TWI791418B - 用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品 - Google Patents

用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品 Download PDF

Info

Publication number
TWI791418B
TWI791418B TW105128921A TW105128921A TWI791418B TW I791418 B TWI791418 B TW I791418B TW 105128921 A TW105128921 A TW 105128921A TW 105128921 A TW105128921 A TW 105128921A TW I791418 B TWI791418 B TW I791418B
Authority
TW
Taiwan
Prior art keywords
code
memory
run
generated during
runtime
Prior art date
Application number
TW105128921A
Other languages
English (en)
Chinese (zh)
Other versions
TW201721497A (zh
Inventor
亞迪 雅洛
Original Assignee
美商飛塔公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 美商飛塔公司 filed Critical 美商飛塔公司
Publication of TW201721497A publication Critical patent/TW201721497A/zh
Application granted granted Critical
Publication of TWI791418B publication Critical patent/TWI791418B/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
TW105128921A 2015-12-08 2016-09-07 用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品 TWI791418B (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201562264404P 2015-12-08 2015-12-08
US62/264,404 2015-12-08

Publications (2)

Publication Number Publication Date
TW201721497A TW201721497A (zh) 2017-06-16
TWI791418B true TWI791418B (zh) 2023-02-11

Family

ID=57113519

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105128921A TWI791418B (zh) 2015-12-08 2016-09-07 用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品

Country Status (8)

Country Link
US (1) US20170161498A1 (enExample)
EP (1) EP3387579A1 (enExample)
JP (1) JP6837064B2 (enExample)
CA (1) CA3005314A1 (enExample)
IL (1) IL259878B (enExample)
SG (1) SG11201804085SA (enExample)
TW (1) TWI791418B (enExample)
WO (1) WO2017098495A1 (enExample)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9916448B1 (en) * 2016-01-21 2018-03-13 Trend Micro Incorporated Detection of malicious mobile apps
US10275595B2 (en) * 2016-09-29 2019-04-30 Trap Data Security Ltd. System and method for characterizing malware
TWI668592B (zh) * 2017-07-28 2019-08-11 中華電信股份有限公司 Method for automatically determining the malicious degree of Android App by using multiple dimensions
US10977368B1 (en) * 2017-12-27 2021-04-13 Ca Technologies, Inc. Detecting malware based on memory allocation patterns
US11238017B2 (en) * 2018-01-30 2022-02-01 Salesforce.Com, Inc. Runtime detector for data corruptions
US11609984B2 (en) * 2018-02-14 2023-03-21 Digital Guardian Llc Systems and methods for determining a likelihood of an existence of malware on an executable
US11481376B2 (en) 2018-06-19 2022-10-25 Salesforce, Inc. Platform for handling data corruptions
JP7672041B2 (ja) 2019-06-26 2025-05-07 久利寿 帝都 情報処理方法および情報処理システム
US11681804B2 (en) 2020-03-09 2023-06-20 Commvault Systems, Inc. System and method for automatic generation of malware detection traps
CN112199274B (zh) * 2020-09-18 2022-05-03 北京大学 基于V8引擎的JavaScript动态污点跟踪方法及电子装置
US11709675B2 (en) 2020-10-30 2023-07-25 Apple Inc. Software verification of dynamically generated code
CN112579094B (zh) * 2020-12-15 2024-05-14 上海赛可出行科技服务有限公司 一种基于模板代码匹配的轻量级热修复方法
CN113868655B (zh) * 2021-09-29 2025-07-11 北京天融信网络安全技术有限公司 木马查杀方法、装置、电子设备及计算机可读存储介质
US20230252162A1 (en) * 2022-02-10 2023-08-10 Cisco Technology, Inc. Application Vulnerability Score Based on Stack Traces
US12212585B2 (en) 2022-04-01 2025-01-28 Vectra Ai, Inc. Method, product, and system for analyzing a computer network to identify attack paths using a software representation that embodies network configuration and policy data for security management
US12219070B2 (en) 2022-04-01 2025-02-04 Vectra Ai, Inc. Method, product, and system for generating detection signatures based on attack paths in a computer network identified using a software representation that embodies network configuration and policy data for security management using detection signature templates
US12328322B2 (en) 2022-04-01 2025-06-10 Vectra Ai, Inc. Method, product, and system for network security management using software representation that embodies network configuration and policy data
EP4254866A1 (en) * 2022-04-01 2023-10-04 Vectra AI, Inc. Method, product, and system for generating detection signatures based on attack paths in a computer network identified using a software representation that embodies network configuration and policy data for security management using detection signature templates
US12477001B2 (en) 2022-04-01 2025-11-18 Vectra Ai, Inc. Method, product, and system for analyzing attack paths in computer network generated using a software representation that embodies network configuration and policy data for security management
US20240056481A1 (en) 2022-08-09 2024-02-15 Commvault Systems, Inc. Data storage management system integrating cyber threat deception

