JPWO2020236981A5 - - Google Patents
Download PDFInfo
- Publication number
- JPWO2020236981A5 JPWO2020236981A5 JP2021569072A JP2021569072A JPWO2020236981A5 JP WO2020236981 A5 JPWO2020236981 A5 JP WO2020236981A5 JP 2021569072 A JP2021569072 A JP 2021569072A JP 2021569072 A JP2021569072 A JP 2021569072A JP WO2020236981 A5 JPWO2020236981 A5 JP WO2020236981A5
- Authority
- JP
- Japan
- Prior art keywords
- call
- executable
- symbol
- code
- calls
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Description
より具体的には、いくつかの実施形態において、特定のバイトストリームが実行可能なコードかどうかを検出するように、機械学習モデルを教育してもよい。この機械学習モデルを、その後、一般的に従来の検出ソリューションファイルが分析しない領域を含む、一以上の異なる領域に対して実行し、一以上のファイル内の実行可能なコードを検出してもよい。検出された実行可能コードには、マルウェア検出ソフトウェアで、さらに解析すべくフラグを立ててもよく、これにより隠れたマルウェアペイロードの検出が大幅に改善する。いくつかの実施形態において、ファイルの一部のみをモデルに渡してもよい。いくつかの実施形態において、ファイル内のデータ全体をモデルに渡してもよい。
ポータブル実行可能(PE)ファイル
More specifically, in some embodiments, a machine learning model may be trained to detect whether a particular byte stream is executable code. This machine learning model may then be run against one or more different regions, including regions typically not analyzed by conventional detection solution files, to detect executable code within one or more files. . Detected executable code may be flagged for further analysis by malware detection software, which greatly improves detection of hidden malware payloads. In some embodiments, only part of the file may be passed to the model. In some embodiments, the entire data in the file may be passed to the model.
Portable Executable (PE) File
いくつかの実施形態において、各アーキテクチャについて一旦ランダムフォレストが生成されると、あらゆる入力に対して、その入力に関連するアーキテクチャを判断することなく、3つのモデル306、308、310が同時に実行さることがある。いくつかの実施形態において、ここに記載される機械学習モデルを活用したマルウェア検出モデルに大幅な遅延、又は効率に影響はない。これは、いくつかの実施形態において、各ランダムフォレストモデルの実行が、例えば、O(log(n))の演算を取るためであり、無視できるものである。これは図3で見ることができる。図3は、これら3つの別々のランダムフォレストモデル306、308、310のセットが二回実行された様子を示しており、一回目はPEファイル100のデータディレクトリ112からのバイトに対して実行され(矢印302)、次にPEファイル100のセクション本体116からのバイトに対して実行されている(矢印304)。矢印302の場合、ランダムフォレストモデルによって予測されるアーキテクチャのコード確率は、x 86:P1、x 64:P2、及び.NET:P3である。確率P1、P2、及びP3は、データディレクトリ112からのバイトがそれぞれ実行可能なx86、x64、又は.NETのコードである可能性を示唆している。矢印304の場合、ランダムフォレストモデルによって予測されるアーキテクチャのコード確率は、x 86:P4、x 64:P5、及び.NET:P6である。確率P4、P5、及びP6は、セクション116からのバイトがそれぞれ実行可能なx86、x64、又は.NETのコードである可能性を示唆している。
In some embodiments, once the random forest is generated for each architecture, for every input the three
別の例として、300個の.NETファイルに対してマルウェア検出モデルを実行することによって、ランタイムテストを行った。特徴抽出を行わない場合、当該テストには4秒かかり、特徴抽出を行った場合は、当該テストには約6秒かかかった。全体として、ランタイムの約40%が特徴抽出を構成する。特徴抽出は、これまでに検出されなかったマルウェアの検出の大幅な向上を象徴するものであるため、この増加は許容可能とみなしてもよい。
位置独立コード検出
As another example, runtime testing was performed by running the malware detection model on 300 .NET files. Without feature extraction, the test took 4 seconds, and with feature extraction, the test took about 6 seconds. Overall, approximately 40% of the runtime constitutes feature extraction. This increase may be considered acceptable as feature extraction represents a significant improvement in the detection of previously undetected malware.
Position independent code detection
図14は、ここに記載するいくつかの実施形態による、ライブラリに依存しないコード検出システムの例を示す図である。図14は、いくつかの実施形態において、特にフッキングモジュールが、どのようにして、不審なコードによる独立的な関数へのアクセスの試みを検出するかを例示している。いくつかの実施形態において、例えば、不審なコード1250は、静的又は動的フローを介して対象の関数の取得を試みること、1)インポートされたモジュール1204内のメタデータ(即ち、エクスポートされたヘッダ)を使って対象の関数を見つける試み、2)ローダの内部レコード1252から直接対象のディレクトリを見つける試み、3)対応するトランポリンを介さずに直接対象の関数を呼び出す試みを回避することがある。いずれの場合も、いくつかの実施形態において、不審なコードは、IATテーブル又はローダを介して監視下の関数がロードされた際に、エクスポート関数コード1240の改変アドレスを取得しない。したがって、いくつかの実施形態において、実行時に不審なコードからの呼び出しはトランポリンコード1246にリダイレクトされず、ローダを用いた呼び出しとして検証されない。しかしながら、いくつかの実施形態において、エクスポート関数コード1240を用いて関数を実行しても、呼び出しはフッキングエンジン1242の迂回コード1248に迂回させられる。したがって、いくつかの実施形態において、フッキングエンジンが、迂回コード1248において、呼び出しがトランポリンコード1246をトリガーしなかったため、標準的な(例:静的/動/ローカル)フローを介して完了しなかったことを実証する。したがって、不審なコード1250は、悪意の可能性があるとして、システムによってフラグが立てられる。いくつかの実施形態において、迂回コード1248は、監視下の関数が(動的、静的、又は間接的のいずれかによって)呼び出されたときのみに実行されるコード断片を表している。これは、本明細書のシステムが、対象の関数を改変するために発生する。したがって、トランポリンコード1246を含むいかなる実行ファイルが、エクスポートされた関数の呼び出しを試みても、迂回コードが実行される。
ローカルフロー
FIG. 14 is a diagram illustrating an example of a library independent code detection system, according to some embodiments described herein. FIG. 14 illustrates how, in some embodiments, among other things, the hooking module detects attempts by suspicious code to access independent functions. In some embodiments, for example,
local flow
Claims (22)
複数のコンピュータで実行可能な指示を記憶するように構成された一以上のコンピュータで読取り可能な記憶装置と、
一以上の他のコンピュータで読取り可能な記憶装置と通信可能に接続された一以上のハードウェアコンピュータプロセッサとを備えており、前記一以上のハードウェアコンピュータプロセッサは、複数のコンピュータで実行可能な指示を実行することによって、前記システムに、
監視対象シンボルのインポートアドレステーブル(IAT)エントリを実装する処理を行わせ、前記IATエントリを実装する処理は、
監視対象シンボルのIATエントリ内の監視対象シンボルアドレスを改変アドレスで置換する処理と、
前記改変アドレスの呼び出しに対してトランポリンコードを実行し、監視対象シンボルの呼び出しを検出及び検証する処理と、
前記改変アドレスの呼び出しを監視対象シンボルアドレスにリダイレクトする処理とを含み、
一以上のローダAPI関数を実装する処理を行わせ、前記ローダAPI関数を実装する処理は、
前記一以上のローダAPI関数を改変し、前記トランポリンコードへ導く値を戻す処理と、
前記監視対象シンボルの実行を迂回コードに迂回させて、前記監視対象シンボルの呼び出しを検出及び検証し、
前記監視対象シンボルの呼び出しを前記監視対象シンボルアドレスにリダイレクトする処理とを含み、
前記監視対象シンボルの前記トランポリンコード及び前記迂回コードを監視させて、実行ファイル内の呼び出しが、静的呼び出し、動的呼び出し、又はローカル呼び出しを含んでいるかを判定する処理を行わせ、前記実行ファイルからの呼び出しにローカル呼び出しが含まれているか否かを判定する処理には、前記迂回コードを監視して、リターンアドレスが、前記実行ファイルの前記監視対象シンボルと同じアドレスになっているかを判定する処理が含まれ、
前記システムが、前記実行ファイル内の少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、マルウェア検出システムのために、当該実行ファイルに不審な、又は、悪意ありのフラグを立てる処理を行わせることを特徴とするシステム。 A system for library position independent code detection, comprising:
one or more computer-readable storage devices configured to store a plurality of computer-executable instructions;
and one or more hardware computer processors communicatively coupled to one or more other computer-readable storage devices, the one or more hardware computer processors carrying instructions executable by a plurality of computers. to the system by executing
causing a process of implementing an import address table (IAT) entry for a monitored symbol, and implementing the IAT entry,
a process of replacing the monitored symbol address in the IAT entry of the monitored symbol with the modified address;
executing trampoline code for calls to the modified address to detect and verify calls to monitored symbols;
Redirecting the call to the modified address to the monitored symbol address,
causing a process of implementing one or more loader API functions, the process of implementing the loader API functions comprising:
modifying the one or more loader API functions to return values that lead to the trampoline code;
diverting execution of the watched symbol to a diversion code to detect and verify calls to the watched symbol;
a process of redirecting the call of the monitored symbol to the monitored symbol address;
monitoring the trampoline code and the detour code of the monitoring target symbol to determine whether a call in an executable file includes a static call, a dynamic call, or a local call; Determining whether or not a local call is included in the call from the execution file includes monitoring the detour code and determining whether the return address is the same address as the monitored symbol of the execution file. includes processing,
if the system determines that at least one call in the executable does not contain a static call, a dynamic call, or a local call, the executable is suspicious for a malware detection system; Alternatively, a system characterized by causing processing to raise a malicious flag.
前記トランポリンコード及び前記迂回コードを含むフッキングエンジンと、
呼び出しに関するデータを記憶するように構成された、一以上の呼び出しデータベースとを含むことを特徴とするシステム。 2. The system of claim 1, wherein
a hooking engine including the trampoline code and the detour code;
and one or more call databases configured to store data relating to calls.
