US20070240222A1 - System and Method for Managing Malware Protection on Mobile Devices - Google Patents
System and Method for Managing Malware Protection on Mobile Devices Download PDFInfo
- Publication number
- US20070240222A1 US20070240222A1 US11/697,672 US69767207A US2007240222A1 US 20070240222 A1 US20070240222 A1 US 20070240222A1 US 69767207 A US69767207 A US 69767207A US 2007240222 A1 US2007240222 A1 US 2007240222A1
- Authority
- US
- United States
- Prior art keywords
- malware
- mobile platform
- client mobile
- feature
- executable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Definitions
- the present invention relates generally to systems, devices, and methods for detecting malware in mobile networks and mobile devices.
- malware signature detection methods extract signatures from an invariant portion of the actual executable part of a target application being scanned for malware.
- these detection methods present numerous problems when implemented in mobile networks and on mobile platforms.
- a major constraint of scanning within a network is fragmented data.
- mobile phone applications contain executables which are compressed and divided into multiple packages for facilitating transmission of such executable in a mobile network. These data packages must then be re-assembled and uncompressed prior to installation and execution.
- software installation files SIS packages
- CAB packages in the Windows Mobile® operating system
- some mobile device operating systems provide only a flag to indicate that a file somewhere in the file system has change. Therefore, it is difficult to determine which file to scan for malware.
- Malware checking using signatures is often processor and memory intensive. Malware also changes constantly, requiring continual updates to stay current. Therefore, some of the best and most advanced programs for detecting malware are usually running at network operations centers and may not be available for running on mobile handsets. Mobile handsets, especially those with limited processing capability and operating systems or those that do not permit memory access for malware scanning, will require some other method of verifying that resident applications are free of malware.
- Every malware variant will have its own signature.
- Polymorphic viruses i.e., viruses that change their signatures every time they replicate, may create undetectable variants. Scalability is also a concern for these signature-based detection algorithms since a new signature needs to be added for every new malware variant in the worst case.
- Signature-based detection requires both storage of a large number of known malware signatures and processing capacity to search for suspected malware programs with those signatures.
- Mobile devices however are limited in both storage space and computational ability, thus making them difficult platforms for using existing methods of malware detection that were designed for more robust computing platforms such as desktop and laptop systems.
- malware whether worm or virus, share a common characteristic: they tend to spread over time from one device to another device if not contained.
- the ability to get up-to-date and real-time metrics on mobile networks is valuable to network administrators tracking worm and other virus attacks.
- New malware and malware variants are constantly appearing. Once new malware has been identified, service providers need a way to update mobile devices in the network so that they can remove the new malware from the mobile devices or prevent other mobile devices from becoming infecting. With most malware prevention systems, users manually initiate a process to update their malware prevention system with a server. In the interim, however, their systems remain vulnerable to the new malware. With the growing popularity of smart phones and the potential for greater interaction between mobile phones, there is a need to be able to update mobile devices as soon as new malware is identified.
- the present invention meets the above and other needs.
- the following embodiments represent various aspects of a malware detection system and method of the present invention.
- Detection of malware using intelligently generated signatures catches a large number of new malware variants.
- the approach is to generate unique signatures for different classes or families of malware rather than one for each specific malware variant. This makes signature detection more reliable when detecting variants of a virus.
- Mobile malware are classified into families based on their functionality.
- the present system and method exploits the similarity in data among members of one malware family based on the assumption that some parts of the compressed data remain similar when minor changes are made to the uncompressed data.
- the system and method extracts generic signatures from “compressed data” and the non-compressed part of the data or packets. This system and method is ideal for in-network malware detection because a target application or data packet does not have to be uncompressed prior to detecting malware.
- Detection of malware using a hash pattern matching algorithm is effective for low-power/low-memory mobile platforms.
- a two-part hash in conjunction with a set of heuristics helps to eliminate malware signature mismatches faster, resulting in faster search characteristics.
- This platform independent system and method minimizes the amount of memory required to store malware signature patterns and efficiently uses the limited computational resources found on a mobile platform.
- An on-write malware scanning framework augments operating systems that provide only a flag indicating whether or not a file has changed in a system.
- the framework provides a flexible, lightweight means for efficiently monitoring each directory node in separate, yet interconnected, processes. Each process independently monitors the system flag and is responsible for monitoring the files in its own local node for changes and reporting any changes to the malware checking process.
