KR20220053549A - 인라인 멀웨어 검출 - Google Patents
인라인 멀웨어 검출 Download PDFInfo
- Publication number
- KR20220053549A KR20220053549A KR1020227001606A KR20227001606A KR20220053549A KR 20220053549 A KR20220053549 A KR 20220053549A KR 1020227001606 A KR1020227001606 A KR 1020227001606A KR 20227001606 A KR20227001606 A KR 20227001606A KR 20220053549 A KR20220053549 A KR 20220053549A
- Authority
- KR
- South Korea
- Prior art keywords
- file
- gram
- features
- analysis
- model
- Prior art date
Links
- 238000001514 detection method Methods 0.000 title abstract description 8
- 238000004458 analytical method Methods 0.000 claims abstract description 114
- 238000013145 classification model Methods 0.000 claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 10
- 230000006855 networking Effects 0.000 claims abstract description 9
- 238000000034 method Methods 0.000 claims description 47
- 230000003068 static effect Effects 0.000 claims description 36
- 239000013598 vector Substances 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 description 23
- 230000009471 action Effects 0.000 description 20
- 238000013459 approach Methods 0.000 description 19
- 238000012545 processing Methods 0.000 description 15
- 230000000875 corresponding effect Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 11
- 238000001914 filtration Methods 0.000 description 9
- 238000013515 script Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000010801 machine learning Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000000605 extraction Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 239000008186 active pharmaceutical agent Substances 0.000 description 3
- 238000007792 addition Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 238000012384 transportation and delivery Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 230000003211 malignant effect Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 230000002730 additional effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000001976 improved effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013441 quality evaluation Methods 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 230000008093 supporting effect Effects 0.000 description 1
- 239000004557 technical material Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Mathematical Physics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US16/517,465 US11636208B2 (en) | 2019-07-19 | 2019-07-19 | Generating models for performing inline malware detection |
| US16/517,463 US11374946B2 (en) | 2019-07-19 | 2019-07-19 | Inline malware detection |
| US16/517,463 | 2019-07-19 | ||
| US16/517,465 | 2019-07-19 | ||
| PCT/US2020/040928 WO2021015941A1 (en) | 2019-07-19 | 2020-07-06 | Inline malware detection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| KR20220053549A true KR20220053549A (ko) | 2022-04-29 |
| KR102676386B1 KR102676386B1 (ko) | 2024-06-20 |
Family
ID=74193725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| KR1020227001606A KR102676386B1 (ko) | 2019-07-19 | 2020-07-06 | 인라인 멀웨어 검출 |
Country Status (5)
| Country | Link |
|---|---|
| EP (1) | EP3999985A4 (zh) |
| JP (2) | JP7411775B2 (zh) |
| KR (1) | KR102676386B1 (zh) |
| CN (1) | CN114072798A (zh) |
| WO (1) | WO2021015941A1 (zh) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115378747B (zh) * | 2022-10-27 | 2023-01-24 | 北京六方云信息技术有限公司 | 恶意数据检测方法、终端设备以及存储介质 |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180013772A1 (en) * | 2016-07-05 | 2018-01-11 | Webroot Inc. | Automatic Inline Detection based on Static Data |
| US20180300482A1 (en) * | 2017-04-18 | 2018-10-18 | Cylance Inc. | Protecting devices from malicious files based on n-gram processing of sequential data |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8844033B2 (en) * | 2008-05-27 | 2014-09-23 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for detecting network anomalies using a trained probabilistic model |
| US9742796B1 (en) * | 2015-09-18 | 2017-08-22 | Palo Alto Networks, Inc. | Automatic repair of corrupt files for a detonation engine |
| US10200391B2 (en) * | 2015-09-23 | 2019-02-05 | AVAST Software s.r.o. | Detection of malware in derived pattern space |
| US10817608B2 (en) * | 2017-04-07 | 2020-10-27 | Zscaler, Inc. | System and method for malware detection on a per packet basis |
| US10902124B2 (en) * | 2017-09-15 | 2021-01-26 | Webroot Inc. | Real-time JavaScript classifier |
| US20190096214A1 (en) * | 2017-09-27 | 2019-03-28 | Johnson Controls Technology Company | Building risk analysis system with geofencing for threats and assets |
-
2020
- 2020-07-06 JP JP2022502913A patent/JP7411775B2/ja active Active
- 2020-07-06 WO PCT/US2020/040928 patent/WO2021015941A1/en unknown
- 2020-07-06 EP EP20843721.0A patent/EP3999985A4/en active Pending
- 2020-07-06 KR KR1020227001606A patent/KR102676386B1/ko active IP Right Grant
- 2020-07-06 CN CN202080051255.4A patent/CN114072798A/zh active Pending
-
2023
- 2023-12-25 JP JP2023218442A patent/JP2024023875A/ja active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180013772A1 (en) * | 2016-07-05 | 2018-01-11 | Webroot Inc. | Automatic Inline Detection based on Static Data |
| US20180300482A1 (en) * | 2017-04-18 | 2018-10-18 | Cylance Inc. | Protecting devices from malicious files based on n-gram processing of sequential data |
Also Published As
| Publication number | Publication date |
|---|---|
| JP7411775B2 (ja) | 2024-01-11 |
| KR102676386B1 (ko) | 2024-06-20 |
| EP3999985A1 (en) | 2022-05-25 |
| JP2024023875A (ja) | 2024-02-21 |
| WO2021015941A1 (en) | 2021-01-28 |
| EP3999985A4 (en) | 2023-12-13 |
| CN114072798A (zh) | 2022-02-18 |
| JP2022541250A (ja) | 2022-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11783035B2 (en) | Multi-representational learning models for static analysis of source code | |
| US12095728B2 (en) | Identifying security risks and enforcing policies on encrypted/encoded network communications | |
| US11816214B2 (en) | Building multi-representational learning models for static analysis of source code | |
| US11636208B2 (en) | Generating models for performing inline malware detection | |
| US11374946B2 (en) | Inline malware detection | |
| JP2024023875A (ja) | インラインマルウェア検出 | |
| US12061696B2 (en) | Sample traffic based self-learning malware detection | |
| US20230344861A1 (en) | Combination rule mining for malware signature generation | |
| US20220245249A1 (en) | Specific file detection baked into machine learning pipelines | |
| KR20240124354A (ko) | 악성 명령 및 제어 트래픽을 탐지하는 딥러닝 파이프라인 | |
| US20230344867A1 (en) | Detecting phishing pdfs with an image-based deep learning approach | |
| US20230069731A1 (en) | Automatic network signature generation | |
| US12069028B2 (en) | Fast policy matching with runtime signature update | |
| US12107831B2 (en) | Automated fuzzy hash based signature collecting system for malware detection | |
| US20240372832A1 (en) | Fast policy matching with runtime signature update | |
| US11770361B1 (en) | Cobalt strike beacon HTTP C2 heuristic detection | |
| US20240333759A1 (en) | Inline ransomware detection via server message block (smb) traffic | |
| US20240039951A1 (en) | Probing for cobalt strike teamserver detection | |
| US20240039952A1 (en) | Cobalt strike beacon https c2 heuristic detection | |
| US20240176869A1 (en) | Dependency emulation for executable samples | |
| US20230385412A1 (en) | Automatically detecting unknown packers | |
| WO2024025705A1 (en) | Cobalt strike beacon http c2 heuristic detection | |
| CN118901223A (zh) | 用于检测恶意命令和控制流量的深度学习管道 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| E902 | Notification of reason for refusal | ||
| E701 | Decision to grant or registration of patent right |