MX2013000478A - Identificacion de software malicioso polimorfico. - Google Patents

Identificacion de software malicioso polimorfico.

Info

Publication number
MX2013000478A
MX2013000478A MX2013000478A MX2013000478A MX2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A
Authority
MX
Mexico
Prior art keywords
metadata
electronic file
polymorphic malware
hash value
received
Prior art date
Application number
MX2013000478A
Other languages
English (en)
Inventor
Timo Harmonen
Original Assignee
F Secure Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F Secure Corp filed Critical F Secure Corp
Publication of MX2013000478A publication Critical patent/MX2013000478A/es

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Stored Programmes (AREA)

Abstract

Se describen un método y aparato para identificar un archivo electrónico como software malicioso polimórfico. Un servidor recibe de un dispositivo de cliente un valor hash y metadatos asociados con un archivo electrónico. El servidor determina que los metadatos recibidos se refieren a metadatos correspondientes almacenados en una base de datos, los metadatos almacenados correspondientes están asociados con un valor hash adicional que difiere del valor hash recibido. Se hace una determinación de que cada uno de los valores hash recibidos ha sido reportado por menos de un número predeterminado de clientes y, como un resultado, se determina que el archivo electrónico probablemente va a ser un software malicioso poli mórfico.
MX2013000478A 2010-07-13 2011-05-13 Identificacion de software malicioso polimorfico. MX2013000478A (es)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/804,123 US8683216B2 (en) 2010-07-13 2010-07-13 Identifying polymorphic malware
PCT/EP2011/057805 WO2012007202A1 (en) 2010-07-13 2011-05-13 Identifying polymorphic malware

Publications (1)

Publication Number Publication Date
MX2013000478A true MX2013000478A (es) 2013-05-17

Family

ID=44260777

Family Applications (1)

Application Number Title Priority Date Filing Date
MX2013000478A MX2013000478A (es) 2010-07-13 2011-05-13 Identificacion de software malicioso polimorfico.

Country Status (7)

Country Link
US (1) US8683216B2 (es)
EP (1) EP2593893B1 (es)
CN (1) CN102985928B (es)
BR (1) BR112013000567A2 (es)
CL (1) CL2013000126A1 (es)
MX (1) MX2013000478A (es)
WO (1) WO2012007202A1 (es)

