RU2012156443A - Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной - Google Patents
Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной Download PDFInfo
- Publication number
- RU2012156443A RU2012156443A RU2012156443/08A RU2012156443A RU2012156443A RU 2012156443 A RU2012156443 A RU 2012156443A RU 2012156443/08 A RU2012156443/08 A RU 2012156443/08A RU 2012156443 A RU2012156443 A RU 2012156443A RU 2012156443 A RU2012156443 A RU 2012156443A
- Authority
- RU
- Russia
- Prior art keywords
- virtual machine
- exception
- code
- context
- information
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
1. Способ обнаружения угроз в коде, исполняемом виртуальной машиной, в котором:а) модифицируют код виртуальной машины для:- отслеживания исключений внутри виртуальной машины;- управления виртуальной машиной;б) отслеживают исключения внутри виртуальной машины;в) останавливают виртуальную машину, при наступлении исключения;г) получают информацию о контексте исключения, содержащего данные о событиях виртуальной машины, приведших к этому исключению;д) анализируют контекст исключения на наличие поведения характерного для угрозы;е) обнаруживают угрозу на основании анализа;2. Способ по п.1, в котором к исключениям внутри виртуальной машины относятся критические события, которые могут вызвать нарушение правил, установленных политикой безопасности3. Способ по п.1, в котором модификацию кода используют для сбора статистической информации о выявленных угрозах.4. Способ по п.1, в котором модификация кода виртуальной машины осуществляется путем перегрузки методов класса.5. Система обнаружения угроз в коде, исполняемом виртуальной машиной, содержит:а) виртуальную машину, модифицированную модулем контроля, предназначенную для исполнения анализируемого кода;б) модуль контроля, предназначенный для:- модификации кода виртуальной машины;- отслеживания исключений в виртуальной машине;- сбора информации о контексте исключения;- отправки информации о контексте исключения модулю анализа;- остановки работы виртуальной машины по указанию модуля анализа;в) модуль анализа, предназначенный для:- анализа информации о контексте исключения, полученной от модуля контроля на наличие угрозы;- обнаружения угроза по результатам анализа;6.
Claims (9)
1. Способ обнаружения угроз в коде, исполняемом виртуальной машиной, в котором:
а) модифицируют код виртуальной машины для:
- отслеживания исключений внутри виртуальной машины;
- управления виртуальной машиной;
б) отслеживают исключения внутри виртуальной машины;
в) останавливают виртуальную машину, при наступлении исключения;
г) получают информацию о контексте исключения, содержащего данные о событиях виртуальной машины, приведших к этому исключению;
д) анализируют контекст исключения на наличие поведения характерного для угрозы;
е) обнаруживают угрозу на основании анализа;
2. Способ по п.1, в котором к исключениям внутри виртуальной машины относятся критические события, которые могут вызвать нарушение правил, установленных политикой безопасности
3. Способ по п.1, в котором модификацию кода используют для сбора статистической информации о выявленных угрозах.
4. Способ по п.1, в котором модификация кода виртуальной машины осуществляется путем перегрузки методов класса.
5. Система обнаружения угроз в коде, исполняемом виртуальной машиной, содержит:
а) виртуальную машину, модифицированную модулем контроля, предназначенную для исполнения анализируемого кода;
б) модуль контроля, предназначенный для:
- модификации кода виртуальной машины;
- отслеживания исключений в виртуальной машине;
- сбора информации о контексте исключения;
- отправки информации о контексте исключения модулю анализа;
- остановки работы виртуальной машины по указанию модуля анализа;
в) модуль анализа, предназначенный для:
- анализа информации о контексте исключения, полученной от модуля контроля на наличие угрозы;
- обнаружения угроза по результатам анализа;
6. Система по п.5, в которой модуль контроля дополнительно используется для сбора статистической информации о выявленных угрозах.
7. Система по п.6, в которой наполнение баз осуществляется на основании собранной статистической информации о выявленных угрозах.