コンピュータシステムによって、監視対象シンボルのインポートアドレステーブル(IAT)エントリを実装する処理であって、前記IATエントリを実装する処理には、
監視対象シンボルのIATエントリ内の監視対象シンボルアドレスを改変アドレスで置換する処理と、
前記改変アドレスの呼び出しに対してトランポリンコードを実行し、監視対象シンボルの静的呼び出しを検出及び検証する処理と、
前記改変アドレスの呼び出しを監視対象シンボルアドレスにリダイレクトする処理とが含まれる、処理と、
前記コンピュータシステムによって、一以上のローダAPI関数を実装する処理であって、前記ローダAPI関数を実装する処理には、
前記一以上のローダAPI関数を改変し、前記トランポリンコードへ導く値を戻す処理と、
前記監視対象シンボルの実行を迂回コードに迂回させて、前記監視対象シンボルの呼び出しを検出及び検証する処理と、
前記監視対象シンボルの呼び出しを前記監視対象シンボルアドレスにリダイレクトする処理とが含まれる、処理と、
前記コンピュータシステムによって、前記監視対象シンボルの前記トランポリンコード及び前記迂回コードを監視する処理であって、実行ファイル内の呼び出しが、静的呼び出し、動的呼び出し、又はローカル呼び出しを含んでいるかを判定する処理と、前記実行ファイルからの呼び出しにローカル呼び出しが含まれているか否かを判定する処理には、前記迂回コードを監視して、リターンアドレスが、前記実行ファイルの前記監視対象シンボルと同じアドレスになっているかを判定する処理が含まれ、
前記コンピュータシステムが、前記実行ファイル内の少なくとも1つの呼び出しに、静的呼び出し、動的呼び出し、又はローカル呼び出しが含まれていないと判断した場合、前記コンピュータシステムがマルウェア検出システムのために、当該実行ファイルに不審な、又は、悪意ありのフラグを立てる処理と、を備え、
前記コンピュータシステムはコンピュータプロセッサと電子記憶媒体を備えていることを特徴とする方法。 A computer-implemented method for performing library position-independent code detection, the method comprising:
A process of implementing, by a computer system, an Import Address Table (IAT) entry for a monitored symbol, the process of implementing the IAT entry includes:
a process of replacing the monitored symbol address in the IAT entry of the monitored symbol with the modified address;
executing trampoline code for calls to the modified address to detect and verify static calls to monitored symbols;
a process of redirecting a call to the modified address to a monitored symbol address;
A process of implementing one or more loader API functions by the computer system, the process of implementing the loader API functions comprising:
modifying the one or more loader API functions to return values that lead to the trampoline code;
diverting execution of the monitored symbol to a diversion code to detect and verify calls to the monitored symbol;
a process of redirecting a call to the monitored symbol to the monitored symbol address;
a process of monitoring, by the computer system, the trampoline code and the diversion code of the monitored symbol to determine whether calls in an executable include static, dynamic, or local calls; The process and the process of determining whether a call from the executable file includes a local call include: Includes processing to determine whether
If the computer system determines that at least one call in the executable file does not include a static call, a dynamic call, or a local call, the computer system performs the execution for a malware detection system. flagging a file as suspicious or malicious;
A method, wherein the computer system comprises a computer processor and an electronic storage medium.
13. The method of claim 12 , wherein the at least one call is initiated by the executable calling a watched symbol without triggering the trampoline code.
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962850170P | 2019-05-20 | 2019-05-20 | |
US201962850182P | 2019-05-20 | 2019-05-20 | |
US62/850,182 | 2019-05-20 | ||
US62/850,170 | 2019-05-20 | ||
US201962854118P | 2019-05-29 | 2019-05-29 | |
US62/854,118 | 2019-05-29 | ||
PCT/US2020/033872 WO2020236981A1 (en) | 2019-05-20 | 2020-05-20 | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2022533715A JP2022533715A (en) | 2022-07-25 |
JPWO2020236981A5 true JPWO2020236981A5 (en) | 2023-04-03 |
JP7278423B2 JP7278423B2 (en) | 2023-05-19 |
Family
ID=72241774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2021569072A Active JP7278423B2 (en) | 2019-05-20 | 2020-05-20 | System and method for executable code detection, automatic feature extraction and position independent code detection |
Country Status (5)
Country | Link |
---|---|
US (4) | US10762200B1 (en) |
EP (1) | EP3973427A4 (en) |
JP (1) | JP7278423B2 (en) |
IL (1) | IL288122B2 (en) |
WO (1) | WO2020236981A1 (en) |
Families Citing this family (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
EP3643040A4 (en) | 2017-08-08 | 2021-06-09 | SentinelOne, Inc. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
GB201810294D0 (en) | 2018-06-22 | 2018-08-08 | Senseon Tech Ltd | Cybe defence system |
US11438357B2 (en) | 2018-06-22 | 2022-09-06 | Senseon Tech Ltd | Endpoint network sensor and related cybersecurity infrastructure |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
US11616794B2 (en) * | 2019-05-29 | 2023-03-28 | Bank Of America Corporation | Data management system |
US11868744B2 (en) * | 2019-08-08 | 2024-01-09 | Nec Corporation | Estimation of features corresponding to extracted commands used to divide code of software |
GB201915265D0 (en) | 2019-10-22 | 2019-12-04 | Senseon Tech Ltd | Anomaly detection |
US11550911B2 (en) | 2020-01-31 | 2023-01-10 | Palo Alto Networks, Inc. | Multi-representational learning models for static analysis of source code |
US11615184B2 (en) * | 2020-01-31 | 2023-03-28 | Palo Alto Networks, Inc. | Building multi-representational learning models for static analysis of source code |
US20210303662A1 (en) * | 2020-03-31 | 2021-09-30 | Irdeto B.V. | Systems, methods, and storage media for creating secured transformed code from input code using a neural network to obscure a transformation function |
US11568317B2 (en) * | 2020-05-21 | 2023-01-31 | Paypal, Inc. | Enhanced gradient boosting tree for risk and fraud modeling |
US11803641B2 (en) * | 2020-09-11 | 2023-10-31 | Zscaler, Inc. | Utilizing Machine Learning to detect malicious executable files efficiently and effectively |
US11599342B2 (en) * | 2020-09-28 | 2023-03-07 | Red Hat, Inc. | Pathname independent probing of binaries |
CN112487430A (en) * | 2020-12-01 | 2021-03-12 | 杭州电子科技大学 | Android malicious software detection method |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
CN112528293B (en) * | 2020-12-18 | 2024-04-30 | 中国平安财产保险股份有限公司 | Security vulnerability early warning method, device, equipment and computer readable storage medium |
CN112861131B (en) * | 2021-02-08 | 2022-04-08 | 山东大学 | Library function identification detection method and system based on convolution self-encoder |
US11681810B2 (en) * | 2021-04-05 | 2023-06-20 | International Business Machines Corporation | Traversing software components and dependencies for vulnerability analysis |
CN113378881B (en) * | 2021-05-11 | 2022-06-21 | 广西电网有限责任公司电力科学研究院 | Instruction set identification method and device based on information entropy gain SVM model |
CN113837305B (en) * | 2021-09-29 | 2022-09-23 | 北京百度网讯科技有限公司 | Target detection and model training method, device, equipment and storage medium |
WO2023076089A1 (en) * | 2021-10-28 | 2023-05-04 | Imanage Llc | Ransomware detection and mitigation |
US20230195896A1 (en) * | 2021-12-21 | 2023-06-22 | Palo Alto Networks, Inc. | Identification of .net malware with "unmanaged imphash" |
US20230344838A1 (en) * | 2022-04-26 | 2023-10-26 | Palo Alto Networks, Inc. | Detecting microsoft .net malware using machine learning on .net structure |
CN115033895B (en) * | 2022-08-12 | 2022-12-09 | 中国电子科技集团公司第三十研究所 | Binary program supply chain safety detection method and device |
CN115361027B (en) * | 2022-10-18 | 2023-03-24 | 江苏量超科技有限公司 | Sewage treatment effect identification method |
CN115576840B (en) * | 2022-11-01 | 2023-04-18 | 中国科学院软件研究所 | Static program pile insertion detection method and device based on machine learning |
CN116992447B (en) * | 2023-09-21 | 2023-12-15 | 北京安天网络安全技术有限公司 | Malicious file detection method, electronic equipment and storage medium |
Family Cites Families (445)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4979118A (en) | 1989-03-10 | 1990-12-18 | Gte Laboratories Incorporated | Predictive access-control and routing system for integrated services telecommunication networks |
US5311593A (en) | 1992-05-13 | 1994-05-10 | Chipcom Corporation | Security system for a network concentrator |
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US6167520A (en) | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
US6154844A (en) | 1996-11-08 | 2000-11-28 | Finjan Software, Ltd. | System and method for attaching a downloadable security profile to a downloadable |
SE513828C2 (en) | 1998-07-02 | 2000-11-13 | Effnet Group Ab | Firewall device and method for controlling network data packet traffic between internal and external networks |
US6157953A (en) | 1998-07-28 | 2000-12-05 | Sun Microsystems, Inc. | Authentication and access control in a management console program for managing services in a computer network |
WO2000034867A1 (en) | 1998-12-09 | 2000-06-15 | Network Ice Corporation | A method and apparatus for providing network and computer system security |
US7299294B1 (en) | 1999-11-10 | 2007-11-20 | Emc Corporation | Distributed traffic controller for network data |
US7107347B1 (en) | 1999-11-15 | 2006-09-12 | Fred Cohen | Method and apparatus for network deception/emulation |
US6836888B1 (en) | 2000-03-17 | 2004-12-28 | Lucent Technologies Inc. | System for reverse sandboxing |
US7574740B1 (en) | 2000-04-28 | 2009-08-11 | International Business Machines Corporation | Method and system for intrusion detection in a computer network |
US6728716B1 (en) | 2000-05-16 | 2004-04-27 | International Business Machines Corporation | Client-server filter computing system supporting relational database records and linked external files operable for distributed file system |
US20020010800A1 (en) | 2000-05-18 | 2002-01-24 | Riley Richard T. | Network access control system and method |
US7093239B1 (en) | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
US7181769B1 (en) | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US6985845B1 (en) | 2000-09-26 | 2006-01-10 | Koninklijke Philips Electronics N.V. | Security monitor of system runs software simulator in parallel |