Families Citing this family (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8176477B2 (en) * 2007-09-14 2012-05-08 International Business Machines Corporation Method, system and program product for optimizing emulation of a suspected malware
US8732473B2 (en) * 2010-06-01 2014-05-20 Microsoft Corporation Claim based content reputation service
KR20120072120A (ko) * 2010-12-23 2012-07-03 한국전자통신연구원 악성 파일 진단 장치 및 방법, 악성 파일 감시 장치 및 방법
US8874579B2 (en) 2011-08-18 2014-10-28 Verisign, Inc. Systems and methods for identifying associations between malware samples
US8875293B2 (en) * 2011-09-22 2014-10-28 Raytheon Company System, method, and logic for classifying communications
US9223978B2 (en) * 2011-10-28 2015-12-29 Confer Technologies, Inc. Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
US8806641B1 (en) * 2011-11-15 2014-08-12 Symantec Corporation Systems and methods for detecting malware variants
RU2487405C1 (ru) 2011-11-24 2013-07-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для исправления антивирусных записей
GB2492857B (en) * 2011-11-30 2013-07-17 Avecto Ltd Method and computer device to control software file downloads
US9367687B1 (en) * 2011-12-22 2016-06-14 Emc Corporation Method for malware detection using deep inspection and data discovery agents
US8856930B2 (en) * 2012-03-30 2014-10-07 F-Secure Corporation Download control
CN103532730B (zh) * 2012-07-06 2016-09-07 哈尔滨安天科技股份有限公司 基于自解压技术的黑白名单自动化动态维护的方法及系统
US9262712B2 (en) 2013-03-08 2016-02-16 International Business Machines Corporation Structural descriptions for neurosynaptic networks
CN104253791B (zh) * 2013-06-27 2017-12-15 华为终端(东莞)有限公司 一种网页应用程序的安全访问方法、服务器和客户端
RU2580036C2 (ru) 2013-06-28 2016-04-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ создания гибкой свертки для обнаружения вредоносных программ
US9852290B1 (en) 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
US9336025B2 (en) 2013-07-12 2016-05-10 The Boeing Company Systems and methods of analyzing a software component
US9280369B1 (en) 2013-07-12 2016-03-08 The Boeing Company Systems and methods of analyzing a software component
US9396082B2 (en) 2013-07-12 2016-07-19 The Boeing Company Systems and methods of analyzing a software component
WO2015026971A2 (en) * 2013-08-20 2015-02-26 Shanklin Steven Dale Application trust-listing security service
US9479521B2 (en) 2013-09-30 2016-10-25 The Boeing Company Software network behavior analysis and identification system
US8863284B1 (en) 2013-10-10 2014-10-14 Kaspersky Lab Zao System and method for determining a security status of potentially malicious files
US8739287B1 (en) * 2013-10-10 2014-05-27 Kaspersky Lab Zao Determining a security status of potentially malicious files
US10083300B2 (en) * 2013-12-27 2018-09-25 Mcafee, Llc Segregating executable files exhibiting network activity
US9832217B2 (en) * 2014-03-13 2017-11-28 International Business Machines Corporation Computer implemented techniques for detecting, investigating and remediating security violations to IT infrastructure
CN103955645B (zh) * 2014-04-28 2017-03-08 百度在线网络技术(北京)有限公司 恶意进程行为的检测方法、装置及系统
US9015814B1 (en) 2014-06-10 2015-04-21 Kaspersky Lab Zao System and methods for detecting harmful files of different formats
CN104077526B (zh) * 2014-06-20 2018-03-06 珠海市君天电子科技有限公司 多态病毒的分析方法和分析装置及病毒处理方法和处理装置
US9361458B1 (en) 2014-10-08 2016-06-07 Trend Micro Incorporated Locality-sensitive hash-based detection of malicious codes
US9852370B2 (en) 2014-10-30 2017-12-26 International Business Machines Corporation Mapping graphs onto core-based neuromorphic architectures
US10204301B2 (en) 2015-03-18 2019-02-12 International Business Machines Corporation Implementing a neural network algorithm on a neurosynaptic substrate based on criteria related to the neurosynaptic substrate
US9971965B2 (en) 2015-03-18 2018-05-15 International Business Machines Corporation Implementing a neural network algorithm on a neurosynaptic substrate based on metadata associated with the neural network algorithm
US9984323B2 (en) * 2015-03-26 2018-05-29 International Business Machines Corporation Compositional prototypes for scalable neurosynaptic networks
US10075453B2 (en) * 2015-03-31 2018-09-11 Juniper Networks, Inc. Detecting suspicious files resident on a network
US10621613B2 (en) 2015-05-05 2020-04-14 The Nielsen Company (Us), Llc Systems and methods for monitoring malicious software engaging in online advertising fraud or other form of deceit
US9813248B2 (en) * 2015-05-27 2017-11-07 Quest Software Inc. Content-based encryption keys
US10129291B2 (en) 2015-06-27 2018-11-13 Mcafee, Llc Anomaly detection to identify malware
RU2624552C2 (ru) 2015-06-30 2017-07-04 Закрытое акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, исполняемых с помощью стековой виртуальной машины
CN105488361B (zh) * 2015-11-20 2018-09-25 北京奇虎科技有限公司 盗版应用检测方法和装置、系统
US10606844B1 (en) * 2015-12-04 2020-03-31 Ca, Inc. Method and apparatus for identifying legitimate files using partial hash based cloud reputation
US9800588B1 (en) * 2015-12-16 2017-10-24 Symantec Corporation Automated analysis pipeline determination in a malware analysis environment
US9836603B2 (en) * 2015-12-30 2017-12-05 Symantec Corporation Systems and methods for automated generation of generic signatures used to detect polymorphic malware
EP3408989B1 (en) * 2016-01-27 2021-07-28 Hewlett Packard Enterprise Development LP Detecting malware on spdy connections
CN107229860A (zh) * 2016-03-24 2017-10-03 中国电子科技集团公司电子科学研究院 在集中环境中安全管理桌面应用的方法及系统
US10505960B2 (en) 2016-06-06 2019-12-10 Samsung Electronics Co., Ltd. Malware detection by exploiting malware re-composition variations using feature evolutions and confusions
US10181035B1 (en) * 2016-06-16 2019-01-15 Symantec Corporation System and method for .Net PE file malware detection
US11522901B2 (en) 2016-09-23 2022-12-06 OPSWAT, Inc. Computer security vulnerability assessment
US9749349B1 (en) * 2016-09-23 2017-08-29 OPSWAT, Inc. Computer security vulnerability assessment
US10440051B2 (en) * 2017-03-03 2019-10-08 Bank Of America Corporation Enhanced detection of polymorphic malicious content within an entity
US10834099B2 (en) * 2017-05-23 2020-11-10 Juniper Networks, Inc. Identifying a file using metadata and determining a security classification of the file before completing receipt of the file
US10594725B2 (en) 2017-07-27 2020-03-17 Cypress Semiconductor Corporation Generating and analyzing network profile data
US10432648B1 (en) * 2017-08-28 2019-10-01 Palo Alto Networks, Inc. Automated malware family signature generation
US11308207B2 (en) * 2018-03-30 2022-04-19 Microsoft Technology Licensing, Llc User verification of malware impacted files
US10992703B2 (en) * 2019-03-04 2021-04-27 Malwarebytes Inc. Facet whitelisting in anomaly detection
US11455403B2 (en) * 2020-01-20 2022-09-27 International Business Machines Corporation Privacy-preserving document sharing