- a checksum application integrity checking system and method uses checksums to perform integrity checks of executables used by a mobile platform, such as a mobile phone. This checksum based approach is ideal for malware detection when changes are made to executable content or system libraries on the mobile device itself. Initially, the system and method stores the checksums from a clean device with applications that are known to be malware-free. Any changes to a checksum value indicates that the executable as possibly being malware-infected. The checksum is easily re-computable and represents the integrity of the entire executable.
- a feature based system and method uses information about the application to distinguish and detect malware. Generically called features, this other information varies in accordance with the system being scanned, the files present, and the program itself. In different embodiments a variety of different combinations of these features are aggregated to create a feature set that acts as an identifier for a specific application. In this way, a unique identifier for a malware program is created that has a distinctive feature set that distinguishes it from safe programs which are malware-free. For any newly identified malware, a feature set is extracted after analysis and stored as a malware identifier. These malware identifiers can be created off-line or using a variety of on-line methods and then distributed to malware or anti-virus detection systems.
- malware detection systems may be located on individual mobile platforms and implement the present system and method for detecting malware.
- the feature based system and method detects malware by extracting a combination of features, or feature set, from the target application which it then compares to pre-defined feature sets that define malware programs. A complete match indicates that the target application contains a known malware variant.
- a heuristic approach to malware detection enables the detection of unknown malware.
- the solution is based on heuristic rules derived from Bayesian decision theory. Heuristic virus scanning techniques based on features/rules are applied to known malware-infected executables to develop a probability model of the behavior of a malicious application. Specifically, the heuristic rules are derived from a classification based on DLL imports collected from malware-infected executables which are directly linked to the functionality of a program. The system and method exploits common functionality among different virus or malware samples to identify malware without using signatures.
- Malware variants tend to perform the same malicious actions, even though they have different identifying signatures.
- profiles of the code instructions used to perform the malicious actions are developed into a probability model, enabling a malware detection process to search for the profile of the malicious behavior rather than a specific signature variant.
- the profile is a histogram probability model of the number and frequency of different code instructions in an application that contains malware. The system and method exploits common functionality among different malware to identify malware without using signatures.
- code analysis and associated behavior are used to create feature sets and models of malware behavior.
- the system and method is successful in identifying new, never before seen malware without being resource intensive, thereby making it especially adaptable for use on mobile platforms.
- the present invention also is a system and method for reporting and visualizing worm and other virus or malware attacks on mobile platforms and networks.
- the system and method provides a comprehensive means for collecting, reporting, and providing visual depictions of information regarding the propagation and effect of worms, viruses and other malware on a mobile network.
- Carrier and enterprise network operators and managers use real-time statistics to understand the effect malware has on their mobile networks and the mobile platforms, e.g., mobile phones, connected to their networks.
- the present invention is a system and method for enabling service providers to update malware protection on mobile platforms.
- a device independent secure management protocol such as the Open Mobile Alliance (OMA) complaint application on a client device (mobile platform)
- OMA Open Mobile Alliance
- DM Device Management
- malware protection system updates are performed on mobile platforms in the service provider's network as soon as new malware is detected and identified.
- FIG. 1 is a flow chart diagram of a malware detection method for mobile platforms using search strings derived from the uncompressed headers and compressed code sections of data packages.
- FIG. 2 is a flow chart diagram of a malware detection method that uses hashing to optimize malware detection on mobile platforms.
- FIG. 3 is a diagram of the hashing process of the malware detection method that uses hashing.
- FIG. 4 is a flow chart diagram of a malware detection method for mobile platforms that monitors directories for changed files.
- FIG. 5 is a flow chart diagram of a malware detection method for mobile platforms that verifies the checksum of an application against a known malware-free version of the application.
- FIG. 6 is a flow chart diagram of a malware detection method for mobile platforms that checks a feature set associated with a target application against a feature data store of feature sets derived from malware-infected and malware-free applications.
- FIG. 7 is a flow chart diagram of a heuristic malware detection method for mobile platforms that compares a target application's DLL calls against a probability model of DLL calls profiles associated with malware-infected applications.
- FIG. 8 is a flow chart diagram of a malware code histogram detection method for mobile platforms that compares a target application's object code against a probability model of profiles of malware object code.
- FIG. 9 is a flow chart diagram of a feature based malware detection method for mobile platforms that compares a target application's code and resource utilization against a probability model of profiles derived from known malware applications.
- FIG. 10 a is a schematic diagram of one embodiment of the reporting system's (CoreStats') architecture.
- FIG. 10 b is a representative diagram of the communications between a client device and CoreStats.
- FIG. 11 is a screen snapshot of sample malware per platform report on CoreStats.
- FIG. 12 is a screen snapshot of sample malware spreading report on CoreStats.