US20020078382A1 (en) | 2000-11-29 | 2002-06-20 | Ali Sheikh | Scalable system for monitoring network system and components and methodology therefore |
US6868069B2 (en) | 2001-01-16 | 2005-03-15 | Networks Associates Technology, Inc. | Method and apparatus for passively calculating latency for a network appliance |
US20020095607A1 (en) | 2001-01-18 | 2002-07-18 | Catherine Lin-Hendel | Security protection for computers and computer-networks |
US7613930B2 (en) | 2001-01-19 | 2009-11-03 | Trustware International Limited | Method for protecting computer programs and data from hostile code |
US20110178930A1 (en) | 2001-01-30 | 2011-07-21 | Scheidt Edward M | Multiple Level Access with SILOS |
US7543269B2 (en) | 2001-03-26 | 2009-06-02 | Biglever Software, Inc. | Software customization system and method |
US7188368B2 (en) | 2001-05-25 | 2007-03-06 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for repairing damage to a computer system using a system rollback mechanism |
US20020194489A1 (en) | 2001-06-18 | 2002-12-19 | Gal Almogy | System and method of virus containment in computer networks |
EP1430377A1 (en) | 2001-09-28 | 2004-06-23 | BRITISH TELECOMMUNICATIONS public limited company | Agent-based intrusion detection system |
US7308710B2 (en) | 2001-09-28 | 2007-12-11 | Jp Morgan Chase Bank | Secured FTP architecture |
US7644436B2 (en) | 2002-01-24 | 2010-01-05 | Arxceo Corporation | Intelligent firewall |
US7076803B2 (en) | 2002-01-28 | 2006-07-11 | International Business Machines Corporation | Integrated intrusion detection services |
US7222366B2 (en) | 2002-01-28 | 2007-05-22 | International Business Machines Corporation | Intrusion event filtering |
US7174566B2 (en) | 2002-02-01 | 2007-02-06 | Intel Corporation | Integrated network intrusion detection |
US7133368B2 (en) | 2002-02-01 | 2006-11-07 | Microsoft Corporation | Peer-to-peer method of quality of service (QoS) probing and analysis and infrastructure employing same |
US20030188189A1 (en) | 2002-03-27 | 2003-10-02 | Desai Anish P. | Multi-level and multi-platform intrusion detection and response system |
US20030223367A1 (en) | 2002-03-29 | 2003-12-04 | Shay A. David | Methods for identifying network traffic flows |
US7322044B2 (en) | 2002-06-03 | 2008-01-22 | Airdefense, Inc. | Systems and methods for automated network policy exception detection and correction |
AU2003259240A1 (en) | 2002-07-26 | 2004-02-16 | Green Border Technologies, Inc. | Transparent configuration authentication of networked devices |
US20120023572A1 (en) | 2010-07-23 | 2012-01-26 | Q-Track Corporation | Malicious Attack Response System and Associated Method |
JP3794491B2 (en) | 2002-08-20 | 2006-07-05 | 日本電気株式会社 | Attack defense system and attack defense method |
US7076696B1 (en) | 2002-08-20 | 2006-07-11 | Juniper Networks, Inc. | Providing failover assurance in a device |
US7305546B1 (en) | 2002-08-29 | 2007-12-04 | Sprint Communications Company L.P. | Splicing of TCP/UDP sessions in a firewalled network environment |
US8046835B2 (en) | 2002-10-23 | 2011-10-25 | Frederick S. M. Herz | Distributed computer network security activity model SDI-SCAM |
US9503470B2 (en) | 2002-12-24 | 2016-11-22 | Fred Herz Patents, LLC | Distributed agent based model for security monitoring and response |
US8327442B2 (en) | 2002-12-24 | 2012-12-04 | Herz Frederick S M | System and method for a distributed application and network security system (SDI-SCAM) |
US9197668B2 (en) | 2003-02-28 | 2015-11-24 | Novell, Inc. | Access control to files based on source information |
US7926104B1 (en) | 2003-04-16 | 2011-04-12 | Verizon Corporate Services Group Inc. | Methods and systems for network attack detection and prevention through redirection |
US8024795B2 (en) | 2003-05-09 | 2011-09-20 | Q1 Labs, Inc. | Network intelligence system |
US7523485B1 (en) | 2003-05-21 | 2009-04-21 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US20040243699A1 (en) | 2003-05-29 | 2004-12-02 | Mike Koclanes | Policy based management of storage resources |
US20050108562A1 (en) * | 2003-06-18 | 2005-05-19 | Khazan Roger I. | Technique for detecting executable malicious code using a combination of static and dynamic analyses |
US7596807B2 (en) | 2003-07-03 | 2009-09-29 | Arbor Networks, Inc. | Method and system for reducing scope of self-propagating attack code in network |
US7984129B2 (en) | 2003-07-11 | 2011-07-19 | Computer Associates Think, Inc. | System and method for high-performance profiling of application events |
WO2005017690A2 (en) | 2003-08-11 | 2005-02-24 | Chorus Systems, Inc. | Systems and methods for creation and use of an adaptive reference model |
US8127356B2 (en) | 2003-08-27 | 2012-02-28 | International Business Machines Corporation | System, method and program product for detecting unknown computer attacks |
US9130921B2 (en) | 2003-09-30 | 2015-09-08 | Ca, Inc. | System and method for bridging identities in a service oriented architectureprofiling |
US7886348B2 (en) | 2003-10-03 | 2011-02-08 | Verizon Services Corp. | Security management system for monitoring firewall operation |
US7421734B2 (en) | 2003-10-03 | 2008-09-02 | Verizon Services Corp. | Network firewall test methods and apparatus |
US8713306B1 (en) | 2003-10-14 | 2014-04-29 | Symantec Corporation | Network decoys |
WO2005043279A2 (en) | 2003-10-31 | 2005-05-12 | Disksites Research And Development Ltd. | Device, system and method for storage and access of computer files |
US7978716B2 (en) | 2003-11-24 | 2011-07-12 | Citrix Systems, Inc. | Systems and methods for providing a VPN solution |
US20050138402A1 (en) | 2003-12-23 | 2005-06-23 | Yoon Jeonghee M. | Methods and apparatus for hierarchical system validation |
CN101032142B (en) | 2003-12-29 | 2011-05-18 | 艾利森电话股份有限公司 | Means and methods for signal sign-on access to service network through access network |
US7546587B2 (en) * | 2004-03-01 | 2009-06-09 | Microsoft Corporation | Run-time call stack verification |
US7739516B2 (en) * | 2004-03-05 | 2010-06-15 | Microsoft Corporation | Import address table verification |
US8140694B2 (en) | 2004-03-15 | 2012-03-20 | Hewlett-Packard Development Company, L.P. | Method and apparatus for effecting secure communications |
DE602005000898T2 (en) | 2004-03-16 | 2008-01-17 | At&T Corp. | Procedure and apparatus for providing mobile honeypots |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US7966658B2 (en) | 2004-04-08 | 2011-06-21 | The Regents Of The University Of California | Detecting public network attacks using signatures and fast content analysis |
US20050240989A1 (en) | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US7596808B1 (en) | 2004-04-30 | 2009-09-29 | Tw Acquisition, Inc. | Zero hop algorithm for network threat identification and mitigation |
US7225468B2 (en) | 2004-05-07 | 2007-05-29 | Digital Security Networks, Llc | Methods and apparatus for computer network security using intrusion detection and prevention |
WO2005116797A1 (en) | 2004-05-19 | 2005-12-08 | Computer Associates Think, Inc. | Method and system for isolating suspicious email |
US7657735B2 (en) | 2004-08-19 | 2010-02-02 | At&T Corp | System and method for monitoring network traffic |
JP2006106939A (en) | 2004-10-01 | 2006-04-20 | Hitachi Ltd | Hacking detection method, hacking detection apparatus, and program |
US8196199B2 (en) | 2004-10-19 | 2012-06-05 | Airdefense, Inc. | Personal wireless monitoring agent |
KR100612452B1 (en) | 2004-11-08 | 2006-08-16 | 삼성전자주식회사 | Apparatus and Method for Detecting Malicious Code |
CN101076980A (en) | 2004-11-11 | 2007-11-21 | 三菱电机株式会社 | IP packet relay method and gateway device in communication network |
US8117659B2 (en) | 2005-12-28 | 2012-02-14 | Microsoft Corporation | Malicious code infection cause-and-effect analysis |
US20060161989A1 (en) | 2004-12-13 | 2006-07-20 | Eran Reshef | System and method for deterring rogue users from attacking protected legitimate users |
US7937755B1 (en) | 2005-01-27 | 2011-05-03 | Juniper Networks, Inc. | Identification of network policy violations |
US7613193B2 (en) | 2005-02-04 | 2009-11-03 | Nokia Corporation | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US20060203774A1 (en) | 2005-03-10 | 2006-09-14 | Nokia Corporation | System, method and apparatus for selecting a remote tunnel endpoint for accessing packet data services |
US8065722B2 (en) | 2005-03-21 | 2011-11-22 | Wisconsin Alumni Research Foundation | Semantically-aware network intrusion signature generator |
WO2006107712A2 (en) | 2005-04-04 | 2006-10-12 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for defending against zero-day worm-based attacks |
US10225282B2 (en) | 2005-04-14 | 2019-03-05 | International Business Machines Corporation | System, method and program product to identify a distributed denial of service attack |
US20070097976A1 (en) | 2005-05-20 | 2007-05-03 | Wood George D | Suspect traffic redirection |
GB0513375D0 (en) | 2005-06-30 | 2005-08-03 | Retento Ltd | Computer security |
US20080229415A1 (en) | 2005-07-01 | 2008-09-18 | Harsh Kapoor | Systems and methods for processing data flows |
CA2514039A1 (en) | 2005-07-28 | 2007-01-28 | Third Brigade Inc. | Tcp normalization engine |
US8015605B2 (en) | 2005-08-29 | 2011-09-06 | Wisconsin Alumni Research Foundation | Scalable monitor of malicious network traffic |
US20070067623A1 (en) | 2005-09-22 | 2007-03-22 | Reflex Security, Inc. | Detection of system compromise by correlation of information objects |
US7743418B2 (en) | 2005-10-31 | 2010-06-22 | Microsoft Corporation | Identifying malware that employs stealth techniques |
