RU2645268C2 - Сложное классифицирование для выявления вредоносных программ - Google Patents

Сложное классифицирование для выявления вредоносных программ Download PDF

Info

Publication number
RU2645268C2
RU2645268C2 RU2016114944A RU2016114944A RU2645268C2 RU 2645268 C2 RU2645268 C2 RU 2645268C2 RU 2016114944 A RU2016114944 A RU 2016114944A RU 2016114944 A RU2016114944 A RU 2016114944A RU 2645268 C2 RU2645268 C2 RU 2645268C2
Authority
RU
Russia
Prior art keywords
entity
indicator
response
collection
entities
Prior art date
Application number
RU2016114944A
Other languages
English (en)
Russian (ru)
Other versions
RU2016114944A (ru
Inventor
Сандор ЛУКАКС
Раул-Василе ТОША
Паул-Даниэл БОКА
Георге-Флорин ХАЖМАШАН
Андрей-Влад ЛУЦАС
Original Assignee
БИТДЕФЕНДЕР АйПиАр МЕНЕДЖМЕНТ ЛТД
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by БИТДЕФЕНДЕР АйПиАр МЕНЕДЖМЕНТ ЛТД filed Critical БИТДЕФЕНДЕР АйПиАр МЕНЕДЖМЕНТ ЛТД
Publication of RU2016114944A publication Critical patent/RU2016114944A/ru
Application granted granted Critical
Publication of RU2645268C2 publication Critical patent/RU2645268C2/ru

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)
RU2016114944A 2013-10-04 2014-09-25 Сложное классифицирование для выявления вредоносных программ RU2645268C2 (ru)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/046,728 US9323931B2 (en) 2013-10-04 2013-10-04 Complex scoring for malware detection
US14/046,728 2013-10-04
PCT/RO2014/000027 WO2015050469A1 (en) 2013-10-04 2014-09-25 Complex scoring for malware detection

Publications (2)

Publication Number Publication Date
RU2016114944A RU2016114944A (ru) 2017-11-13
RU2645268C2 true RU2645268C2 (ru) 2018-02-19

Family

ID=52001042

Family Applications (1)

Application Number Title Priority Date Filing Date
RU2016114944A RU2645268C2 (ru) 2013-10-04 2014-09-25 Сложное классифицирование для выявления вредоносных программ

Country Status (11)

Country Link
US (1) US9323931B2 (enExample)
EP (1) EP3053087A1 (enExample)
JP (1) JP6317435B2 (enExample)
KR (1) KR101948711B1 (enExample)
CN (1) CN105593870B (enExample)
AU (1) AU2014330136B2 (enExample)
CA (1) CA2931325C (enExample)
IL (1) IL244861B (enExample)
RU (1) RU2645268C2 (enExample)
SG (1) SG11201602586SA (enExample)
WO (1) WO2015050469A1 (enExample)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2708356C1 (ru) * 2018-06-29 2019-12-05 Акционерное общество "Лаборатория Касперского" Система и способ двухэтапной классификации файлов
RU2739833C1 (ru) * 2019-06-28 2020-12-28 Акционерное общество "Лаборатория Касперского" Система и способ снижения нагрузки на сервис обнаружения вредоносных приложений
US11017083B2 (en) 2018-10-17 2021-05-25 International Business Machines Corporation Multiple phase graph partitioning for malware entity detection
RU2752241C2 (ru) * 2019-12-25 2021-07-23 Общество С Ограниченной Ответственностью «Яндекс» Способ и система для выявления вредоносной активности предопределенного типа в локальной сети

