76624079

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2023503075A Active JP7537661B2 (ja) 2020-07-26 2021-06-09 高度なランサムウェア検出

Country Status (6)

Country Link
US (2) US11520886B2 (https=)
EP (1) EP4189567A1 (https=)
JP (1) JP7537661B2 (https=)
AU (1) AU2021319159B2 (https=)
IL (2) IL299044B2 (https=)
WO (1) WO2022023828A1 (https=)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11520886B2 (en) * 2020-07-26 2022-12-06 Palo Alto Networks (Israel Analytics) Ltd. Advanced ransomware detection
WO2022225508A1 (en) * 2021-04-20 2022-10-27 Assured Information Security, Inc. Prevention and remediation of malware based on selective presentation of files to processes
US12524546B2 (en) * 2021-11-10 2026-01-13 Accenture Global Solutions Limited Secure data backup and recovery from cyberattacks
US12265611B2 (en) * 2021-12-01 2025-04-01 Dell Products L.P. System and method for monitoring and detecting of encryption based threats
US11960606B2 (en) * 2022-03-24 2024-04-16 Check Point Software Technologies Ltd. System and method for protecting against data storage attacks
US20230350953A1 (en) * 2022-05-02 2023-11-02 Unisys Corporation System and method for file and file system integrity using meta-data
US12596803B2 (en) * 2023-03-08 2026-04-07 Coveware Inc. Systems and methods for forensic resolution of ransomware attacks
US12361130B2 (en) 2023-04-17 2025-07-15 Palo Alto Networks, Inc. Real-time shellcode detection and prevention
US12481754B2 (en) * 2023-05-24 2025-11-25 Nxp B.V. Data processing system and method for mitigating a malware attack
US12437071B2 (en) * 2023-06-09 2025-10-07 Micro Focus Llc Identification of malicious programs using thread patterns and related data
US12506780B2 (en) * 2023-08-08 2025-12-23 Dell Products L.P. Using decoy datasets for cyber threat detection
US20250063061A1 (en) * 2023-08-16 2025-02-20 Zafran Security LTD System and method for mitigating cyber threats using risk analysis

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180248896A1 (en) 2017-02-24 2018-08-30 Zitovault Software, Inc. System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning
US10193918B1 (en) 2018-03-28 2019-01-29 Malwarebytes Inc. Behavior-based ransomware detection using decoy files
US20200089876A1 (en) 2018-09-13 2020-03-19 Palo Alto Networks, Inc. Preventing ransomware from encrypting files on a target machine
US20200183820A1 (en) 2018-12-05 2020-06-11 Sap Se Non-regressive injection of deception decoys

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7152242B2 (en) 2002-09-11 2006-12-19 Enterasys Networks, Inc. Modular system for detecting, filtering and providing notice about attack events associated with network security
KR100843701B1 (ko) 2006-11-07 2008-07-04 소프트캠프(주) 콜 스택에 기록된 정보를 이용한 에이피아이 확인방법
US8205257B1 (en) * 2009-07-28 2012-06-19 Symantec Corporation Systems and methods for preventing threats originating from a non-process based component hosted by a trusted process
KR101244731B1 (ko) 2012-09-11 2013-03-18 주식회사 안랩 디버그 이벤트를 이용한 악성 쉘 코드 탐지 장치 및 방법
US9275223B2 (en) * 2012-10-19 2016-03-01 Mcafee, Inc. Real-time module protection
US8990944B1 (en) * 2013-02-23 2015-03-24 Fireeye, Inc. Systems and methods for automatically detecting backdoors
EP2784716A1 (en) 2013-03-25 2014-10-01 British Telecommunications public limited company Suspicious program detection
KR101445634B1 (ko) 2014-01-27 2014-10-06 주식회사 이글루시큐리티 프로그램의 취약점을 이용한 공격의 탐지 장치 및 방법
US10284591B2 (en) 2014-01-27 2019-05-07 Webroot Inc. Detecting and preventing execution of software exploits
US20180191779A1 (en) * 2016-12-29 2018-07-05 Varmour Networks, Inc. Flexible Deception Architecture
US10091238B2 (en) * 2014-02-11 2018-10-02 Varmour Networks, Inc. Deception using distributed threat detection
US9659182B1 (en) 2014-04-30 2017-05-23 Symantec Corporation Systems and methods for protecting data files
US20160232347A1 (en) 2015-02-09 2016-08-11 Palo Alto Networks, Inc. Mitigating malware code injections using stack unwinding
US10789361B2 (en) * 2016-01-24 2020-09-29 Minerva Labs Ltd. Ransomware attack remediation
US10791133B2 (en) * 2016-10-21 2020-09-29 Tata Consultancy Services Limited System and method for detecting and mitigating ransomware threats
WO2018111271A1 (en) 2016-12-15 2018-06-21 Hewlett-Packard Development Company, L.P. Ransomware attack monitoring
US10169586B2 (en) * 2016-12-31 2019-01-01 Fortinet, Inc. Ransomware detection and damage mitigation
US11822654B2 (en) 2017-04-20 2023-11-21 Morphisec Information Security 2014 Ltd. System and method for runtime detection, analysis and signature determination of obfuscated malicious code
US10503904B1 (en) 2017-06-29 2019-12-10 Fireeye, Inc. Ransomware detection and mitigation
US10860718B2 (en) 2017-07-28 2020-12-08 Mcafee, Llc Protecting computer systems used in virtualization environments against fileless malware
WO2019051507A1 (en) * 2017-09-11 2019-03-14 Carbon Black, Inc. METHODS OF BEHAVIORAL DETECTION AND PREVENTION OF CYBERATTAICS, AS WELL AS APPARATUS AND RELATED TECHNIQUES
US11216559B1 (en) 2017-09-13 2022-01-04 NortonLifeLock Inc. Systems and methods for automatically recovering from malware attacks
US20190109870A1 (en) * 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore
US10938854B2 (en) * 2017-09-22 2021-03-02 Acronis International Gmbh Systems and methods for preventive ransomware detection using file honeypots
US11120133B2 (en) * 2017-11-07 2021-09-14 Spinbackup Inc. Ransomware protection for cloud storage systems
US11544379B2 (en) 2018-04-13 2023-01-03 Webroot Inc. Malicious software detection based on API trust
US11055411B2 (en) 2018-05-10 2021-07-06 Acronis International Gmbh System and method for protection against ransomware attacks
US11089056B2 (en) * 2018-09-28 2021-08-10 Sophos Limited Intrusion detection with honeypot keys
US11616810B2 (en) * 2019-06-04 2023-03-28 Datto, Inc. Methods and systems for ransomware detection, isolation and remediation
US11409868B2 (en) 2019-09-26 2022-08-09 At&T Intellectual Property I, L.P. Ransomware detection and mitigation
US11520886B2 (en) * 2020-07-26 2022-12-06 Palo Alto Networks (Israel Analytics) Ltd. Advanced ransomware detection
CA3199837A1 (en) * 2020-11-24 2022-06-02 Christopher MARTINIC Ransomware mitigation system and method for mitigating a ransomware attack
US11593482B2 (en) 2021-03-04 2023-02-28 Saudi Arabian Oil Company Systems and methods for automating detection and mitigation of an operating system rootkit
EP4330841A1 (en) 2021-05-27 2024-03-06 Palo Alto Networks (Israel Analytics) Ltd. Java deserialization exploit attack detection
US11934801B2 (en) 2021-12-07 2024-03-19 Microsoft Technology Licensing, Llc Multi-modal program inference