US7756834B2 (en) | 2005-11-03 | 2010-07-13 | I365 Inc. | Malware and spyware attack recovery system and method |
US7710933B1 (en) | 2005-12-08 | 2010-05-04 | Airtight Networks, Inc. | Method and system for classification of wireless devices in local area computer networks |
US7757289B2 (en) | 2005-12-12 | 2010-07-13 | Finjan, Inc. | System and method for inspecting dynamically generated executable code |
US20070143851A1 (en) | 2005-12-21 | 2007-06-21 | Fiberlink | Method and systems for controlling access to computing resources based on known security vulnerabilities |
US20070143827A1 (en) | 2005-12-21 | 2007-06-21 | Fiberlink | Methods and systems for intelligently controlling access to computing resources |
US9407662B2 (en) | 2005-12-29 | 2016-08-02 | Nextlabs, Inc. | Analyzing activity data of an information management system |
US7711800B2 (en) | 2006-01-31 | 2010-05-04 | Microsoft Corporation | Network connectivity determination |
US8443442B2 (en) | 2006-01-31 | 2013-05-14 | The Penn State Research Foundation | Signature-free buffer overflow attack blocker |
US7882538B1 (en) | 2006-02-02 | 2011-02-01 | Juniper Networks, Inc. | Local caching of endpoint security information |
US7774459B2 (en) | 2006-03-01 | 2010-08-10 | Microsoft Corporation | Honey monkey network exploration |
US8528057B1 (en) | 2006-03-07 | 2013-09-03 | Emc Corporation | Method and apparatus for account virtualization |
WO2007107766A1 (en) | 2006-03-22 | 2007-09-27 | British Telecommunications Public Limited Company | Method and apparatus for automated testing software |
US9171157B2 (en) | 2006-03-28 | 2015-10-27 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
US8528087B2 (en) | 2006-04-27 | 2013-09-03 | Robot Genius, Inc. | Methods for combating malicious software |
US7849507B1 (en) | 2006-04-29 | 2010-12-07 | Ironport Systems, Inc. | Apparatus for filtering server responses |
US7890612B2 (en) | 2006-05-08 | 2011-02-15 | Electro Guard Corp. | Method and apparatus for regulating data flow between a communications device and a network |
US20070282782A1 (en) | 2006-05-31 | 2007-12-06 | Carey Julie M | Method, system, and program product for managing information for a network topology change |
WO2008002819A2 (en) | 2006-06-29 | 2008-01-03 | Energy Recovery, Inc. | Rotary pressure transfer devices |
US8479288B2 (en) | 2006-07-21 | 2013-07-02 | Research In Motion Limited | Method and system for providing a honeypot mode for an electronic device |
US8190868B2 (en) | 2006-08-07 | 2012-05-29 | Webroot Inc. | Malware management through kernel detection |
US8230505B1 (en) | 2006-08-11 | 2012-07-24 | Avaya Inc. | Method for cooperative intrusion prevention through collaborative inference |
US7934258B2 (en) | 2006-08-17 | 2011-04-26 | Informod Control Inc. | System and method for remote authentication security management |
JP2008066903A (en) | 2006-09-06 | 2008-03-21 | Nec Corp | Intrusion detection system, its method, and communication device using it |
US8453234B2 (en) | 2006-09-20 | 2013-05-28 | Clearwire Ip Holdings Llc | Centralized security management system |
US7802050B2 (en) | 2006-09-29 | 2010-09-21 | Intel Corporation | Monitoring a target agent execution pattern on a VT-enabled system |
KR100798923B1 (en) | 2006-09-29 | 2008-01-29 | 한국전자통신연구원 | An attack taxonomy for computer and network security and storage media for recording program using the same |
US9824107B2 (en) | 2006-10-25 | 2017-11-21 | Entit Software Llc | Tracking changing state data to assist in computer network security |
US8181248B2 (en) | 2006-11-23 | 2012-05-15 | Electronics And Telecommunications Research Institute | System and method of detecting anomaly malicious code by using process behavior prediction technique |
US8949986B2 (en) | 2006-12-29 | 2015-02-03 | Intel Corporation | Network security elements using endpoint resources |
US20080162397A1 (en) | 2007-01-03 | 2008-07-03 | Ori Zaltzman | Method for Analyzing Activities Over Information Networks |
US8156557B2 (en) | 2007-01-04 | 2012-04-10 | Cisco Technology, Inc. | Protection against reflection distributed denial of service attacks |
JP2008172483A (en) | 2007-01-11 | 2008-07-24 | Matsushita Electric Ind Co Ltd | Communication system, and doorphone system |
US8171545B1 (en) | 2007-02-14 | 2012-05-01 | Symantec Corporation | Process profiling for behavioral anomaly detection |
US8082471B2 (en) | 2007-05-11 | 2011-12-20 | Microsoft Corporation | Self healing software |
US20120084866A1 (en) | 2007-06-12 | 2012-04-05 | Stolfo Salvatore J | Methods, systems, and media for measuring computer security |
US9009829B2 (en) | 2007-06-12 | 2015-04-14 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for baiting inside attackers |
US8170712B2 (en) | 2007-06-26 | 2012-05-01 | Amazon Technologies, Inc. | Method and apparatus for non-linear unit-level sortation in order fulfillment processes |
US8373538B1 (en) | 2007-09-12 | 2013-02-12 | Oceans' Edge, Inc. | Mobile device monitoring and control system |
US7620992B2 (en) | 2007-10-02 | 2009-11-17 | Kaspersky Lab Zao | System and method for detecting multi-component malware |
CN101350052B (en) | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | Method and apparatus for discovering malignancy of computer program |
US8880435B1 (en) | 2007-10-26 | 2014-11-04 | Bank Of America Corporation | Detection and tracking of unauthorized computer access attempts |
US8667582B2 (en) | 2007-12-10 | 2014-03-04 | Mcafee, Inc. | System, method, and computer program product for directing predetermined network traffic to a honeypot |
US20090158407A1 (en) | 2007-12-13 | 2009-06-18 | Fiberlink Communications Corporation | Api translation for network access control (nac) agent |
KR101407501B1 (en) | 2007-12-27 | 2014-06-17 | 삼성전자주식회사 | Portable terminal having the rear key pad |
US8595834B2 (en) | 2008-02-04 | 2013-11-26 | Samsung Electronics Co., Ltd | Detecting unauthorized use of computing devices based on behavioral patterns |
US8078556B2 (en) | 2008-02-20 | 2011-12-13 | International Business Machines Corporation | Generating complex event processing rules utilizing machine learning from multiple events |
US9130986B2 (en) | 2008-03-19 | 2015-09-08 | Websense, Inc. | Method and system for protection against information stealing software |
US8146147B2 (en) | 2008-03-27 | 2012-03-27 | Juniper Networks, Inc. | Combined firewalls |
US8713666B2 (en) | 2008-03-27 | 2014-04-29 | Check Point Software Technologies, Ltd. | Methods and devices for enforcing network access control utilizing secure packet tagging |
US8281377B1 (en) | 2008-04-15 | 2012-10-02 | Desktone, Inc. | Remote access manager for virtual computing services |
US8073945B2 (en) | 2008-04-25 | 2011-12-06 | At&T Intellectual Property I, L.P. | Method and apparatus for providing a measurement of performance for a network |
US8144725B2 (en) | 2008-05-28 | 2012-03-27 | Apple Inc. | Wireless femtocell setup methods and apparatus |
US8839387B2 (en) | 2009-01-28 | 2014-09-16 | Headwater Partners I Llc | Roaming services network and overlay networks |
US9122895B2 (en) | 2008-06-25 | 2015-09-01 | Microsoft Technology Licensing, Llc | Authorization for transient storage devices with multiple authentication silos |
CN101304409B (en) | 2008-06-28 | 2011-04-13 | 成都市华为赛门铁克科技有限公司 | Method and system for detecting malice code |
US8181250B2 (en) | 2008-06-30 | 2012-05-15 | Microsoft Corporation | Personalized honeypot for detecting information leaks and security breaches |
US8181033B1 (en) | 2008-07-01 | 2012-05-15 | Mcafee, Inc. | Data leakage prevention system, method, and computer program product for preventing a predefined type of operation on predetermined data |
US8353033B1 (en) | 2008-07-02 | 2013-01-08 | Symantec Corporation | Collecting malware samples via unauthorized download protection |
US7530106B1 (en) | 2008-07-02 | 2009-05-05 | Kaspersky Lab, Zao | System and method for security rating of computer processes |
US8413238B1 (en) | 2008-07-21 | 2013-04-02 | Zscaler, Inc. | Monitoring darknet access to identify malicious activity |
US20130247190A1 (en) | 2008-07-22 | 2013-09-19 | Joel R. Spurlock | System, method, and computer program product for utilizing a data structure including event relationships to detect unwanted activity |
US9098698B2 (en) | 2008-09-12 | 2015-08-04 | George Mason Research Foundation, Inc. | Methods and apparatus for application isolation |
MY146995A (en) | 2008-09-12 | 2012-10-15 | Mimos Bhd | A honeypot host |
US8370931B1 (en) | 2008-09-17 | 2013-02-05 | Trend Micro Incorporated | Multi-behavior policy matching for malware detection |
US9117078B1 (en) | 2008-09-17 | 2015-08-25 | Trend Micro Inc. | Malware behavior analysis and policy creation |
US9781148B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
US8984628B2 (en) | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
US8769684B2 (en) | 2008-12-02 | 2014-07-01 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for masquerade attack detection by monitoring computer user behavior |
MY151479A (en) | 2008-12-16 | 2014-05-30 | Secure Corp M Sdn Bhd F | Method and apparatus for detecting shellcode insertion |
KR20100078081A (en) | 2008-12-30 | 2010-07-08 | (주) 세인트 시큐리티 | System and method for detecting unknown malicious codes by analyzing kernel based system events |
US8474044B2 (en) | 2009-01-05 | 2013-06-25 | Cisco Technology, Inc | Attack-resistant verification of auto-generated anti-malware signatures |
DE102009016532A1 (en) | 2009-04-06 | 2010-10-07 | Giesecke & Devrient Gmbh | Method for carrying out an application using a portable data carrier |