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US20110191848A1 (en) * 2010-02-03 2011-08-04 Microsoft Corporation Preventing malicious just-in-time spraying attacks
US8176554B1 (en) * 2008-05-30 2012-05-08 Symantec Corporation Malware detection through symbol whitelisting
CN102819697A (zh) * 2011-12-26 2012-12-12 哈尔滨安天科技股份有限公司 一种基于线程反编译的多平台恶意代码检测方法和系统
TW201319863A (zh) * 2011-06-23 2013-05-16 Standard Microsyst Smc 用於防止惡意軟體執行的方法與系統
TW201541278A (zh) * 2014-04-30 2015-11-01 Inst Information Industry 隨選檢測惡意程式之方法、電子裝置、及使用者介面

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2396227B (en) * 2002-12-12 2006-02-08 Messagelabs Ltd Method of and system for heuristically detecting viruses in executable code
US7984304B1 (en) * 2004-03-02 2011-07-19 Vmware, Inc. Dynamic verification of validity of executable code
KR101122650B1 (ko) * 2010-04-28 2012-03-09 한국전자통신연구원 정상 프로세스에 위장 삽입된 악성코드 탐지 장치, 시스템 및 방법

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7478431B1 (en) * 2002-08-02 2009-01-13 Symantec Corporation Heuristic detection of computer viruses
US20070192863A1 (en) * 2005-07-01 2007-08-16 Harsh Kapoor Systems and methods for processing data flows
US8176554B1 (en) * 2008-05-30 2012-05-08 Symantec Corporation Malware detection through symbol whitelisting
US20110191848A1 (en) * 2010-02-03 2011-08-04 Microsoft Corporation Preventing malicious just-in-time spraying attacks
TW201319863A (zh) * 2011-06-23 2013-05-16 Standard Microsyst Smc 用於防止惡意軟體執行的方法與系統
CN102819697A (zh) * 2011-12-26 2012-12-12 哈尔滨安天科技股份有限公司 一种基于线程反编译的多平台恶意代码检测方法和系统
TW201541278A (zh) * 2014-04-30 2015-11-01 Inst Information Industry 隨選檢測惡意程式之方法、電子裝置、及使用者介面
CN105022957A (zh) * 2014-04-30 2015-11-04 财团法人资讯工业策进会 随选检测恶意程序的方法及其电子装置和使用者界面

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
網路文獻 Bob Gilbert、Richard Kemmerer、Christopher Kruegel、Giovanni Vigna, "DYMO:Tracking Dynamic Code Identity", Computer Security Group Department of Computer Science University of California, Santa Barbara, 2011/09/30, https://sites.cs.ucsb.edu/~chris/research/doc/raid11_dymo.pdf *
網路文獻 Bob Gilbert、Richard Kemmerer、Christopher Kruegel、Giovanni Vigna, "DYMO:Tracking Dynamic Code Identity", Computer Security Group Department of Computer Science University of California, Santa Barbara, 2011/09/30, https://sites.cs.ucsb.edu/~chris/research/doc/raid11_dymo.pdf。

Also Published As

Publication number Publication date
US20170161498A1 (en) 2017-06-08
TW201721497A (zh) 2017-06-16
JP6837064B2 (ja) 2021-03-03
WO2017098495A1 (en) 2017-06-15
IL259878B (en) 2021-07-29
EP3387579A1 (en) 2018-10-17
CA3005314A1 (en) 2017-06-15
SG11201804085SA (en) 2018-06-28
JP2019502197A (ja) 2019-01-24
IL259878A (en) 2018-07-31

Similar Documents

Publication Publication Date Title
TWI791418B (zh) 用以檢測運作時期所產生碼中之惡意碼的系統及方法、與相關電腦程式產品
DeMarinis et al. Sysfilter: Automated system call filtering for commodity software
US11568051B2 (en) Malicious object detection in a runtime environment
KR102546601B1 (ko) 정적 바이너리 계측을 사용하여 커널 제어-흐름 무결성을 보호하기 위한 방법 및 장치
US20180089430A1 (en) Computer security profiling
US11119798B2 (en) Applying control flow integrity verification in intermediate code files
US20090271867A1 (en) Virtual machine to detect malicious code
Ng et al. Expose: Discovering potential binary code re-use
EP3063627B1 (en) Memory integrity checking
US20190114401A1 (en) On device structure layout randomization for binary code to enhance security through increased entropy
CN102882875B (zh) 主动防御方法及装置
WO2017049800A1 (zh) 检测应用漏洞代码的方法和装置
CN104484585A (zh) 一种应用程序安装包的处理方法、装置及移动设备
CN109255235B (zh) 基于用户态沙箱的移动应用第三方库隔离方法
US20120210432A1 (en) Label-based taint analysis
US11176060B2 (en) Dynamic memory protection
CN103530534A (zh) 一种基于签名验证的Android程序ROOT授权方法
US20160224791A1 (en) Process testing apparatus, process testing program, and process testing method
CN110717181B (zh) 基于新型程序依赖图的非控制数据攻击检测方法及装置
Samhi et al. TriggerZoo: a dataset of android applications automatically infected with logic bombs
Kleissner Stoned bootkit
CN111194447B (zh) 监视控制流完整性
CN107209815B (zh) 用于使用返回导向编程的代码混淆的方法
EP3692456A1 (en) Binary image stack cookie protection
Chen et al. Vulnerability-based backdoors: Threats from two-step trojans