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073617A1 (en) * 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20030200441A1 (en) * 2002-04-19 2003-10-23 International Business Machines Corporation Detecting randomness in computer network traffic
US7398399B2 (en) * 2003-12-12 2008-07-08 International Business Machines Corporation Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network
US7987160B2 (en) * 2006-01-30 2011-07-26 Microsoft Corporation Status tool to expose metadata read and write queues
US8006306B2 (en) * 2006-03-21 2011-08-23 Riverbed Technology, Inc. Exploit-based worm propagation mitigation
US8255420B2 (en) * 2006-05-23 2012-08-28 Noryan Holding Corporation Distributed storage
US8312536B2 (en) * 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US8732825B2 (en) * 2008-05-28 2014-05-20 Symantec Corporation Intelligent hashes for centralized malware detection
US8931086B2 (en) * 2008-09-26 2015-01-06 Symantec Corporation Method and apparatus for reducing false positive detection of malware
US20100192222A1 (en) * 2009-01-23 2010-07-29 Microsoft Corporation Malware detection using multiple classifiers

Also Published As

Publication number Publication date
CL2013000126A1 (es) 2013-09-06
EP2593893B1 (en) 2016-11-16
CN102985928A (zh) 2013-03-20
US20120017275A1 (en) 2012-01-19
US8683216B2 (en) 2014-03-25
EP2593893A1 (en) 2013-05-22
WO2012007202A1 (en) 2012-01-19
BR112013000567A2 (pt) 2016-07-05
CN102985928B (zh) 2016-09-28

Similar Documents

Publication Publication Date Title
MX2013000478A (es) Identificacion de software malicioso polimorfico.
GB2501203A (en) Detecting a trojan horse
WO2012047593A3 (en) Method and apparatus of ordering search results
MX2018009876A (es) Encapsulamiento y desencapsulamiento de medios.
EP2557522A3 (en) Software part validation using hash values
WO2014047337A3 (en) Systems and methods for live media content matching
GB201618161D0 (en) Improved method, system and software for searching, identifying, retrieving and presenting electronic documents
GB2509036A (en) Providing a network-accessible malware analysis
EP2499612A4 (en) METHOD AND DEVICE FOR DATA MANAGEMENT
EP2674722A3 (en) Method of determining a deviation from expected jam conditions
EP2759942A4 (en) COMPUTER SYSTEM, FILE MANAGEMENT METHOD AND METADATA SERVER
WO2012033319A3 (ko) 스트리밍 컨텐츠 제공 장치 및 방법
MX2016009174A (es) Sistemas y metodos para descargar contenido digital basado en prioridades.
WO2012149043A3 (en) Method and apparatus for caching in a networked environment
GB2502715A (en) Malware Detection
MX2017003416A (es) Evaluacion de reputacion de archivos.
GB201203233D0 (en) Method and device for a meta data fragment from a metadata component associated with multimedia data
GB201209399D0 (en) A method for identifying pairs of derivative and original images
WO2014081549A8 (en) Segmented graphical review system and method
MX2015000205A (es) Metodo, dispositivo, servidor y terminal para visitar pagina web.
GB2514963A (en) Document processing
WO2014121239A3 (en) Multiplexed digital assay with data exclusion for calculation of target levels
WO2014004545A3 (en) Pushing business objects
WO2014186696A3 (en) Managing communications in a multi-client, multi-server environment
GB201021861D0 (en) System and method for providing data from a server to a client

Legal Events

Date Code Title Description
FG Grant or registration