US8438386B2 (en) | 2009-04-21 | 2013-05-07 | Webroot Inc. | System and method for developing a risk profile for an internet service |
US20140046645A1 (en) | 2009-05-04 | 2014-02-13 | Camber Defense Security And Systems Solutions, Inc. | Systems and methods for network monitoring and analysis of a simulated network |
US8732296B1 (en) | 2009-05-06 | 2014-05-20 | Mcafee, Inc. | System, method, and computer program product for redirecting IRC traffic identified utilizing a port-independent algorithm and controlling IRC based malware |
US20100299430A1 (en) | 2009-05-22 | 2010-11-25 | Architecture Technology Corporation | Automated acquisition of volatile forensic evidence from network devices |
US8205035B2 (en) | 2009-06-22 | 2012-06-19 | Citrix Systems, Inc. | Systems and methods for integration between application firewall and caching |
US8607340B2 (en) | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
US8776218B2 (en) | 2009-07-21 | 2014-07-08 | Sophos Limited | Behavioral-based host intrusion prevention system |
US8793151B2 (en) | 2009-08-28 | 2014-07-29 | Src, Inc. | System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology |
US8413241B2 (en) | 2009-09-17 | 2013-04-02 | Oracle America, Inc. | Integrated intrusion deflection, detection and introspection |
US20120137367A1 (en) | 2009-11-06 | 2012-05-31 | Cataphora, Inc. | Continuous anomaly detection based on behavior modeling and heterogeneous information analysis |
US8850428B2 (en) | 2009-11-12 | 2014-09-30 | Trustware International Limited | User transparent virtualization method for protecting computer programs and data from hostile code |
US8488466B2 (en) | 2009-12-16 | 2013-07-16 | Vss Monitoring, Inc. | Systems, methods, and apparatus for detecting a pattern within a data packet and detecting data packets related to a data packet including a detected pattern |
US8438626B2 (en) | 2009-12-23 | 2013-05-07 | Citrix Systems, Inc. | Systems and methods for processing application firewall session information on owner core in multiple core system |
US8528091B2 (en) | 2009-12-31 | 2013-09-03 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for detecting covert malware |
US8307434B2 (en) | 2010-01-27 | 2012-11-06 | Mcafee, Inc. | Method and system for discrete stateful behavioral analysis |
US8949988B2 (en) | 2010-02-26 | 2015-02-03 | Juniper Networks, Inc. | Methods for proactively securing a web application and apparatuses thereof |
US8984621B2 (en) | 2010-02-27 | 2015-03-17 | Novell, Inc. | Techniques for secure access management in virtual environments |
US20110219449A1 (en) | 2010-03-04 | 2011-09-08 | St Neitzel Michael | Malware detection method, system and computer program product |
US20110219443A1 (en) | 2010-03-05 | 2011-09-08 | Alcatel-Lucent Usa, Inc. | Secure connection initiation with hosts behind firewalls |
US8826268B2 (en) | 2010-03-08 | 2014-09-02 | Microsoft Corporation | Virtual software application deployment configurations |
US8549643B1 (en) | 2010-04-02 | 2013-10-01 | Symantec Corporation | Using decoys by a data loss prevention system to protect against unscripted activity |
US8707427B2 (en) | 2010-04-06 | 2014-04-22 | Triumfant, Inc. | Automated malware detection and remediation |
KR101661161B1 (en) | 2010-04-07 | 2016-10-10 | 삼성전자주식회사 | Apparatus and method for filtering ip packet in mobile communication terminal |
US9213838B2 (en) | 2011-05-13 | 2015-12-15 | Mcafee Ireland Holdings Limited | Systems and methods of processing data associated with detection and/or handling of malware |
US8627475B2 (en) | 2010-04-08 | 2014-01-07 | Microsoft Corporation | Early detection of potential malware |
US8464345B2 (en) | 2010-04-28 | 2013-06-11 | Symantec Corporation | Behavioral signature generation using clustering |
US8733732B2 (en) | 2010-05-24 | 2014-05-27 | Eaton Corporation | Pressurized o-ring pole piece seal for a manifold |
US9239909B2 (en) | 2012-01-25 | 2016-01-19 | Bromium, Inc. | Approaches for protecting sensitive data within a guest operating system |
WO2012011070A1 (en) | 2010-07-21 | 2012-01-26 | Seculert Ltd. | Network protection system and method |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
AU2011293160B2 (en) | 2010-08-26 | 2015-04-09 | Verisign, Inc. | Method and system for automatic detection and analysis of malware |
JP4802295B1 (en) | 2010-08-31 | 2011-10-26 | 株式会社スプリングソフト | Network system and virtual private connection forming method |
US8607054B2 (en) | 2010-10-15 | 2013-12-10 | Microsoft Corporation | Remote access to hosted virtual machines by enterprise users |
US8850172B2 (en) | 2010-11-15 | 2014-09-30 | Microsoft Corporation | Analyzing performance of computing devices in usage scenarios |
US9690915B2 (en) | 2010-11-29 | 2017-06-27 | Biocatch Ltd. | Device, method, and system of detecting remote access users and differentiating among users |
US9349006B2 (en) | 2010-11-29 | 2016-05-24 | Beijing Qihoo Technology Company Limited | Method and device for program identification based on machine learning |
US8782791B2 (en) | 2010-12-01 | 2014-07-15 | Symantec Corporation | Computer virus detection systems and methods |
US20120151565A1 (en) | 2010-12-10 | 2012-06-14 | Eric Fiterman | System, apparatus and method for identifying and blocking anomalous or improper use of identity information on computer networks |
US10574630B2 (en) | 2011-02-15 | 2020-02-25 | Webroot Inc. | Methods and apparatus for malware threat research |
US8555385B1 (en) | 2011-03-14 | 2013-10-08 | Symantec Corporation | Techniques for behavior based malware analysis |
US8725898B1 (en) | 2011-03-17 | 2014-05-13 | Amazon Technologies, Inc. | Scalable port address translations |
US8959569B2 (en) | 2011-03-18 | 2015-02-17 | Juniper Networks, Inc. | Security enforcement in virtualized systems |
US20120255003A1 (en) | 2011-03-31 | 2012-10-04 | Mcafee, Inc. | System and method for securing access to the objects of an operating system |
US8863283B2 (en) | 2011-03-31 | 2014-10-14 | Mcafee, Inc. | System and method for securing access to system calls |
US8042186B1 (en) | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
WO2012154664A2 (en) | 2011-05-06 | 2012-11-15 | University Of North Carolina At Chapel Hill | Methods, systems, and computer readable media for detecting injected machine code |
US8955037B2 (en) | 2011-05-11 | 2015-02-10 | Oracle International Corporation | Access management architecture |
US9436826B2 (en) | 2011-05-16 | 2016-09-06 | Microsoft Technology Licensing, Llc | Discovering malicious input files and performing automatic and distributed remediation |
US8849880B2 (en) | 2011-05-18 | 2014-09-30 | Hewlett-Packard Development Company, L.P. | Providing a shadow directory and virtual files to store metadata |
US8966625B1 (en) | 2011-05-24 | 2015-02-24 | Palo Alto Networks, Inc. | Identification of malware sites using unknown URL sites and newly registered DNS addresses |
US8738765B2 (en) | 2011-06-14 | 2014-05-27 | Lookout, Inc. | Mobile device DNS optimization |
KR101206853B1 (en) | 2011-06-23 | 2012-11-30 | 주식회사 잉카인터넷 | System and method for controlling network access |
US8893278B1 (en) | 2011-07-12 | 2014-11-18 | Trustwave Holdings, Inc. | Detecting malware communication on an infected computing device |
EP2737404A4 (en) | 2011-07-26 | 2015-04-29 | Light Cyber Ltd | A method for detecting anomaly action within a computer network |
KR101380966B1 (en) | 2011-08-24 | 2014-05-02 | 주식회사 팬택 | Apparatus and Method for Security in Mobile Terminal |
US9037642B2 (en) | 2011-08-29 | 2015-05-19 | Fiberlink Communications Corporation | Platform for deployment and distribution of modules to endpoints |
US9027124B2 (en) | 2011-09-06 | 2015-05-05 | Broadcom Corporation | System for monitoring an operation of a device |
US9672355B2 (en) | 2011-09-16 | 2017-06-06 | Veracode, Inc. | Automated behavioral and static analysis using an instrumented sandbox and machine learning classification for mobile security |
WO2013048986A1 (en) | 2011-09-26 | 2013-04-04 | Knoa Software, Inc. | Method, system and program product for allocation and/or prioritization of electronic resources |
US8473748B2 (en) | 2011-09-27 | 2013-06-25 | George P. Sampas | Mobile device-based authentication |
US8806639B2 (en) | 2011-09-30 | 2014-08-12 | Avaya Inc. | Contextual virtual machines for application quarantine and assessment method and system |
US10025928B2 (en) | 2011-10-03 | 2018-07-17 | Webroot Inc. | Proactive browser content analysis |
US20130104197A1 (en) | 2011-10-23 | 2013-04-25 | Gopal Nandakumar | Authentication system |
WO2013063474A1 (en) | 2011-10-28 | 2013-05-02 | Scargo, Inc. | Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware |
US20130152200A1 (en) | 2011-12-09 | 2013-06-13 | Christoph Alme | Predictive Heap Overflow Protection |
DE102011056502A1 (en) | 2011-12-15 | 2013-06-20 | Avira Holding GmbH | Method and apparatus for automatically generating virus descriptions |
EP2611106A1 (en) | 2012-01-02 | 2013-07-03 | Telefónica, S.A. | System for automated prevention of fraud |
US9772832B2 (en) | 2012-01-20 | 2017-09-26 | S-Printing Solution Co., Ltd. | Computing system with support for ecosystem mechanism and method of operation thereof |
US9659173B2 (en) | 2012-01-31 | 2017-05-23 | International Business Machines Corporation | Method for detecting a malware |
JP5792654B2 (en) | 2012-02-15 | 2015-10-14 | 株式会社日立製作所 | Security monitoring system and security monitoring method |
US8904239B2 (en) | 2012-02-17 | 2014-12-02 | American Express Travel Related Services Company, Inc. | System and method for automated test configuration and evaluation |
