KR101810346B1 - 구성 경로들에 기초한 가능성 있는 악성 거동 사전 식별 방법, 디바이스 및 기록매체 - Google Patents

구성 경로들에 기초한 가능성 있는 악성 거동 사전 식별 방법, 디바이스 및 기록매체 Download PDF

Info

Publication number
KR101810346B1
KR101810346B1 KR1020167009425A KR20167009425A KR101810346B1 KR 101810346 B1 KR101810346 B1 KR 101810346B1 KR 1020167009425 A KR1020167009425 A KR 1020167009425A KR 20167009425 A KR20167009425 A KR 20167009425A KR 101810346 B1 KR101810346 B1 KR 101810346B1
Authority
KR
South Korea
Prior art keywords
configuration
mobile computing
computing device
probability
malicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
KR1020167009425A
Other languages
English (en)
Korean (ko)
Other versions
KR20160065863A (ko
Inventor
비나이 스리드하라
사티아지트 프라바카르 파트네
라자르시 굽타
Original Assignee
퀄컴 인코포레이티드
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 퀄컴 인코포레이티드 filed Critical 퀄컴 인코포레이티드
Publication of KR20160065863A publication Critical patent/KR20160065863A/ko
Application granted granted Critical
Publication of KR101810346B1 publication Critical patent/KR101810346B1/ko
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/128Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
KR1020167009425A 2013-10-03 2014-09-19 구성 경로들에 기초한 가능성 있는 악성 거동 사전 식별 방법, 디바이스 및 기록매체 Expired - Fee Related KR101810346B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/044,937 2013-10-03
US14/044,937 US9519775B2 (en) 2013-10-03 2013-10-03 Pre-identifying probable malicious behavior based on configuration pathways
PCT/US2014/056666 WO2015050727A1 (en) 2013-10-03 2014-09-19 Pre-identifying probable malicious behavior based on configuration pathways

Publications (2)

Publication Number Publication Date
KR20160065863A KR20160065863A (ko) 2016-06-09
KR101810346B1 true KR101810346B1 (ko) 2018-01-18

Family

ID=51842755

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020167009425A Expired - Fee Related KR101810346B1 (ko) 2013-10-03 2014-09-19 구성 경로들에 기초한 가능성 있는 악성 거동 사전 식별 방법, 디바이스 및 기록매체

Country Status (6)