8. Система по п.5, в которой анализ информации о контексте исключения осуществляется путем сравнения информации о контексте с внешней обновляемой базой шаблонов;
9. Система по п.5, в которой модификация виртуальной машины осуществляется путем перегрузки методов класса.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2012156443/08A RU2522019C1 (ru) | 2012-12-25 | 2012-12-25 | Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной |
US13/767,391 US8713631B1 (en) | 2012-12-25 | 2013-02-14 | System and method for detecting malicious code executed by virtual machine |
FR1354230A FR3000249B3 (fr) | 2012-12-25 | 2013-05-10 | Systeme et procede de detection d'un code malveillant execute par une machine virtuelle |
DE201320102179 DE202013102179U1 (de) | 2012-12-25 | 2013-05-17 | System zu detektieren von durch eine virtuelle Maschine ausgeführtem Schadcode |
CN201310642107.1A CN103593608B (zh) | 2012-12-25 | 2013-12-03 | 用于检测由虚拟机所执行的恶意代码的系统和方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2012156443/08A RU2522019C1 (ru) | 2012-12-25 | 2012-12-25 | Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной |
Publications (2)
Publication Number | Publication Date |
---|---|
RU2012156443A true RU2012156443A (ru) | 2014-06-27 |
RU2522019C1 RU2522019C1 (ru) | 2014-07-10 |
Family
ID=49112613
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
RU2012156443/08A RU2522019C1 (ru) | 2012-12-25 | 2012-12-25 | Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной |
Country Status (5)
Country | Link |
---|---|
US (1) | US8713631B1 (ru) |
CN (1) | CN103593608B (ru) |
DE (1) | DE202013102179U1 (ru) |
FR (1) | FR3000249B3 (ru) |
RU (1) | RU2522019C1 (ru) |
Families Citing this family (208)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9009822B1 (en) * | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
US9338143B2 (en) | 2013-03-15 | 2016-05-10 | Shape Security, Inc. | Stateless web content anti-automation |
US9225737B2 (en) | 2013-03-15 | 2015-12-29 | Shape Security, Inc. | Detecting the introduction of alien content |
US8869281B2 (en) | 2013-03-15 | 2014-10-21 | Shape Security, Inc. | Protecting against the introduction of alien content |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US20140283038A1 (en) | 2013-03-15 | 2014-09-18 | Shape Security Inc. | Safe Intelligent Content Modification |
US9298911B2 (en) * | 2013-03-15 | 2016-03-29 | Intel Corporation | Method, apparatus, system, and computer readable medium for providing apparatus security |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9088541B2 (en) * | 2013-05-31 | 2015-07-21 | Catbird Networks, Inc. | Systems and methods for dynamic network security control and configuration |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US8943592B1 (en) * | 2013-07-15 | 2015-01-27 | Eset, Spol. S.R.O. | Methods of detection of software exploitation |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9223964B2 (en) * | 2013-12-05 | 2015-12-29 | Mcafee, Inc. | Detecting JAVA sandbox escaping attacks based on JAVA bytecode instrumentation and JAVA method hooking |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9817638B2 (en) * | 2013-12-27 | 2017-11-14 | Symantec Corporation | Systems and methods for injecting code into an application |
US9292686B2 (en) | 2014-01-16 | 2016-03-22 | Fireeye, Inc. | Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment |
US8954583B1 (en) | 2014-01-20 | 2015-02-10 | Shape Security, Inc. | Intercepting and supervising calls to transformed operations and objects |
US8893294B1 (en) | 2014-01-21 | 2014-11-18 | Shape Security, Inc. | Flexible caching |
US9225729B1 (en) | 2014-01-21 | 2015-12-29 | Shape Security, Inc. | Blind hash compression |
DE102014201592A1 (de) | 2014-01-29 | 2015-07-30 | Siemens Aktiengesellschaft | Verfahren und Vorrichtungen zum Erkennen von autonomer, selbstpropagierender Software |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9721092B2 (en) * | 2014-03-27 | 2017-08-01 | International Busines Machines Corporation | Monitoring an application in a process virtual machine |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US8997226B1 (en) * | 2014-04-17 | 2015-03-31 | Shape Security, Inc. | Detection of client-side malware activity |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10089216B2 (en) | 2014-06-30 | 2018-10-02 | Shape Security, Inc. | Automatically determining whether a page of a web site is broken despite elements on the page that may change |