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9733976B2 (en) * 2014-03-27 2017-08-15 Barkly Protects, Inc. Method and apparatus for SYSRET monitoring of system interactions
US10078752B2 (en) 2014-03-27 2018-09-18 Barkly Protects, Inc. Continuous malicious software identification through responsive machine learning
EP3123390A4 (en) * 2014-03-27 2017-10-25 Barkly Protects, Inc. Malicious software identification integrating behavioral analytics and hardware events
JP6370098B2 (ja) * 2014-05-16 2018-08-08 杉中 順子 情報処理装置、情報処理監視方法、プログラム、及び記録媒体
US9779239B2 (en) * 2015-03-15 2017-10-03 Fujitsu Limited Detection of malicious software behavior using signature-based static analysis
US10116688B1 (en) 2015-03-24 2018-10-30 Symantec Corporation Systems and methods for detecting potentially malicious files
US9646159B2 (en) * 2015-03-31 2017-05-09 Juniper Networks, Inc. Multi-file malware analysis
US9798878B1 (en) 2015-03-31 2017-10-24 Symantec Corporation Systems and methods for detecting text display manipulation attacks
US9767285B2 (en) 2015-06-04 2017-09-19 Accenture Global Services Limited Process categorization using crowdsourcing
US9798877B2 (en) 2015-06-04 2017-10-24 Accenture Global Services Limited Security risk-based resource allocation
US9703961B2 (en) 2015-06-05 2017-07-11 Accenture Global Services Limited Process risk classification
WO2016193831A1 (en) * 2015-06-04 2016-12-08 Accenture Global Services Limited Process categorization for computer security
US10176438B2 (en) 2015-06-19 2019-01-08 Arizona Board Of Regents On Behalf Of Arizona State University Systems and methods for data driven malware task identification
US9942248B1 (en) * 2015-06-24 2018-04-10 Symantec Corporation Systems and methods for adjusting behavioral detection heuristics
RU2618947C2 (ru) * 2015-06-30 2017-05-11 Закрытое акционерное общество "Лаборатория Касперского" Способ предотвращения работы программ, содержащих нежелательный для пользователя функционал
US9852295B2 (en) 2015-07-14 2017-12-26 Bitdefender IPR Management Ltd. Computer security systems and methods using asynchronous introspection exceptions
US10089465B2 (en) 2015-07-24 2018-10-02 Bitdefender IPR Management Ltd. Systems and methods for tracking malicious behavior across multiple software entities
WO2017040957A1 (en) * 2015-09-02 2017-03-09 Nehemiah Security Process launch, monitoring and execution control
RU2634175C2 (ru) * 2015-12-18 2017-10-24 Акционерное общество "Лаборатория Касперского" Способ выполнения антивирусных проверок
US10210331B2 (en) * 2015-12-24 2019-02-19 Mcafee, Llc Executing full logical paths for malware detection
US9965313B2 (en) * 2016-01-05 2018-05-08 Bitdefender IPR Management Ltd. Systems and methods for auditing a virtual machine
US12248560B2 (en) * 2016-03-07 2025-03-11 Crowdstrike, Inc. Hypervisor-based redirection of system calls and interrupt-based task offloading
US12339979B2 (en) * 2016-03-07 2025-06-24 Crowdstrike, Inc. Hypervisor-based interception of memory and register accesses
US10140448B2 (en) 2016-07-01 2018-11-27 Bitdefender IPR Management Ltd. Systems and methods of asynchronous analysis of event notifications for computer security applications
US10635479B2 (en) * 2016-12-19 2020-04-28 Bitdefender IPR Management Ltd. Event filtering for virtual machine security applications
US9734337B1 (en) * 2017-01-24 2017-08-15 Malwarebytes Inc. Behavior-based ransomware detection
US10592664B2 (en) * 2017-02-02 2020-03-17 Cisco Technology, Inc. Container application security and protection
US10061921B1 (en) * 2017-02-13 2018-08-28 Trend Micro Incorporated Methods and systems for detecting computer security threats
US10735468B1 (en) 2017-02-14 2020-08-04 Ca, Inc. Systems and methods for evaluating security services
US10320818B2 (en) * 2017-02-14 2019-06-11 Symantec Corporation Systems and methods for detecting malicious computing events
US10990678B2 (en) * 2017-07-26 2021-04-27 Comodo Security Solutions, Inc. Method to protect application running in a hostile environment
US10467552B2 (en) * 2017-07-31 2019-11-05 Pearson Education, Inc. System and method for automatic content provisioning
KR102023746B1 (ko) * 2019-03-26 2019-09-20 넷마블 주식회사 악성코드 탐지 방법 및 장치
CN111191226B (zh) * 2019-07-04 2023-12-01 腾讯科技(深圳)有限公司 利用提权漏洞的程序的确定方法、装置、设备及存储介质
US11238154B2 (en) * 2019-07-05 2022-02-01 Mcafee, Llc Multi-lateral process trees for malware remediation
CN110598410B (zh) * 2019-09-16 2021-11-16 腾讯科技(深圳)有限公司 一种恶意进程的确定方法、装置、电子设备及存储介质
US10754506B1 (en) * 2019-10-07 2020-08-25 Cyberark Software Ltd. Monitoring and controlling risk compliance in network environments
CN111224942B (zh) * 2019-11-20 2021-11-16 重庆邮电大学 基于三元关联图检测的恶意软件传播控制方法及装置
JP7315023B2 (ja) * 2019-11-28 2023-07-26 日本電信電話株式会社 ルール生成装置およびルール生成プログラム
EP4264465A1 (en) 2020-12-17 2023-10-25 Virsec Systems, Inc. Runtime memory protection (rmp) engine
WO2025051590A1 (en) * 2023-09-05 2025-03-13 Bitdefender Ipr Management Ltd Systems and methods for countering persistent malware
US20250077673A1 (en) * 2023-09-05 2025-03-06 Bitdefender IPR Management Ltd. Systems and Methods for Countering Persistent Malware