Country Link
US (1) US9519775B2 (enExample)
EP (1) EP3053319A1 (enExample)
JP (1) JP6161807B2 (enExample)
KR (1) KR101810346B1 (enExample)
CN (1) CN105637833A (enExample)
WO (1) WO2015050727A1 (enExample)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9519775B2 (en) 2013-10-03 2016-12-13 Qualcomm Incorporated Pre-identifying probable malicious behavior based on configuration pathways
US9213831B2 (en) * 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline
AU2013101573A4 (en) * 2013-11-29 2014-01-09 Macau University Of Science And Technology Method for predicting and detecting network intrusion into a computer network
RU2595511C2 (ru) * 2014-12-05 2016-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ ограничения работы доверенных приложений при наличии подозрительных приложений
US9785776B2 (en) 2015-04-27 2017-10-10 Iboss, Inc. High risk program identification based on program behavior
US10148678B2 (en) * 2015-10-01 2018-12-04 The Boeing Company Cybersecurity system with differentiated capacity to deal with complex cyber attacks
US9906551B2 (en) * 2016-02-09 2018-02-27 International Business Machines Corporation Forecasting and classifying cyber-attacks using crossover neural embeddings
WO2017137804A1 (en) * 2016-02-11 2017-08-17 Morphisec Information Security Ltd. Automated classification of exploits based on runtime environmental features
EP3430775B1 (en) * 2016-03-17 2024-07-10 Johann Schlamp Constructible automata for internet routes
US10893059B1 (en) 2016-03-31 2021-01-12 Fireeye, Inc. Verification and enhancement using detection systems located at the network periphery and endpoint devices
US10826933B1 (en) * 2016-03-31 2020-11-03 Fireeye, Inc. Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints
US10491610B2 (en) 2016-05-20 2019-11-26 International Business Machines Corporation Remote monitoring of software
US10803177B2 (en) 2017-07-19 2020-10-13 International Business Machines Corporation Compliance-aware runtime generation based on application patterns and risk assessment
US10462162B2 (en) * 2017-07-24 2019-10-29 Rapid7, Inc. Detecting malicious processes based on process location
CN109936545B (zh) * 2017-12-18 2020-07-24 华为技术有限公司 暴力破解攻击的检测方法和相关装置
US11431748B2 (en) 2017-12-20 2022-08-30 Mounir Talal NSOULI Predictive crowdsourcing-based endpoint protection system
WO2019170615A1 (en) * 2018-03-05 2019-09-12 British Telecommunications Public Limited Company Improved application deployment
US11782965B1 (en) * 2018-04-05 2023-10-10 Veritas Technologies Llc Systems and methods for normalizing data store classification information
US10885226B1 (en) * 2018-06-06 2021-01-05 NortonLifeLock, Inc. Systems and methods for enforcing secure shared access on computing devices by content state pinning
WO2019246573A1 (en) * 2018-06-22 2019-12-26 Avi Networks A statistical approach for augmenting signature detection in web application firewall
US11201855B1 (en) 2018-06-22 2021-12-14 Vmware, Inc. Distributed firewall that learns from traffic patterns to prevent attacks
CA3105888C (en) * 2018-07-17 2023-12-19 Netflix, Inc. Differencing engine for digital forensics
CN109195154B (zh) * 2018-08-13 2021-06-29 中国联合网络通信集团有限公司 物联网窜卡用户识别方法和装置
CN109348065B (zh) * 2018-11-27 2020-12-25 湘潭大学 一种基于qq聊天互动行为的手机电磁辐射预测方法
WO2021009870A1 (ja) * 2019-07-17 2021-01-21 日本電気株式会社 分析システム、方法およびプログラム
US12130908B2 (en) * 2020-05-01 2024-10-29 Forcepoint Llc Progressive trigger data and detection model
EP4160981A4 (en) * 2020-05-28 2023-11-01 Panasonic Intellectual Property Corporation of America CONTROL METHOD, PROGRAM AND FRAUDULENT DATA COLLECTION SYSTEM
US20220329664A1 (en) * 2021-04-09 2022-10-13 Apple Inc. Secure data caching for edge networks
US12346788B2 (en) * 2021-06-04 2025-07-01 Dell Products L.P. Systems and methods for gauging differences between network configurations
US12287877B1 (en) 2022-07-12 2025-04-29 Wells Fargo Bank, N.A. Determining false positives of file change events detected by file integrity monitoring tools

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150101047A1 (en) 2013-10-03 2015-04-09 Qualcomm Incorporated Pre-Identifying Probable Malicious Behavior Based on Configuration Pathways