US9075990B1 (en) | 2014-07-01 | 2015-07-07 | Shape Security, Inc. | Reliable selection of security countermeasures |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9356945B2 (en) * | 2014-07-17 | 2016-05-31 | Check Point Advanced Threat Prevention Ltd | Automatic content inspection system for exploit detection |
US9672354B2 (en) | 2014-08-18 | 2017-06-06 | Bitdefender IPR Management Ltd. | Systems and methods for exposing a result of a current processor instruction upon exiting a virtual machine |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US9934380B2 (en) * | 2014-12-23 | 2018-04-03 | Mcafee, Llc | Execution profiling detection of malicious objects |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
WO2016107754A1 (en) | 2014-12-30 | 2016-07-07 | British Telecommunications Public Limited Company | Malware detection |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
EP3241140B1 (en) | 2014-12-30 | 2021-08-18 | British Telecommunications public limited company | Malware detection in migrated virtual machines |
CN104461832B (zh) * | 2015-01-07 | 2017-09-12 | 浪潮(北京)电子信息产业有限公司 | 一种监控应用服务器资源的方法及装置 |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US9986058B2 (en) | 2015-05-21 | 2018-05-29 | Shape Security, Inc. | Security systems for mitigating attacks from a headless browser executing on a client computer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
WO2017007705A1 (en) | 2015-07-06 | 2017-01-12 | Shape Security, Inc. | Asymmetrical challenges for web security |
US10230718B2 (en) | 2015-07-07 | 2019-03-12 | Shape Security, Inc. | Split serving of computer code |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10375026B2 (en) | 2015-10-28 | 2019-08-06 | Shape Security, Inc. | Web transaction status tracking |
US9817971B2 (en) * | 2015-10-29 | 2017-11-14 | International Business Machines Corporation | Using call stack snapshots to detect anomalous computer behavior |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
WO2017109129A1 (en) * | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Software security |
WO2017108575A1 (en) | 2015-12-24 | 2017-06-29 | British Telecommunications Public Limited Company | Malicious software identification |
US10839077B2 (en) * | 2015-12-24 | 2020-11-17 | British Telecommunications Public Limited Company | Detecting malicious software |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10116625B2 (en) * | 2016-01-08 | 2018-10-30 | Secureworks, Corp. | Systems and methods for secure containerization |
US10009380B2 (en) | 2016-01-08 | 2018-06-26 | Secureworks Corp. | Systems and methods for security configuration |
BR112018015014A2 (pt) * | 2016-01-24 | 2018-12-18 | Kamran Hasan Syed | sistema de segurança de computador com base em inteligência artificial |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US11159549B2 (en) | 2016-03-30 | 2021-10-26 | British Telecommunications Public Limited Company | Network traffic threat identification |
EP3437290B1 (en) | 2016-03-30 | 2020-08-26 | British Telecommunications public limited company | Detecting computer security threats |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
RU2634211C1 (ru) | 2016-07-06 | 2017-10-24 | Общество с ограниченной ответственностью "Траст" | Способ и система анализа протоколов взаимодействия вредоносных программ с центрами управления и выявления компьютерных атак |
RU2649793C2 (ru) | 2016-08-03 | 2018-04-04 | ООО "Группа АйБи" | Способ и система выявления удаленного подключения при работе на страницах веб-ресурса |
EP3500970B8 (en) | 2016-08-16 | 2021-09-22 | British Telecommunications Public Limited Company | Mitigating security attacks in virtualised computing environments |
EP3500969A1 (en) | 2016-08-16 | 2019-06-26 | British Telecommunications Public Limited Company | Reconfigured virtual machine to mitigate attack |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
RU2634209C1 (ru) | 2016-09-19 | 2017-10-24 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Система и способ автогенерации решающих правил для систем обнаружения вторжений с обратной связью |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10430591B1 (en) * | 2016-10-04 | 2019-10-01 | Bromium, Inc. | Using threat model to monitor host execution in a virtualized environment |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
RU2671991C2 (ru) | 2016-12-29 | 2018-11-08 | Общество с ограниченной ответственностью "Траст" | Система и способ сбора информации для обнаружения фишинга |