- FIG. 13 is a screen snapshot of sample user infection report on CoreStats.
- FIG. 14 is a screen snapshot of sample virus producer report on CoreStats.
- FIG. 15 is a schematic diagram of one embodiment of the CoreStats' architecture for updating a mobile client device's malware signatures using a device independent secure management protocol.
- FIGS. 1-15 Exemplary embodiments of the present invention are detailed in FIGS. 1-15 .
- a mobile platform is a mobile telephone, a smart phone, a mobile computing device, a smart handheld device, a network element, or any comparable mobile device.
- a signature extraction system and method (collectively, method) 100 has the operations of selecting 102 malware infected packages or executables, classifying 104 the malware-infected packages/executables into families, identifying 106 common strings as candidate strings, or candidate signature strings, 130 within a family of malware, and extracting 108 a semi-optimal set from those candidate signature strings 130 as search strings to populate a search string database 110 .
- the malware families Family A 120 a and Family B 120 b , have executables 126 , 128 respectively containing malware from which candidate signature strings 130 are identified 106 ; each executable having both an uncompressed header section 122 and a compressed code section 124 .
- a signature detection method 101 has the steps of selecting 112 a target executable, package or package fragment and comparing 114 the package contents to the search string database 110 to determine if the package contains a matching search string, and either flagging or identifying 118 the package if a match indicates it is malware-infected, or allowing 116 the target package to pass if it is malware-free.
- a signature extraction method 100 builds a search string database 110 containing a semi-optimal set of signature or search strings extracted 108 from the header and code section candidate strings 130 .
- the signature extraction method 100 selects 102 a large number of SIS packaged executables (a package or package fragment) 120 a , 120 b which are known to contain malware, here represented for illustrative purposes only as malware-infected executables 1 - 4 126 in Family A 120 a and malware-infected executables 1 - 5 128 in Family B 120 b .
- the executables 120 a , 120 b are then classified 104 by family.
- strings 130 for each malware family is identified 106 in either or both the uncompressed header section 122 of the packaged executable 120 a , 120 b and the compressed code section 124 .
- These strings 130 serve as representative signatures for a malware family, and significantly reduce the total number of signatures that need to be searched in order to extract 108 the semi-optimal set later stored in the search string database 110 . Note that due to inter-family code overlap, it is possible that these strings are also used to detect samples from other unrelated malware families as well.
- a greedy algorithm is used to compute a semi-optimal set of candidate strings 130 which covers most different malware samples.
- the candidate strings 130 are ordered in a priority queue (Q) with the tail of the queue always containing the string that covers (or occurs in) the largest number of strings not covered by any other string.
- Q priority queue
- the following is a preferred greedy algorithm finds a semi-optimal set of candidate strings 130 to use as the search strings in the signature detection method 101 .
- candidate strings 130 in Family A 120 a and Family B 120 b show the candidate strings 130 in identical places for all malware 126 , 128 in each family of malware, the candidate strings 130 may actually be located in different places in the different malware 126 , 128 that comprise a malware family 120 a , 120 b . It is common in malware displaying polymorphism for candidate strings 130 to be displaced or fragmented differently from one malware variant 126 , 128 to another.
- One aspect of this system and method is the reduction of candidate strings 130 . Allowing every sequence of n bytes as a potential signature or candidate string 130 from the compressed data 124 would create very large numbers of potential signature strings 130 . To reduce the number of potential candidate signature strings 130 in the compressed code section 124 , only strings that are not ASCII text strings from the code portion of the compressed data 124 are identified 106 and extracted 108 . This is done because malware variants sometimes change the text strings for filename, file-path, etc., and using the ASCII text strings would therefore result in signatures that are less robust and less able to detect malware variants.
- the candidate signature strings 130 are identified 106 and extracted 108 as signatures 130 if those strings are present only in malware-infected files and not applications that are malware-free. At least three different strings are extracted 108 and used as the candidate signature strings 130 in the header and code section search string database 110 . Different numbers of candidate signature strings 130 for the header and code section signature search string database 110 can be selected based on the need to balance the desire to use fewer candidate signature strings 130 to reduce the amount of data required to identify malware with the desire to keep the candidate signature strings 130 set large enough to provide good results.
- the signature detection method 101 first selects 112 a target package or package fragment containing an executable to be scanned. The signature detection method 101 next compares 114 the target package, or executable or package fragment, to the header and code section signature search string database 110 . If a search string is found, the signature detection method 101 flags 118 the target package or package fragment as possibly containing malware. If no signature is found, the signature detection method 101 allows 116 the target package or package fragment to pass through the system as being malware-free.