Family Cites Families (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7257523B1 (en) * 1999-05-06 2007-08-14 Fisher-Rosemount Systems, Inc. Integrated distributed process control system functionality on a single computer
JP2002251374A (ja) * 2000-12-20 2002-09-06 Fujitsu Ltd 情報管理システム、情報管理方法、およびその方法をコンピュータに実行させるプログラム、並びにそのプログラムを記録したコンピュータ読み取り可能な記録媒体
US7028338B1 (en) * 2001-12-18 2006-04-11 Sprint Spectrum L.P. System, computer program, and method of cooperative response to threat to domain security
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
WO2004077294A1 (ja) 2003-02-26 2004-09-10 Secure Ware Inc. 不正処理判定方法、データ処理装置、コンピュータプログラム、及び記録媒体
US7024548B1 (en) * 2003-03-10 2006-04-04 Cisco Technology, Inc. Methods and apparatus for auditing and tracking changes to an existing configuration of a computerized device
US7409593B2 (en) * 2003-06-30 2008-08-05 At&T Delaware Intellectual Property, Inc. Automated diagnosis for computer networks
US7593936B2 (en) 2003-08-11 2009-09-22 Triumfant, Inc. Systems and methods for automated computer support
JP3999188B2 (ja) * 2003-10-28 2007-10-31 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法および不正アクセス検知プログラム
JP4371905B2 (ja) * 2004-05-27 2009-11-25 富士通株式会社 不正アクセス検知装置、不正アクセス検知方法、不正アクセス検知プログラムおよび分散型サービス不能化攻撃検知装置
EP1619572A1 (en) 2004-07-23 2006-01-25 Texas Instruments Incorporated System and method of identifying and preventing security violations within a computing system
US7389444B2 (en) * 2004-07-27 2008-06-17 Microsoft Corporation Method and system for troubleshooting a misconfiguration of a computer system based on product support services information
US20060075494A1 (en) 2004-10-01 2006-04-06 Bertman Justin R Method and system for analyzing data for potential malware
US7770785B2 (en) 2005-06-13 2010-08-10 Qualcomm Incorporated Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device
JP4528680B2 (ja) * 2005-07-05 2010-08-18 株式会社日立製作所 自己再組織化システム
WO2007007326A2 (en) 2005-07-14 2007-01-18 Gryphonet Ltd. System and method for detection and recovery of malfunction in mobile devices
US9419981B2 (en) * 2005-10-31 2016-08-16 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for securing communications between a first node and a second node
US7774843B1 (en) 2005-11-16 2010-08-10 Mcafee, Inc. System, method and computer program product for preventing the execution of unwanted code
WO2007089786A2 (en) * 2006-01-30 2007-08-09 Sudhakar Govindavajhala Identifying unauthorized privilege escalations
US20080005797A1 (en) * 2006-06-30 2008-01-03 Microsoft Corporation Identifying malware in a boot environment
US8365286B2 (en) 2006-06-30 2013-01-29 Sophos Plc Method and system for classification of software using characteristics and combinations of such characteristics
US9069957B2 (en) * 2006-10-06 2015-06-30 Juniper Networks, Inc. System and method of reporting and visualizing malware on mobile networks
US8201246B1 (en) 2008-02-25 2012-06-12 Trend Micro Incorporated Preventing malicious codes from performing malicious actions in a computer system
US10664889B2 (en) * 2008-04-01 2020-05-26 Certona Corporation System and method for combining and optimizing business strategies
US8745703B2 (en) 2008-06-24 2014-06-03 Microsoft Corporation Identifying exploitation of vulnerabilities using error report
US8667583B2 (en) 2008-09-22 2014-03-04 Microsoft Corporation Collecting and analyzing malware data
CN101483658B (zh) * 2009-01-09 2012-11-28 招商银行股份有限公司 浏览器输入内容保护的系统和方法
US8528080B2 (en) 2009-09-15 2013-09-03 Reefedge Networks, Llc Short-range mobile honeypot for sampling and tracking threats
US8375450B1 (en) 2009-10-05 2013-02-12 Trend Micro, Inc. Zero day malware scanner
US8464345B2 (en) 2010-04-28 2013-06-11 Symantec Corporation Behavioral signature generation using clustering
US20120137369A1 (en) * 2010-11-29 2012-05-31 Infosec Co., Ltd. Mobile terminal with security functionality and method of implementing the same
US9088601B2 (en) 2010-12-01 2015-07-21 Cisco Technology, Inc. Method and apparatus for detecting malicious software through contextual convictions, generic signatures and machine learning techniques
TW201227385A (en) 2010-12-16 2012-07-01 Univ Nat Taiwan Science Tech Method of detecting malicious script and system thereof
US8412945B2 (en) * 2011-08-09 2013-04-02 CloudPassage, Inc. Systems and methods for implementing security in a cloud computing environment
ES2755780T3 (es) 2011-09-16 2020-04-23 Veracode Inc Análisis estático y de comportamiento automatizado mediante la utilización de un espacio aislado instrumentado y clasificación de aprendizaje automático para seguridad móvil
US20130097660A1 (en) * 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment
US9832211B2 (en) 2012-03-19 2017-11-28 Qualcomm, Incorporated Computing device to detect malware
JP5951879B2 (ja) * 2012-03-30 2016-07-13 インテル コーポレイション オペレーティングシステムに対する悪意ある活動のレポート
US20130311385A1 (en) * 2012-05-18 2013-11-21 Park S. Foreman Third Party Security Monitoring & Audit
US8819772B2 (en) * 2012-06-25 2014-08-26 Appthority, Inc. In-line filtering of insecure or unwanted mobile device software components or communications
US10180851B2 (en) * 2013-01-14 2019-01-15 Cisco Technology, Inc. Detection of unauthorized use of virtual resources
US20140259167A1 (en) * 2013-03-11 2014-09-11 Samsung Electronics Co. Ltd. Behavior based application blacklisting
US9069955B2 (en) * 2013-04-30 2015-06-30 International Business Machines Corporation File system level data protection during potential security breach
US9213831B2 (en) 2013-10-03 2015-12-15 Qualcomm Incorporated Malware detection and prevention by monitoring and modifying a hardware pipeline