RU2637477C1 (ru) | 2016-12-29 | 2017-12-04 | Общество с ограниченной ответственностью "Траст" | Система и способ обнаружения фишинговых веб-страниц |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
RU2689816C2 (ru) | 2017-11-21 | 2019-05-29 | ООО "Группа АйБи" | Способ для классифицирования последовательности действий пользователя (варианты) |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
RU2676247C1 (ru) | 2018-01-17 | 2018-12-26 | Общество С Ограниченной Ответственностью "Группа Айби" | Способ и компьютерное устройство для кластеризации веб-ресурсов |
RU2677368C1 (ru) | 2018-01-17 | 2019-01-16 | Общество С Ограниченной Ответственностью "Группа Айби" | Способ и система для автоматического определения нечетких дубликатов видеоконтента |
RU2668710C1 (ru) | 2018-01-17 | 2018-10-02 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Вычислительное устройство и способ для обнаружения вредоносных доменных имен в сетевом трафике |
RU2680736C1 (ru) | 2018-01-17 | 2019-02-26 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Сервер и способ для определения вредоносных файлов в сетевом трафике |
RU2677361C1 (ru) | 2018-01-17 | 2019-01-16 | Общество с ограниченной ответственностью "Траст" | Способ и система децентрализованной идентификации вредоносных программ |
RU2681699C1 (ru) | 2018-02-13 | 2019-03-12 | Общество с ограниченной ответственностью "Траст" | Способ и сервер для поиска связанных сетевых ресурсов |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
RU2708508C1 (ru) | 2018-12-17 | 2019-12-09 | Общество с ограниченной ответственностью "Траст" | Способ и вычислительное устройство для выявления подозрительных пользователей в системах обмена сообщениями |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
CN111382440A (zh) * | 2018-12-27 | 2020-07-07 | 北京奇虎科技有限公司 | 基于虚拟机实现的cpu漏洞检测方法及系统 |
CN111444508A (zh) * | 2018-12-27 | 2020-07-24 | 北京奇虎科技有限公司 | 基于虚拟机实现的cpu漏洞检测装置及方法 |
RU2701040C1 (ru) | 2018-12-28 | 2019-09-24 | Общество с ограниченной ответственностью "Траст" | Способ и вычислительное устройство для информирования о вредоносных веб-ресурсах |
SG11202101624WA (en) | 2019-02-27 | 2021-03-30 | Group Ib Ltd | Method and system for user identification by keystroke dynamics |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
RU2728498C1 (ru) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система определения принадлежности программного обеспечения по его исходному коду |
RU2728497C1 (ru) | 2019-12-05 | 2020-07-29 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система определения принадлежности программного обеспечения по его машинному коду |
RU2743974C1 (ru) | 2019-12-19 | 2021-03-01 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Система и способ сканирования защищенности элементов сетевой архитектуры |
SG10202001963TA (en) | 2020-03-04 | 2021-10-28 | Group Ib Global Private Ltd | System and method for brand protection based on the search results |
CN112019506B (zh) * | 2020-07-28 | 2023-04-18 | 杭州安恒信息技术股份有限公司 | 基于行为识别的钓鱼邮件检测方法、电子装置及介质 |
RU2743619C1 (ru) | 2020-08-06 | 2021-02-20 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | Способ и система генерации списка индикаторов компрометации |
CN112822291A (zh) * | 2021-02-07 | 2021-05-18 | 国网福建省电力有限公司电力科学研究院 | 一种工控设备的监测方法与装置 |
US11947572B2 (en) | 2021-03-29 | 2024-04-02 | Group IB TDS, Ltd | Method and system for clustering executable files |
US11411805B1 (en) | 2021-07-12 | 2022-08-09 | Bank Of America Corporation | System and method for detecting root cause of an exception error in a task flow in a distributed network |
CN113806750B (zh) * | 2021-09-24 | 2024-02-23 | 深信服科技股份有限公司 | 文件安全风险检测方法、模型的训练方法、装置和设备 |
US20230195881A1 (en) * | 2021-12-16 | 2023-06-22 | Hewlett-Packard Development Company, L.P. | Virtual machines to install untrusted executable codes |
US11438251B1 (en) | 2022-02-28 | 2022-09-06 | Bank Of America Corporation | System and method for automatic self-resolution of an exception error in a distributed network |
US11892937B2 (en) | 2022-02-28 | 2024-02-06 | Bank Of America Corporation | Developer test environment with containerization of tightly coupled systems |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE69738810D1 (de) | 1996-01-24 | 2008-08-14 | Sun Microsystems Inc | Befehlsfalten in einem stapelspeicherprozessor |
US7007301B2 (en) | 2000-06-12 | 2006-02-28 | Hewlett-Packard Development Company, L.P. | Computer architecture for an intrusion detection system |
GB2378535A (en) * | 2001-08-06 | 2003-02-12 | Ibm | Method and apparatus for suspending a software virtual machine |