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230835A1 (en) * 2003-05-17 2004-11-18 Goldfeder Aaron R. Mechanism for evaluating security risks
WO2010023557A2 (en) * 2008-08-28 2010-03-04 Avg Technologies Cz, S.R.O. Heuristic method of code analysis
RU2454714C1 (ru) * 2010-12-30 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ повышения эффективности обнаружения неизвестных вредоносных объектов
WO2012135192A2 (en) * 2011-03-28 2012-10-04 Mcafee, Inc. System and method for virtual machine monitor based anti-malware security
US20120324575A1 (en) * 2010-02-23 2012-12-20 ISE Information Co., Ltd. System, Method, Program, and Recording Medium for Detecting and Blocking Unwanted Programs in Real Time Based on Process Behavior Analysis and Recording Medium for Storing Program

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2829078B2 (ja) * 1990-02-05 1998-11-25 株式会社日立製作所 プロセス分散方法
US7003110B1 (en) * 2000-11-14 2006-02-21 Lucent Technologies Inc. Software aging method and apparatus for discouraging software piracy
JP3992136B2 (ja) * 2001-12-17 2007-10-17 学校法人金沢工業大学 ウイルス検出方法および装置
US7748039B2 (en) 2002-08-30 2010-06-29 Symantec Corporation Method and apparatus for detecting malicious code in an information handling system
US7870612B2 (en) 2006-09-11 2011-01-11 Fujian Eastern Micropoint Info-Tech Co., Ltd Antivirus protection system and method for computers
US7908660B2 (en) 2007-02-06 2011-03-15 Microsoft Corporation Dynamic risk management
US7620992B2 (en) 2007-10-02 2009-11-17 Kaspersky Lab Zao System and method for detecting multi-component malware
CN101350052B (zh) 2007-10-15 2010-11-03 北京瑞星信息技术有限公司 发现计算机程序的恶意行为的方法和装置
US8037536B2 (en) 2007-11-14 2011-10-11 Bank Of America Corporation Risk scoring system for the prevention of malware
US10318730B2 (en) * 2007-12-20 2019-06-11 Bank Of America Corporation Detection and prevention of malicious code execution using risk scoring
US8615805B1 (en) * 2008-09-03 2013-12-24 Symantec Corporation Systems and methods for determining if a process is a malicious process
US20120101970A1 (en) * 2009-06-22 2012-04-26 United Parents Online Ltd. Method and system of monitoring a network based communication among users
US8578345B1 (en) * 2010-04-15 2013-11-05 Symantec Corporation Malware detection efficacy by identifying installation and uninstallation scenarios
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법
JP5478384B2 (ja) * 2010-06-24 2014-04-23 Kddi株式会社 アプリケーション判定システムおよびプログラム
US8042186B1 (en) * 2011-04-28 2011-10-18 Kaspersky Lab Zao System and method for detection of complex malware
US9323928B2 (en) 2011-06-01 2016-04-26 Mcafee, Inc. System and method for non-signature based detection of malicious processes
JP5492150B2 (ja) * 2011-07-04 2014-05-14 株式会社日立製作所 多重系コントローラシステムとその運転方法
US9081959B2 (en) * 2011-12-02 2015-07-14 Invincea, Inc. Methods and apparatus for control and detection of malicious content using a sandbox environment
WO2015035559A1 (en) * 2013-09-10 2015-03-19 Symantec Corporation Systems and methods for using event-correlation graphs to detect attacks on computing systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040230835A1 (en) * 2003-05-17 2004-11-18 Goldfeder Aaron R. Mechanism for evaluating security risks
WO2010023557A2 (en) * 2008-08-28 2010-03-04 Avg Technologies Cz, S.R.O. Heuristic method of code analysis
US20120324575A1 (en) * 2010-02-23 2012-12-20 ISE Information Co., Ltd. System, Method, Program, and Recording Medium for Detecting and Blocking Unwanted Programs in Real Time Based on Process Behavior Analysis and Recording Medium for Storing Program
RU2454714C1 (ru) * 2010-12-30 2012-06-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ повышения эффективности обнаружения неизвестных вредоносных объектов
WO2012135192A2 (en) * 2011-03-28 2012-10-04 Mcafee, Inc. System and method for virtual machine monitor based anti-malware security