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150101047A1 (en) 2013-10-03 2015-04-09 Qualcomm Incorporated Pre-Identifying Probable Malicious Behavior Based on Configuration Pathways

Also Published As

Publication number Publication date
WO2015050727A1 (en) 2015-04-09
US9519775B2 (en) 2016-12-13
JP6161807B2 (ja) 2017-07-12
CN105637833A (zh) 2016-06-01
US20150101047A1 (en) 2015-04-09
JP2016538618A (ja) 2016-12-08
EP3053319A1 (en) 2016-08-10
KR20160065863A (ko) 2016-06-09

Similar Documents

Publication Publication Date Title
KR101810346B1 (ko) 구성 경로들에 기초한 가능성 있는 악성 거동 사전 식별 방법, 디바이스 및 기록매체
US10089459B2 (en) Malware detection and prevention by monitoring and modifying a hardware pipeline
KR101720930B1 (ko) 행위 계약들을 사용한 가능성 있는 악성 루트킷 행위 사전 식별
US9690635B2 (en) Communicating behavior information in a mobile computing device
US9609456B2 (en) Methods, devices, and systems for communicating behavioral analysis information
KR101829114B1 (ko) 모바일 디바이스에 대한 거동 특징들의 적응적 관찰
US9357397B2 (en) Methods and systems for detecting malware and attacks that target behavioral security mechanisms of a mobile device
US9491187B2 (en) APIs for obtaining device-specific behavior classifier models from the cloud
TWI530141B (zh) 動態地產生及使用裝置特定及裝置狀態特定之分類器模型以高效率分類行動裝置行為之方法及系統
US20160232353A1 (en) Determining Model Protection Level On-Device based on Malware Detection in Similar Devices
US20130304677A1 (en) Architecture for Client-Cloud Behavior Analyzer
WO2013173044A2 (en) Collaborative learning for efficient behavioral analysis in networked mobile device

Legal Events

Date Code Title Description
PA0105 International application

St.27 status event code: A-0-1-A10-A15-nap-PA0105

PG1501 Laying open of application

St.27 status event code: A-1-1-Q10-Q12-nap-PG1501

E13-X000 Pre-grant limitation requested

St.27 status event code: A-2-3-E10-E13-lim-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

PA0201 Request for examination

St.27 status event code: A-1-2-D10-D11-exm-PA0201

PA0302 Request for accelerated examination

St.27 status event code: A-1-2-D10-D17-exm-PA0302

St.27 status event code: A-1-2-D10-D16-exm-PA0302

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

St.27 status event code: A-1-2-D10-D21-exm-PE0902

T11-X000 Administrative time limit extension requested

St.27 status event code: U-3-3-T10-T11-oth-X000

P11-X000 Amendment of application requested

St.27 status event code: A-2-2-P10-P11-nap-X000

P13-X000 Application amended

St.27 status event code: A-2-2-P10-P13-nap-X000

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

St.27 status event code: A-1-2-D10-D22-exm-PE0701

GRNT Written decision to grant
PR0701 Registration of establishment

St.27 status event code: A-2-4-F10-F11-exm-PR0701

PR1002 Payment of registration fee

St.27 status event code: A-2-2-U10-U12-oth-PR1002

Fee payment year number: 1

PG1601 Publication of registration

St.27 status event code: A-4-4-Q10-Q13-nap-PG1601

P22-X000 Classification modified

St.27 status event code: A-4-4-P10-P22-nap-X000

PR1001 Payment of annual fee

St.27 status event code: A-4-4-U10-U11-oth-PR1001

Fee payment year number: 4

PC1903 Unpaid annual fee

St.27 status event code: A-4-4-U10-U13-oth-PC1903

Not in force date: 20211213

Payment event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

P22-X000 Classification modified

St.27 status event code: A-4-4-P10-P22-nap-X000

PC1903 Unpaid annual fee

St.27 status event code: N-4-6-H10-H13-oth-PC1903

Ip right cessation event data comment text: Termination Category : DEFAULT_OF_REGISTRATION_FEE

Not in force date: 20211213