JP7552897B2 - 分析装置、分析方法、および、分析システム - Google Patents

分析装置、分析方法、および、分析システム Download PDF

Info

Publication number
JP7552897B2
JP7552897B2 JP2023523882A JP2023523882A JP7552897B2 JP 7552897 B2 JP7552897 B2 JP 7552897B2 JP 2023523882 A JP2023523882 A JP 2023523882A JP 2023523882 A JP2023523882 A JP 2023523882A JP 7552897 B2 JP7552897 B2 JP 7552897B2
Authority
JP
Japan
Prior art keywords
attack
execution
unit
command
command sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
JP2023523882A
Other languages
English (en)
Japanese (ja)
Other versions
JPWO2022249416A1 (https=
Inventor
琴海 黒木
楊 鐘本
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
NTT Inc USA
Original Assignee
Nippon Telegraph and Telephone Corp
NTT Inc USA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp, NTT Inc USA filed Critical Nippon Telegraph and Telephone Corp
Publication of JPWO2022249416A1 publication Critical patent/JPWO2022249416A1/ja
Application granted granted Critical
Publication of JP7552897B2 publication Critical patent/JP7552897B2/ja
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)
JP2023523882A 2021-05-27 2021-05-27 分析装置、分析方法、および、分析システム Active JP7552897B2 (ja)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2021/020302 WO2022249416A1 (ja) 2021-05-27 2021-05-27 分析装置、分析方法、および、分析システム

Publications (2)

Publication Number Publication Date
JPWO2022249416A1 JPWO2022249416A1 (https=) 2022-12-01
JP7552897B2 true JP7552897B2 (ja) 2024-09-18

Family

ID=84228488

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2023523882A Active JP7552897B2 (ja) 2021-05-27 2021-05-27 分析装置、分析方法、および、分析システム

Country Status (3)

Country Link
US (1) US12542806B2 (https=)
JP (1) JP7552897B2 (https=)
WO (1) WO2022249416A1 (https=)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12393687B2 (en) * 2022-10-24 2025-08-19 Okta, Inc. Techniques for detecting command injection attacks

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020155098A (ja) 2019-03-22 2020-09-24 株式会社日立製作所 コンピュータネットワークにおける攻撃経路を予測するための方法およびシステム

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11695800B2 (en) * 2016-12-19 2023-07-04 SentinelOne, Inc. Deceiving attackers accessing network data
US11616812B2 (en) * 2016-12-19 2023-03-28 Attivo Networks Inc. Deceiving attackers accessing active directory data
US10762201B2 (en) * 2017-04-20 2020-09-01 Level Effect LLC Apparatus and method for conducting endpoint-network-monitoring
WO2019013266A1 (ja) * 2017-07-12 2019-01-17 日本電信電話株式会社 判定装置、判定方法、および、判定プログラム
WO2020006415A1 (en) * 2018-06-28 2020-01-02 Crowdstrike, Inc. Analysis of malware
US11403391B2 (en) * 2019-11-18 2022-08-02 Jf Rog Ltd Command injection identification
AU2019479339B2 (en) * 2019-12-17 2023-12-21 Ntt, Inc. Verification information correction device, verification information correction method and verification information correction program
EP4163809A4 (en) * 2020-06-05 2023-08-02 Fujitsu Limited Information processing program, information processing method, and information processing device
WO2022107290A1 (ja) * 2020-11-19 2022-05-27 日本電気株式会社 分析装置、分析システム、分析方法、及び分析プログラム
WO2022137883A1 (ja) * 2020-12-24 2022-06-30 日本電気株式会社 攻撃情報生成装置、制御方法、及び非一時的なコンピュータ可読媒体
KR20240036146A (ko) * 2020-12-29 2024-03-19 (주)기원테크 메일 보안 기반의 제로데이 url 공격 방어 서비스 제공 장치 및 그 동작 방법
CN114884684A (zh) * 2021-01-21 2022-08-09 华为技术有限公司 攻击成功识别方法及防护设备
JP2022135641A (ja) * 2021-03-05 2022-09-15 キオクシア株式会社 I/oコマンド制御装置およびストレージシステム
US20240152603A1 (en) * 2021-03-16 2024-05-09 Nippon Telegraph And Telephone Corporation Device for extracting trace of act, method for extracting trace of act, and program for extracting trace of act
US20240152615A1 (en) * 2021-03-16 2024-05-09 Nippon Telegraph And Telephone Corporation Device for extracting trace of act, method for extracting trace of act, and program for extracting trace of act
JP7552864B2 (ja) * 2021-03-19 2024-09-18 日本電気株式会社 分析条件生成装置、分析システム、分析条件生成プログラム、分析プログラム、分析条件生成方法、及び分析方法
JPWO2022195862A1 (https=) * 2021-03-19 2022-09-22
US12609943B2 (en) * 2021-04-16 2026-04-21 Ntt, Inc. Application attack determination device, application attack determination method, and application attack determination program
JP7505642B2 (ja) * 2021-04-16 2024-06-25 日本電信電話株式会社 判定装置、判定方法、および、判定プログラム