US9356942B1 (en) | 2012-03-05 | 2016-05-31 | Neustar, Inc. | Method and system for detecting network compromise |
US9081747B1 (en) | 2012-03-06 | 2015-07-14 | Big Bang Llc | Computer program deployment to one or more target devices |
US20130239192A1 (en) * | 2012-03-09 | 2013-09-12 | RAPsphere, Inc. | Method and apparatus for securing mobile applications |
US9734333B2 (en) | 2012-04-17 | 2017-08-15 | Heat Software Usa Inc. | Information security techniques including detection, interdiction and/or mitigation of memory injection attacks |
US8959362B2 (en) | 2012-04-30 | 2015-02-17 | General Electric Company | Systems and methods for controlling file execution for industrial control systems |
US8990948B2 (en) | 2012-05-01 | 2015-03-24 | Taasera, Inc. | Systems and methods for orchestrating runtime operational integrity |
US8713658B1 (en) | 2012-05-25 | 2014-04-29 | Graphon Corporation | System for and method of providing single sign-on (SSO) capability in an application publishing environment |
US9043903B2 (en) | 2012-06-08 | 2015-05-26 | Crowdstrike, Inc. | Kernel-level security agent |
US9787589B2 (en) | 2012-06-08 | 2017-10-10 | Apple Inc. | Filtering of unsolicited incoming packets to electronic devices |
US8789135B1 (en) | 2012-06-15 | 2014-07-22 | Google Inc. | Scalable stateful firewall design in openflow based networks |
GB2503230A (en) | 2012-06-19 | 2013-12-25 | Appsense Ltd | Location based network access |
US8732791B2 (en) | 2012-06-20 | 2014-05-20 | Sophos Limited | Multi-part internal-external process system for providing virtualization security protection |
US9736260B2 (en) | 2012-06-21 | 2017-08-15 | Cisco Technology, Inc. | Redirecting from a cloud service to a third party website to save costs without sacrificing security |
US9043920B2 (en) | 2012-06-27 | 2015-05-26 | Tenable Network Security, Inc. | System and method for identifying exploitable weak points in a network |
US9319417B2 (en) | 2012-06-28 | 2016-04-19 | Fortinet, Inc. | Data leak protection |
US9021592B2 (en) | 2012-07-12 | 2015-04-28 | International Business Machines Corporation | Source code analysis of inter-related code bases |
US9245120B2 (en) | 2012-07-13 | 2016-01-26 | Cisco Technologies, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning |
US8821242B2 (en) | 2012-07-25 | 2014-09-02 | Lumos Labs, Inc. | Systems and methods for enhancing cognition |
US20140053267A1 (en) | 2012-08-20 | 2014-02-20 | Trusteer Ltd. | Method for identifying malicious executables |
US9087191B2 (en) * | 2012-08-24 | 2015-07-21 | Vmware, Inc. | Method and system for facilitating isolated workspace for applications |
US8984331B2 (en) | 2012-09-06 | 2015-03-17 | Triumfant, Inc. | Systems and methods for automated memory and thread execution anomaly detection in a computer network |
US9117087B2 (en) | 2012-09-06 | 2015-08-25 | Box, Inc. | System and method for creating a secure channel for inter-application communication based on intents |
US9292688B2 (en) | 2012-09-26 | 2016-03-22 | Northrop Grumman Systems Corporation | System and method for automated machine-learning, zero-day malware detection |
US9485276B2 (en) | 2012-09-28 | 2016-11-01 | Juniper Networks, Inc. | Dynamic service handling using a honeypot |
US20140096229A1 (en) | 2012-09-28 | 2014-04-03 | Juniper Networks, Inc. | Virtual honeypot |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US9369476B2 (en) | 2012-10-18 | 2016-06-14 | Deutsche Telekom Ag | System for detection of mobile applications network behavior-netwise |
US10447711B2 (en) | 2012-10-18 | 2019-10-15 | White Ops Inc. | System and method for identification of automated browser agents |
EP2909775B1 (en) | 2012-10-19 | 2022-01-26 | McAfee, LLC | Mobile application management |
US9483642B2 (en) | 2012-10-30 | 2016-11-01 | Gabriel Kedma | Runtime detection of self-replicating malware |
US8839369B1 (en) | 2012-11-09 | 2014-09-16 | Trend Micro Incorporated | Methods and systems for detecting email phishing attacks |
US8931101B2 (en) | 2012-11-14 | 2015-01-06 | International Business Machines Corporation | Application-level anomaly detection |
US9288227B2 (en) | 2012-11-28 | 2016-03-15 | Verisign, Inc. | Systems and methods for transparently monitoring network traffic for denial of service attacks |
WO2014116888A1 (en) | 2013-01-25 | 2014-07-31 | REMTCS Inc. | Network security system, method, and apparatus |
US9106692B2 (en) | 2013-01-31 | 2015-08-11 | Northrop Grumman Systems Corporation | System and method for advanced malware analysis |
US9491187B2 (en) | 2013-02-15 | 2016-11-08 | Qualcomm Incorporated | APIs for obtaining device-specific behavior classifier models from the cloud |
CN105074718A (en) | 2013-02-15 | 2015-11-18 | 高通股份有限公司 | On-line behavioral analysis engine in mobile device with multiple analyzer model providers |
US9246774B2 (en) | 2013-02-21 | 2016-01-26 | Hewlett Packard Enterprise Development Lp | Sample based determination of network policy violations |
US9467465B2 (en) | 2013-02-25 | 2016-10-11 | Beyondtrust Software, Inc. | Systems and methods of risk based rules for application control |
US10713356B2 (en) | 2013-03-04 | 2020-07-14 | Crowdstrike, Inc. | Deception-based responses to security attacks |
US10127379B2 (en) | 2013-03-13 | 2018-11-13 | Mcafee, Llc | Profiling code execution |
US10742601B2 (en) | 2013-03-14 | 2020-08-11 | Fortinet, Inc. | Notifying users within a protected network regarding events and information |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
WO2014143025A1 (en) | 2013-03-15 | 2014-09-18 | Hewlett-Packard Development Company, L.P. | Secure path determination between devices |
US9330259B2 (en) | 2013-03-19 | 2016-05-03 | Trusteer, Ltd. | Malware discovery method and system |
EP2784716A1 (en) | 2013-03-25 | 2014-10-01 | British Telecommunications public limited company | Suspicious program detection |
EP2785008A1 (en) | 2013-03-29 | 2014-10-01 | British Telecommunications public limited company | Method and apparatus for detecting a multi-stage event |
US9578045B2 (en) | 2013-05-03 | 2017-02-21 | Webroot Inc. | Method and apparatus for providing forensic visibility into systems and networks |
US9716996B2 (en) | 2013-05-21 | 2017-07-25 | Brocade Communications Systems, Inc. | Method and system for selective and secure interaction of BYOD (bring your own device) with enterprise network through mobile wireless networks |
US9197601B2 (en) | 2013-06-05 | 2015-11-24 | Bat Blue Networks, Inc. | System and method for providing a single global borderless virtual perimeter through distributed points of presence |
US8943594B1 (en) | 2013-06-24 | 2015-01-27 | Haystack Security LLC | Cyber attack disruption through multiple detonations of received payloads |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US20150006384A1 (en) | 2013-06-28 | 2015-01-01 | Zahid Nasiruddin Shaikh | Device fingerprinting |
US8973142B2 (en) | 2013-07-02 | 2015-03-03 | Imperva, Inc. | Compromised insider honey pots using reverse honey tokens |
US9117080B2 (en) | 2013-07-05 | 2015-08-25 | Bitdefender IPR Management Ltd. | Process evaluation for malware detection in virtual machines |
US9807092B1 (en) | 2013-07-05 | 2017-10-31 | Dcs7, Llc | Systems and methods for classification of internet devices as hostile or benign |
US10284570B2 (en) | 2013-07-24 | 2019-05-07 | Wells Fargo Bank, National Association | System and method to detect threats to computer based devices and systems |
US9166993B1 (en) | 2013-07-25 | 2015-10-20 | Symantec Corporation | Anomaly detection based on profile history and peer history |
WO2015013936A1 (en) | 2013-07-31 | 2015-02-05 | 华为技术有限公司 | Associated plugin management method, device and system |
US9553867B2 (en) | 2013-08-01 | 2017-01-24 | Bitglass, Inc. | Secure application access system |
US10084817B2 (en) | 2013-09-11 | 2018-09-25 | NSS Labs, Inc. | Malware and exploit campaign detection system and method |
US9607146B2 (en) | 2013-09-18 | 2017-03-28 | Qualcomm Incorporated | Data flow based behavioral analysis on mobile devices |
US20150089655A1 (en) | 2013-09-23 | 2015-03-26 | Electronics And Telecommunications Research Institute | System and method for detecting malware based on virtual host |
US9601000B1 (en) | 2013-09-27 | 2017-03-21 | EMC IP Holding Company LLC | Data-driven alert prioritization |
US10171594B2 (en) | 2013-09-28 | 2019-01-01 | Mcafee, Llc | Service-oriented architecture |
US9576145B2 (en) | 2013-09-30 | 2017-02-21 | Acalvio Technologies, Inc. | Alternate files returned for suspicious processes in a compromised computer network |
US20150156214A1 (en) | 2013-10-18 | 2015-06-04 | White Ops, Inc. | Detection and prevention of online user interface manipulation via remote control |
US9147072B2 (en) | 2013-10-28 | 2015-09-29 | Qualcomm Incorporated | Method and system for performing behavioral analysis operations in a mobile device based on application state |
US20150128206A1 (en) | 2013-11-04 | 2015-05-07 | Trusteer Ltd. | Early Filtering of Events Using a Kernel-Based Filter |
US9407602B2 (en) | 2013-11-07 | 2016-08-02 | Attivo Networks, Inc. | Methods and apparatus for redirecting attacks on a network |
IN2013MU03602A (en) | 2013-11-18 | 2015-07-31 | Tata Consultancy Services Ltd | |
CN103607399B (en) | 2013-11-25 | 2016-07-27 | 中国人民解放军理工大学 | Private IP network network safety monitoring system and method based on darknet |
US9323929B2 (en) | 2013-11-26 | 2016-04-26 | Qualcomm Incorporated | Pre-identifying probable malicious rootkit behavior using behavioral contracts |
US9185136B2 (en) | 2013-11-28 | 2015-11-10 | Cyber-Ark Software Ltd. | Correlation based security risk identification |