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2708356C1 (ru) * 2018-06-29 2019-12-05 Акционерное общество "Лаборатория Касперского" Система и способ двухэтапной классификации файлов
US11017083B2 (en) 2018-10-17 2021-05-25 International Business Machines Corporation Multiple phase graph partitioning for malware entity detection
RU2739833C1 (ru) * 2019-06-28 2020-12-28 Акционерное общество "Лаборатория Касперского" Система и способ снижения нагрузки на сервис обнаружения вредоносных приложений
RU2752241C2 (ru) * 2019-12-25 2021-07-23 Общество С Ограниченной Ответственностью «Яндекс» Способ и система для выявления вредоносной активности предопределенного типа в локальной сети

Also Published As

Publication number Publication date
WO2015050469A1 (en) 2015-04-09
KR101948711B1 (ko) 2019-02-15
JP2016536667A (ja) 2016-11-24
CA2931325A1 (en) 2015-04-09
IL244861A0 (en) 2016-05-31
EP3053087A1 (en) 2016-08-10
US9323931B2 (en) 2016-04-26
AU2014330136B2 (en) 2019-12-12
CA2931325C (en) 2020-10-06
CN105593870B (zh) 2019-01-29
CN105593870A (zh) 2016-05-18
US20150101049A1 (en) 2015-04-09
SG11201602586SA (en) 2016-05-30
RU2016114944A (ru) 2017-11-13
HK1220523A1 (zh) 2017-05-05
KR20160065852A (ko) 2016-06-09
JP6317435B2 (ja) 2018-04-25
IL244861B (en) 2019-02-28

Similar Documents

Publication Publication Date Title
RU2645268C2 (ru) Сложное классифицирование для выявления вредоносных программ
US9117080B2 (en) Process evaluation for malware detection in virtual machines
US9251343B1 (en) Detecting bootkits resident on compromised computers
AU2014330136A1 (en) Complex scoring for malware detection
US10630643B2 (en) Dual memory introspection for securing multiple network endpoints
US9934376B1 (en) Malware detection appliance architecture
US11409862B2 (en) Intrusion detection and prevention for unknown software vulnerabilities using live patching
JP6829718B2 (ja) 複数のソフトウェアエンティティにわたって悪意あるビヘイビアを追跡するためのシステムおよび方法
US9392016B2 (en) System and method for below-operating system regulation and control of self-modifying code
US8549648B2 (en) Systems and methods for identifying hidden processes
US8650642B2 (en) System and method for below-operating system protection of an operating system kernel
US20120255014A1 (en) System and method for below-operating system repair of related malware-infected threads and resources
US20130312099A1 (en) Realtime Kernel Object Table and Type Protection
US20120255013A1 (en) System and method for below-operating system modification of malicious code on an electronic device
US20120255001A1 (en) System and method for below-operating system trapping of driver filter attachment
KR101086203B1 (ko) 악성 프로세스의 행위를 판단하여 사전에 차단하는 악성프로세스 사전차단 시스템 및 방법
KR20140033349A (ko) 가상 머신 모니터 기반 안티 악성 소프트웨어 보안 시스템 및 방법
EP3831031B1 (en) Listen mode for application operation whitelisting mechanisms
Yan et al. MOSKG: countering kernel rootkits with a secure paging mechanism
HK1220523B (zh) 用於恶意软件检测的复杂评分
HK1247296B (zh) 用於跨越多个软件实体跟踪恶意行为的系统及方法

Legal Events

Date Code Title Description
PD4A Correction of name of patent owner