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020155098A (ja) 2019-03-22 2020-09-24 株式会社日立製作所 コンピュータネットワークにおける攻撃経路を予測するための方法およびシステム

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KUROKI, Kotomi et al.,Attack Intention Estimation Based on Syntax Analysis and Dynamic Analysis for SQL Injection,2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC),2020年07月13日,p. 1510-1515,特に第1511ページ右欄第37-41行目, 第1512ページ右欄第14-20行目, 第1513ページ右欄第32-35行目
鐘 揚ほか,攻撃とその影響を特定可能とするWebサーバログ相関手法,CSS2015 コンピュータセキュリティシンポジウム2015 論文集 ,2015年10月14日,p.132-139,特に第135ページ右欄第1-3行目, 第137ページ右欄第9-11行目, 表3,図5
黒木 琴海ほか,構文解析と動的意味解析に基づくSQLインジェクション被害識別手法,2020年 暗号と情報セキュリティシンポジウム予稿集,2020年01月21日,p. 1-8,特に第5ページ左欄第3-7行目, 第5ページ左欄第3-7行目, 第6ページ左欄第7-9行目

Also Published As

Publication number Publication date
WO2022249416A1 (ja) 2022-12-01
US20240214417A1 (en) 2024-06-27
JPWO2022249416A1 (https=) 2022-12-01
US12542806B2 (en) 2026-02-03

Similar Documents

Publication Publication Date Title
US10599841B2 (en) System and method for reverse command shell detection
US10642973B2 (en) System and method of analysis of files for maliciousness and determining an action
US10169585B1 (en) System and methods for advanced malware detection through placement of transition events
US8590045B2 (en) Malware detection by application monitoring
US7934261B1 (en) On-demand cleanup system
RU2589862C1 (ru) Способ обнаружения вредоносного кода в оперативной памяти
US9251343B1 (en) Detecting bootkits resident on compromised computers
US9147073B2 (en) System and method for automatic generation of heuristic algorithms for malicious object identification
CN110119619B (zh) 创建防病毒记录的系统和方法
US9239922B1 (en) Document exploit detection using baseline comparison
CN109558207B (zh) 在虚拟机中形成用于进行文件的防病毒扫描的日志的系统和方法
RU2724790C1 (ru) Система и способ формирования журнала при исполнении файла с уязвимостями в виртуальной машине
KR20180081053A (ko) 도메인 생성 알고리즘(dga) 멀웨어 탐지를 위한 시스템 및 방법들
EP2881877A1 (en) Program execution device and program analysis device
CN110659478B (zh) 在隔离的环境中检测阻止分析的恶意文件的方法
JP6867552B2 (ja) 判定方法、判定装置および判定プログラム
RU2649794C1 (ru) Система и способ формирования журнала в виртуальной машине для проведения антивирусной проверки файла
JP7552897B2 (ja) 分析装置、分析方法、および、分析システム
Yin et al. Privacy-breaching behavior analysis
RU2592383C1 (ru) Способ формирования антивирусной записи при обнаружении вредоносного кода в оперативной памяти
RU2697951C2 (ru) Система и способ прекращения работы функционально ограниченного приложения, взаимосвязанного с веб-сайтом, запускаемого без установки
EP3361406A1 (en) System and method of analysis of files for maliciousness in a virtual machine
CN111159111A (zh) 一种信息处理方法、设备、系统和计算机可读存储介质
RU2606883C2 (ru) Система и способ открытия файлов, созданных уязвимыми приложениями
Bellini et al. MIME-A Formal Approach for Multiple Investigation in (Android) Malware Emulation Analysis

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20230823

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20240521

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20240719

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20240806

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20240819

R150 Certificate of patent or registration of utility model

Ref document number: 7552897

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

S533 Written request for registration of change of name

Free format text: JAPANESE INTERMEDIATE CODE: R313533

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350