US20030229794A1 (en) * | 2002-06-07 | 2003-12-11 | Sutton James A. | System and method for protection against untrusted system management code by redirecting a system management interrupt and creating a virtual machine container |
US20050076186A1 (en) | 2003-10-03 | 2005-04-07 | Microsoft Corporation | Systems and methods for improving the x86 architecture for processor virtualization, and software systems and methods for utilizing the improvements |
US7263690B1 (en) | 2003-11-14 | 2007-08-28 | Sun Microsystems, Inc. | Mechanism for safe byte code in a tracing framework |
US8239939B2 (en) * | 2005-07-15 | 2012-08-07 | Microsoft Corporation | Browser protection module |
US8201246B1 (en) | 2008-02-25 | 2012-06-12 | Trend Micro Incorporated | Preventing malicious codes from performing malicious actions in a computer system |
US9823992B2 (en) * | 2008-06-20 | 2017-11-21 | Vmware, Inc. | Decoupling dynamic program analysis from execution in virtual environments |
US9098698B2 (en) | 2008-09-12 | 2015-08-04 | George Mason Research Foundation, Inc. | Methods and apparatus for application isolation |
KR101493076B1 (ko) | 2009-04-07 | 2015-02-12 | 삼성전자 주식회사 | 버퍼 오버플로우 관리를 통한 바이러스 코드 실행방지장치 및 그 방법 |
US8225317B1 (en) | 2009-04-17 | 2012-07-17 | Symantec Corporation | Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines |
US20110197256A1 (en) | 2009-12-18 | 2011-08-11 | Assured Information Security, Inc. | Methods for securing a processing system and devices thereof |
US8966623B2 (en) | 2010-03-08 | 2015-02-24 | Vmware, Inc. | Managing execution of a running-page in a virtual machine |
CN102750475B (zh) * | 2012-06-07 | 2017-08-15 | 中国电子科技集团公司第三十研究所 | 基于虚拟机内外视图交叉比对恶意代码行为检测方法及系统 |
-
2012
- 2012-12-25 RU RU2012156443/08A patent/RU2522019C1/ru active
-
2013
- 2013-02-14 US US13/767,391 patent/US8713631B1/en active Active
- 2013-05-10 FR FR1354230A patent/FR3000249B3/fr not_active Expired - Lifetime
- 2013-05-17 DE DE201320102179 patent/DE202013102179U1/de not_active Expired - Lifetime
- 2013-12-03 CN CN201310642107.1A patent/CN103593608B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
US8713631B1 (en) | 2014-04-29 |
CN103593608A (zh) | 2014-02-19 |
DE202013102179U1 (de) | 2013-08-01 |
RU2522019C1 (ru) | 2014-07-10 |
CN103593608B (zh) | 2016-11-23 |
FR3000249A3 (fr) | 2014-06-27 |
FR3000249B3 (fr) | 2015-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2012156443A (ru) | Система и способ обнаружения угроз в коде, исполняемом виртуальной машиной | |
RU2012156432A (ru) | Система и способ повышения защищенности данных организации путем создания изолированной среды | |
US10148686B2 (en) | Telemetry analysis system for physical process anomaly detection | |
CN105247532B (zh) | 使用硬件特征的对异常进程的无监督的检测 | |
Ravi et al. | Malware detection using windows api sequence and machine learning | |
US9419996B2 (en) | Detection and prevention for malicious threats | |
RU2012156433A (ru) | Система и способ обнаружения вредоносного программного обеспечения путем создания изолированной среды | |
US9892259B2 (en) | Security protection system and method | |
CN104753946A (zh) | 一种基于网络流量元数据的安全分析框架 | |
WO2012115956A3 (en) | Systems and methods for providing a computing device having a secure operating system kernel | |
BR112018069481A2 (pt) | métodos e sistemas para utilizar informações coletadas a partir de múltiplos sensores para proteger um veículo contra softwares maliciosos e ataques | |
RU2014148962A (ru) | Система и способ ограничения работы доверенных приложений при наличии подозрительных приложений | |
WO2009097610A1 (en) | A vmm-based intrusion detection system | |
US10158653B1 (en) | Artificial intelligence with cyber security | |
RU2013136976A (ru) | Система и способ временной защиты операционной системы программно-аппаратных устройств от приложений, содержащих уязвимости | |
CN104392177A (zh) | 基于安卓平台的病毒取证系统及其方法 | |
US11575688B2 (en) | Method of malware characterization and prediction | |
WO2018016671A3 (ko) | 보안 취약점 점검을 위한 위험성 코드 검출 시스템 및 그 방법 | |
Pandey et al. | Performance of malware detection tools: A comparison | |
Mishra et al. | PSI-NetVisor: Program semantic aware intrusion detection at network and hypervisor layer in cloud | |
KR101444250B1 (ko) | 개인정보 접근감시 시스템 및 그 방법 | |
RU2011132618A (ru) | Система и способ автоматического расследования инцидентов безопасности | |
KR101386605B1 (ko) | 권한정보 관리를 통한 악성코드 탐지방법 | |
KR20150056268A (ko) | 공장 운영 장애에 대한 분석용 어플리케이션 및 분석 방법 | |
RU2013158126A (ru) | Система и способ обнаружения направленных атак на корпоративную инфраструктуру |