US9652362B2 (en) | 2013-12-06 | 2017-05-16 | Qualcomm Incorporated | Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors |
US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
US9386034B2 (en) | 2013-12-17 | 2016-07-05 | Hoplite Industries, Inc. | Behavioral model based malware protection system and method |
EP3087526A4 (en) | 2013-12-27 | 2017-06-21 | McAfee, Inc. | Segregating executable files exhibiting network activity |
US9432360B1 (en) | 2013-12-31 | 2016-08-30 | Emc Corporation | Security-aware split-server passcode verification for one-time authentication tokens |
KR102017756B1 (en) | 2014-01-13 | 2019-09-03 | 한국전자통신연구원 | Apparatus and method for detecting abnormal behavior |
US9258315B2 (en) | 2014-01-13 | 2016-02-09 | Cisco Technology, Inc. | Dynamic filtering for SDN API calls across a security boundary |
US20150205962A1 (en) | 2014-01-23 | 2015-07-23 | Cylent Systems, Inc. | Behavioral analytics driven host-based malicious behavior and data exfiltration disruption |
US9639426B2 (en) | 2014-01-24 | 2017-05-02 | Commvault Systems, Inc. | Single snapshot for multiple applications |
US10284591B2 (en) | 2014-01-27 | 2019-05-07 | Webroot Inc. | Detecting and preventing execution of software exploits |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
US20150039513A1 (en) | 2014-02-14 | 2015-02-05 | Brighterion, Inc. | User device profiling in transaction authentications |
KR101671336B1 (en) * | 2014-02-27 | 2016-11-16 | (주)스마일게이트엔터테인먼트 | Method of unpacking protection with code separation and apparatus thereof |
US9594665B2 (en) | 2014-03-05 | 2017-03-14 | Microsoft Technology Licensing, Llc | Regression evaluation using behavior models of software applications |
WO2015138508A1 (en) | 2014-03-11 | 2015-09-17 | Vectra Networks, Inc. | Method and system for detecting bot behavior |
US9832217B2 (en) | 2014-03-13 | 2017-11-28 | International Business Machines Corporation | Computer implemented techniques for detecting, investigating and remediating security violations to IT infrastructure |
US9838424B2 (en) | 2014-03-20 | 2017-12-05 | Microsoft Technology Licensing, Llc | Techniques to provide network security through just-in-time provisioned accounts |
US10289405B2 (en) | 2014-03-20 | 2019-05-14 | Crowdstrike, Inc. | Integrity assurance and rebootless updating during runtime |
US20160078365A1 (en) | 2014-03-21 | 2016-03-17 | Philippe Baumard | Autonomous detection of incongruous behaviors |
US9977895B2 (en) | 2014-03-27 | 2018-05-22 | Barkly Protects, Inc. | Malicious software identification integrating behavioral analytics and hardware events |
US9684787B2 (en) | 2014-04-08 | 2017-06-20 | Qualcomm Incorporated | Method and system for inferring application states by performing behavioral analysis operations in a mobile device |
US9912690B2 (en) | 2014-04-08 | 2018-03-06 | Capital One Financial Corporation | System and method for malware detection using hashing techniques |
US9609019B2 (en) | 2014-05-07 | 2017-03-28 | Attivo Networks Inc. | System and method for directing malicous activity to a monitoring system |
US9356950B2 (en) | 2014-05-07 | 2016-05-31 | Attivo Networks Inc. | Evaluating URLS for malicious content |
US9769204B2 (en) | 2014-05-07 | 2017-09-19 | Attivo Networks Inc. | Distributed system for Bot detection |
US10243985B2 (en) | 2014-06-03 | 2019-03-26 | Hexadite Ltd. | System and methods thereof for monitoring and preventing security incidents in a computerized environment |
US9628502B2 (en) | 2014-06-09 | 2017-04-18 | Meadow Hills, LLC | Active attack detection system |
US10212176B2 (en) | 2014-06-23 | 2019-02-19 | Hewlett Packard Enterprise Development Lp | Entity group behavior profiling |
US9490987B2 (en) | 2014-06-30 | 2016-11-08 | Paypal, Inc. | Accurately classifying a computer program interacting with a computer system using questioning and fingerprinting |
US9705914B2 (en) | 2014-07-23 | 2017-07-11 | Cisco Technology, Inc. | Signature creation for unknown attacks |
US20160042180A1 (en) | 2014-08-07 | 2016-02-11 | Ut Battelle, Llc | Behavior specification, finding main, and call graph visualizations |
US9710648B2 (en) | 2014-08-11 | 2017-07-18 | Sentinel Labs Israel Ltd. | Method of malware detection and system thereof |
US11507663B2 (en) | 2014-08-11 | 2022-11-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
US10102374B1 (en) | 2014-08-11 | 2018-10-16 | Sentinel Labs Israel Ltd. | Method of remediating a program and system thereof by undoing operations |
US9858100B2 (en) | 2014-08-22 | 2018-01-02 | Nicira, Inc. | Method and system of provisioning logical networks on a host machine |
JP6432210B2 (en) | 2014-08-22 | 2018-12-05 | 富士通株式会社 | Security system, security method, security device, and program |
US9807115B2 (en) | 2014-09-05 | 2017-10-31 | Topspin Security Ltd | System and a method for identifying the presence of malware and ransomware using mini-traps set at network endpoints |
US9807114B2 (en) | 2014-09-05 | 2017-10-31 | Topspin Securtiy Ltd | System and a method for identifying the presence of malware using mini-traps set at network endpoints |
US9225734B1 (en) | 2014-09-10 | 2015-12-29 | Fortinet, Inc. | Data leak protection in upper layer protocols |
US9992225B2 (en) | 2014-09-12 | 2018-06-05 | Topspin Security Ltd. | System and a method for identifying malware network activity using a decoy environment |
US9591006B2 (en) | 2014-09-18 | 2017-03-07 | Microsoft Technology Licensing, Llc | Lateral movement detection |
US9495188B1 (en) | 2014-09-30 | 2016-11-15 | Palo Alto Networks, Inc. | Synchronizing a honey network configuration to reflect a target network environment |
US10044675B1 (en) | 2014-09-30 | 2018-08-07 | Palo Alto Networks, Inc. | Integrating a honey network with a target network to counter IP and peer-checking evasion techniques |
US9578015B2 (en) | 2014-10-31 | 2017-02-21 | Vmware, Inc. | Step-up authentication for single sign-on |
US10528735B2 (en) | 2014-11-17 | 2020-01-07 | Morphisec Information Security 2014 Ltd. | Malicious code protection for computer systems based on process modification |
US10225245B2 (en) | 2014-11-18 | 2019-03-05 | Auth0, Inc. | Identity infrastructure as a service |
WO2016081561A1 (en) | 2014-11-20 | 2016-05-26 | Attivo Networks Inc. | System and method for directing malicious activity to a monitoring system |
US9240976B1 (en) | 2015-01-06 | 2016-01-19 | Blackpoint Holdings, Llc | Systems and methods for providing network security monitoring |
US20180027006A1 (en) | 2015-02-24 | 2018-01-25 | Cloudlock, Inc. | System and method for securing an enterprise computing environment |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
WO2016164000A1 (en) | 2015-04-07 | 2016-10-13 | Hewlett-Packard Development Company, L.P. | Providing selective access to resources |
US10135633B2 (en) | 2015-04-21 | 2018-11-20 | Cujo LLC | Network security analysis for smart appliances |
US9954870B2 (en) | 2015-04-29 | 2018-04-24 | International Business Machines Corporation | System conversion in a networked computing environment |
US10599844B2 (en) | 2015-05-12 | 2020-03-24 | Webroot, Inc. | Automatic threat detection of executable files based on static data analysis |
US9553885B2 (en) | 2015-06-08 | 2017-01-24 | Illusive Networks Ltd. | System and method for creation, deployment and management of augmented attacker map |
US10382484B2 (en) | 2015-06-08 | 2019-08-13 | Illusive Networks Ltd. | Detecting attackers who target containerized clusters |
US10237280B2 (en) | 2015-06-25 | 2019-03-19 | Websafety, Inc. | Management and control of mobile computing device using local and remote software agents |
US9680833B2 (en) | 2015-06-25 | 2017-06-13 | Imperva, Inc. | Detection of compromised unmanaged client end stations using synchronized tokens from enterprise-managed client end stations |
US10476891B2 (en) | 2015-07-21 | 2019-11-12 | Attivo Networks Inc. | Monitoring access of network darkspace |
US9641544B1 (en) | 2015-09-18 | 2017-05-02 | Palo Alto Networks, Inc. | Automated insider threat prevention |
WO2017053806A1 (en) | 2015-09-25 | 2017-03-30 | Acalvio Technologies, Inc. | Dynamic security mechanisms |
EP3885951B1 (en) | 2015-10-15 | 2022-06-22 | Sentinel Labs Israel Ltd. | Method of remediating operations performed by a program and system thereof |
WO2017068889A1 (en) | 2015-10-19 | 2017-04-27 | 日本電信電話株式会社 | Analysis device, analysis method, and analysis program |
US10116674B2 (en) | 2015-10-30 | 2018-10-30 | Citrix Systems, Inc. | Framework for explaining anomalies in accessing web applications |
US20170134405A1 (en) | 2015-11-09 | 2017-05-11 | Qualcomm Incorporated | Dynamic Honeypot System |
US9672538B1 (en) | 2015-11-09 | 2017-06-06 | Radiumone, Inc. | Delivering personalized content based on geolocation information in a social graph with sharing activity of users of the open web |
US10594656B2 (en) | 2015-11-17 | 2020-03-17 | Zscaler, Inc. | Multi-tenant cloud-based firewall systems and methods |
US10116536B2 (en) | 2015-11-18 | 2018-10-30 | Adobe Systems Incorporated | Identifying multiple devices belonging to a single user |
GB2534459B (en) | 2015-11-19 | 2018-08-01 | F Secure Corp | Improving security of computer resources |
US9886563B2 (en) | 2015-11-25 | 2018-02-06 | Box, Inc. | Personalized online content access experiences using inferred user intent to configure online session attributes |
US9942270B2 (en) | 2015-12-10 | 2018-04-10 | Attivo Networks Inc. | Database deception in directory services |
US10348739B2 (en) | 2016-02-09 | 2019-07-09 | Ca, Inc. | Automated data risk assessment |
US10628597B2 (en) | 2016-04-14 | 2020-04-21 | Sophos Limited | Just-in-time encryption |