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180248896A1 (en) 2017-02-24 2018-08-30 Zitovault Software, Inc. System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning
US10193918B1 (en) 2018-03-28 2019-01-29 Malwarebytes Inc. Behavior-based ransomware detection using decoy files
US20200089876A1 (en) 2018-09-13 2020-03-19 Palo Alto Networks, Inc. Preventing ransomware from encrypting files on a target machine
US20200183820A1 (en) 2018-12-05 2020-06-11 Sap Se Non-regressive injection of deception decoys

Also Published As

Publication number Publication date
AU2021319159A1 (en) 2023-02-02
US12306945B2 (en) 2025-05-20
IL299044B2 (en) 2025-08-01
IL319777A (en) 2025-05-01
AU2021319159B2 (en) 2023-09-21
EP4189567A1 (en) 2023-06-07
WO2022023828A1 (en) 2022-02-03
US20220027471A1 (en) 2022-01-27
IL299044A (en) 2023-02-01
JP2023534502A (ja) 2023-08-09
US11520886B2 (en) 2022-12-06
US20230084691A1 (en) 2023-03-16
IL299044B1 (en) 2025-04-01

Similar Documents

Publication Publication Date Title
JP7537661B2 (ja) 高度なランサムウェア検出
US11611586B2 (en) Systems and methods for detecting a suspicious process in an operating system environment using a file honeypots
JP6370747B2 (ja) バーチャルマシーンモニタベースのアンチマルウェアセキュリティのためのシステム及び方法
JP5326062B1 (ja) 非実行ファイル検査装置及び方法
RU2646352C2 (ru) Система и способ для применения индикатора репутации для облегчения сканирования на наличие вредоносных программ
US7836504B2 (en) On-access scan of memory for malware
US20160078238A1 (en) Data leakage prevention system, method, and computer program product for preventing a predefined type of operation on predetermined data
JP2019521400A (ja) 推測的なエクスプロイトの試みの検出
Ami et al. Ransomware prevention using application authentication-based file access control
TWI607338B (zh) 儲存裝置及其資料保護方法與資料保護系統
US20160335433A1 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
US11928205B1 (en) Systems and methods for implementing cybersecurity using blockchain validation
US11822647B1 (en) Data structure for trust store
US9785775B1 (en) Malware management
US8578495B2 (en) System and method for analyzing packed files
US10339313B2 (en) System and method for bypassing a malware infected driver
US12248585B2 (en) Runtime risk assessment to protect storage systems from data loss
US20250173430A1 (en) Virtual canary files to mitigate ransomware attacks
US12346430B1 (en) Systems and methods for implementing cybersecurity using trust binaries
CN113836542B (zh) 可信白名单匹配方法、系统和装置
WO2025171076A1 (en) Defending files against ransomware
CN119848831A (zh) 一种动态库劫持攻击检测方法及装置
CN117786683A (zh) 应用程序防勒索系统、方法、设备和存储介质

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240523

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20240523

A871 Explanation of circumstances concerning accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A871

Effective date: 20240523

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240709

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240724

R150 Certificate of patent or registration of utility model

Ref document number: 7537661

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R371 Transfer withdrawn

Free format text: JAPANESE INTERMEDIATE CODE: R371

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313111

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R371 Transfer withdrawn

Free format text: JAPANESE INTERMEDIATE CODE: R371

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R360 Written notification for declining of transfer of rights

Free format text: JAPANESE INTERMEDIATE CODE: R360

R371 Transfer withdrawn

Free format text: JAPANESE INTERMEDIATE CODE: R371

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313111

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350