US10791097B2 (en) | 2016-04-14 | 2020-09-29 | Sophos Limited | Portable encryption format |
US10681078B2 (en) | 2016-06-10 | 2020-06-09 | Sophos Limited | Key throttling to mitigate unauthorized file access |
US10686827B2 (en) | 2016-04-14 | 2020-06-16 | Sophos Limited | Intermediate encryption for exposed content |
US9984248B2 (en) | 2016-02-12 | 2018-05-29 | Sophos Limited | Behavioral-based control of access to encrypted content by a process |
US9602531B1 (en) | 2016-02-16 | 2017-03-21 | Cylance, Inc. | Endpoint-based man in the middle attack detection |
US10771478B2 (en) | 2016-02-18 | 2020-09-08 | Comcast Cable Communications, Llc | Security monitoring at operating system kernel level |
US9843602B2 (en) | 2016-02-18 | 2017-12-12 | Trend Micro Incorporated | Login failure sequence for detecting phishing |
US10469523B2 (en) | 2016-02-24 | 2019-11-05 | Imperva, Inc. | Techniques for detecting compromises of enterprise end stations utilizing noisy tokens |
US20170264639A1 (en) | 2016-03-10 | 2017-09-14 | Acalvio Technologies, Inc. | Active deception system |
US20170302665A1 (en) | 2016-03-22 | 2017-10-19 | Holonet Security, Inc. | Network hologram for enterprise security |
US10187413B2 (en) | 2016-03-25 | 2019-01-22 | Cisco Technology, Inc. | Network-based approach for training supervised learning classifiers |
US10652271B2 (en) | 2016-03-25 | 2020-05-12 | Verisign, Inc. | Detecting and remediating highly vulnerable domain names using passive DNS measurements |
US10542044B2 (en) | 2016-04-29 | 2020-01-21 | Attivo Networks Inc. | Authentication incident detection and management |
US9888032B2 (en) | 2016-05-03 | 2018-02-06 | Check Point Software Technologies Ltd. | Method and system for mitigating the effects of ransomware |
US20170324777A1 (en) | 2016-05-05 | 2017-11-09 | Javelin Networks, Inc. | Injecting supplemental data into data queries at network end-points |
US20170324774A1 (en) | 2016-05-05 | 2017-11-09 | Javelin Networks, Inc. | Adding supplemental data to a security-related query |
US10515062B2 (en) | 2016-05-09 | 2019-12-24 | Sumo Logic, Inc. | Searchable investigation history for event data store |
US10375110B2 (en) | 2016-05-12 | 2019-08-06 | Attivo Networks Inc. | Luring attackers towards deception servers |
US9948652B2 (en) | 2016-05-16 | 2018-04-17 | Bank Of America Corporation | System for resource-centric threat modeling and identifying controls for securing technology resources |
US10362013B2 (en) | 2016-05-27 | 2019-07-23 | Dropbox, Inc. | Out of box experience application API integration |
US10440053B2 (en) | 2016-05-31 | 2019-10-08 | Lookout, Inc. | Methods and systems for detecting and preventing network connection compromise |
AU2017285429B2 (en) * | 2016-06-16 | 2022-03-31 | Virsec Systems, Inc. | Systems and methods for remediating memory corruption in a computer application |
US10250636B2 (en) | 2016-07-07 | 2019-04-02 | Attivo Networks Inc | Detecting man-in-the-middle attacks |
US9721097B1 (en) * | 2016-07-21 | 2017-08-01 | Cylance Inc. | Neural attention mechanisms for malware analysis |
GB2555517B (en) * | 2016-08-03 | 2022-05-11 | Sophos Ltd | Mitigation of return-oriented programming attacks |
US10805325B2 (en) | 2016-08-09 | 2020-10-13 | Imperva, Inc. | Techniques for detecting enterprise intrusions utilizing active tokens |
US10110627B2 (en) | 2016-08-30 | 2018-10-23 | Arbor Networks, Inc. | Adaptive self-optimzing DDoS mitigation |
GB2554390B (en) * | 2016-09-23 | 2018-10-31 | 1E Ltd | Computer security profiling |
US20180183815A1 (en) * | 2016-10-17 | 2018-06-28 | Kerry Wayne Enfinger | System and method for detecting malware |
US10609074B2 (en) | 2016-11-23 | 2020-03-31 | Attivo Networks Inc. | Implementing decoys in network endpoints |
US11695800B2 (en) | 2016-12-19 | 2023-07-04 | SentinelOne, Inc. | Deceiving attackers accessing network data |
US11616812B2 (en) | 2016-12-19 | 2023-03-28 | Attivo Networks Inc. | Deceiving attackers accessing active directory data |
US10599842B2 (en) | 2016-12-19 | 2020-03-24 | Attivo Networks Inc. | Deceiving attackers in endpoint systems |
US10169586B2 (en) | 2016-12-31 | 2019-01-01 | Fortinet, Inc. | Ransomware detection and damage mitigation |
US20180248896A1 (en) | 2017-02-24 | 2018-08-30 | Zitovault Software, Inc. | System and method to prevent, detect, thwart, and recover automatically from ransomware cyber attacks, using behavioral analysis and machine learning |
GB201708671D0 (en) | 2017-05-31 | 2017-07-12 | Inquisitive Systems Ltd | Forensic analysis |
KR101960869B1 (en) * | 2017-06-30 | 2019-03-21 | 주식회사 씨티아이랩 | Malware Detecting System and Method Based on Artificial Intelligence |
EP3643040A4 (en) | 2017-08-08 | 2021-06-09 | SentinelOne, Inc. | Methods, systems, and devices for dynamically modeling and grouping endpoints for edge networking |
US10979453B2 (en) | 2017-08-31 | 2021-04-13 | International Business Machines Corporation | Cyber-deception using network port projection |
US10574698B1 (en) | 2017-09-01 | 2020-02-25 | Amazon Technologies, Inc. | Configuration and deployment of decoy content over a network |
US10509905B2 (en) | 2017-09-05 | 2019-12-17 | Attivo Networks Inc. | Ransomware mitigation system |
US10938854B2 (en) | 2017-09-22 | 2021-03-02 | Acronis International Gmbh | Systems and methods for preventive ransomware detection using file honeypots |
US10848519B2 (en) * | 2017-10-12 | 2020-11-24 | Charles River Analytics, Inc. | Cyber vaccine and predictive-malware-defense methods and systems |
US10360012B2 (en) | 2017-11-09 | 2019-07-23 | International Business Machines Corporation | Dynamic selection of deployment configurations of software applications |
US10915631B2 (en) * | 2017-12-28 | 2021-02-09 | Intel Corporation | Deep learning on execution trace data for exploit detection |
US11470115B2 (en) | 2018-02-09 | 2022-10-11 | Attivo Networks, Inc. | Implementing decoys in a network environment |
US10826941B2 (en) | 2018-05-10 | 2020-11-03 | Fortinet, Inc. | Systems and methods for centrally managed host and network firewall services |
KR101969572B1 (en) * | 2018-06-22 | 2019-04-16 | 주식회사 에프원시큐리티 | Malicious code detection apparatus and method |
EP3973427A4 (en) | 2019-05-20 | 2023-06-21 | Sentinel Labs Israel Ltd. | Systems and methods for executable code detection, automatic feature extraction and position independent code detection |
US11038658B2 (en) | 2019-05-22 | 2021-06-15 | Attivo Networks Inc. | Deceiving attackers in endpoint systems |
US11108861B1 (en) | 2020-08-26 | 2021-08-31 | Commvault Systems, Inc. | System for managing multiple information management cells |
US11579857B2 (en) | 2020-12-16 | 2023-02-14 | Sentinel Labs Israel Ltd. | Systems, methods and devices for device fingerprinting and automatic deployment of software in a computing network using a peer-to-peer approach |
-
2020
- 2020-05-20 EP EP20810142.8A patent/EP3973427A4/en active Pending
- 2020-05-20 WO PCT/US2020/033872 patent/WO2020236981A1/en unknown
- 2020-05-20 JP JP2021569072A patent/JP7278423B2/en active Active
- 2020-05-20 US US16/879,625 patent/US10762200B1/en active Active
- 2020-07-03 US US16/920,630 patent/US11210392B2/en active Active
-
2021
- 2021-09-21 US US17/448,327 patent/US11580218B2/en active Active
- 2021-11-15 IL IL288122A patent/IL288122B2/en unknown
-
2022
- 2022-12-27 US US18/089,038 patent/US11790079B2/en active Active
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JPWO2020236981A5 (en) | ||
US11003764B2 (en) | System and method for exploiting attack detection by validating application stack at runtime | |
Zhang et al. | {TXSPECTOR}: Uncovering attacks in ethereum from transactions | |
CN106850582B (en) | APT advanced threat detection method based on instruction monitoring | |
US10896253B2 (en) | Processor trace-based enforcement of control flow integrity of a computer system | |
US8307432B1 (en) | Generic shellcode detection | |
CA2856268C (en) | Methods of detection of software exploitation | |
US8117660B2 (en) | Secure control flows by monitoring control transfers | |
Xu et al. | {CONFIRM}: Evaluating compatibility and relevance of control-flow integrity protections for modern software | |
US7779472B1 (en) | Application behavior based malware detection | |
US8370934B2 (en) | Methods for detecting malicious programs using a multilayered heuristics approach | |
IL288122B2 (en) | Systems and methods for executable code detection, automatic feature extraction and position independent code detection | |
US9135443B2 (en) | Identifying malicious threads | |
US9977897B2 (en) | System and method for detecting stack pivot programming exploit | |
US7739100B1 (en) | Emulation system, method and computer program product for malware detection by back-stepping in program code | |
Liţă et al. | Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in UPA packers | |
US11055168B2 (en) | Unexpected event detection during execution of an application | |
RU2724790C1 (en) | System and method of generating log when executing file with vulnerabilities in virtual machine | |
Cimitile et al. | Model checking for mobile android malware evolution | |
Calatayud et al. | A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices | |
Kim et al. | Large-scale analysis on anti-analysis techniques in real-world malware | |
Xing et al. | The devil is in the detail: Generating system call whitelist for Linux seccomp | |
CN110674501B (en) | Malicious drive detection method, device, equipment and medium | |
Roth et al. | Implicit buffer overflow protection using memory segregation | |
Dai et al. | Holography: a hardware virtualization tool for malware analysis |