- the header and code section signature search string database 110 containing search strings selected from header and code section candidate strings 130 provides a reduced set of information suitable for scanning target packages or package fragments as they pass through network elements, such as routers and gateways, on either a carrier or enterprise network to a mobile platform or device.
- network elements such as routers and gateways
- the reduced search string set of candidate signature strings 130 also reduces the amount of time necessary to scan a specific target package or package fragment thereby enabling efficient scanning in a network router or mobile device without adding additional latency.
- the reduced search string set of candidate strings 130 enables efficient scanning of target package fragments as the fragments arrive on a mobile platform, further reducing latency in the model device.
- the method and system also allows scanning the target package without having to first decompress the package, further reducing the possibility of infection by any malware.
- a hash table generation method 200 has the operations of selecting 202 malware signatures, deriving 204 a fast hash from a first portion of each malware signature, choosing 205 a splatter set from the first portion, deriving 206 a slow hash from a second portion of each malware signature, and creating 208 a hash table from the derived fast hashes, chosen splatter sets, and derived slow hashes to populate a hash table 210 .
- a hashed signature detection method 201 has the operations of selecting 212 a target application, selecting 214 a set of characters of the same length as the first portion used to derive 204 the fast hash, performing 216 the fast hash on the selected characters, and comparing 218 the result to the fast hash stored in the hash table 210 to see if the hashes match. If there is not a match, then continuing to select 220 a next set of characters by shifting one byte or block in the target application, and repeating steps of performing 216 a fast hash and comparing 218 the result with fast hashes in the hash table 210 .
- a set of malware files 302 containing malware signatures 304 of lengths M, L, and K are hashed to the malware signature hashes 316 H M , H L , and H K using a second hash (Hash 2 ) 320 .
- Equal-sized portions, or prefixes 306 , of the malware signatures 304 also are hashed to fast hash values 318 H N1 , H N2 , and H N3 using a first hash (Hash 1 ) 322 .
- Pseudorandom splatter sets 307 are chosen from the prefixes 306 .
- a target application 308 of length J contains J ⁇ K+1 possible target strings 310 K of length K blocks or bytes, J ⁇ L+1 possible target strings 310 L of length L blocks or bytes (not shown for convenience), J ⁇ M+1 possible target strings 310 M of length M blocks or bytes, and J ⁇ N+1 possible target strings 310 N of length N blocks or bytes.
- a single series of hashes 314 for the N-length possible target strings 310 N is hashed using the first hash 322 .
- a pseudorandom target splatter set 310 S is chosen from the N-length target strings 310 N .
- malware signatures 304 previously extracted from malware-infected files 302 are first selected 202 and hashed by deriving 206 a first hash 322 , and deriving 208 a second hash 320 in a hash table generation method 200 to significantly reduce their size.
- the comparison steps 224 , 218 become greatly simplified.
- the target application 308 is repeatedly hashed into a series of short strings or preferably single values, making the comparison steps 224 , 218 computationally simple and fast.
- the hash is a 64-bit numeric value, but other hash results could also be utilized.
- hashing is, in general, a computationally expensive process, and therefore the savings in the comparison steps 224 , 218 can be offset by the processor intensive hashing process itself.
- a two-stage hashing process and two exemplary heuristic algorithms are utilized to reduce this computational burden in the hash table generation method 200 and the hash signature detection method 201 .
- the two-stage hashing process comprises an optimized fast hash (first hash 322 ) and a rigorous slow hash (second hash 320 ).
- the heuristic algorithms comprise a minimum prefix match and a pseudo-random splatter set.
- the minimum prefix match reduces the hashed malware signatures 318 to a common fixed size, or prefix 306 . This significantly reduces the number of comparisons necessary in the first compare step 218 of the hash signature detection method 201 .
- the minimum prefix can be derived as follows:
- the malware signatures 304 are selected 202 and a first hash 322 is derived 204 from a first portion, or prefix 306 , of the malware signatures 304 using a fast hash called a filter hash.
- the purpose of the filter hash is to provide a computationally simple hash that can be optimized algorithmically.
- This filter hash is run once for each first portion length target string 310 N in the target application 308 as a first hash 322 in the hash signature detection method 201 .
- the filter hash is used to quickly determine to a good degree of probability whether a malware signature 304 is present in the selected string of the target application 308 .
- An example fast filter hash is provided below.
- H ( n+ 1) H ( n ) ⁇ [First Element of pattern starting at n ]+[Last Element of pattern starting at n+ 1] ⁇ [Sum(elements in pattern starting at n ) ⁇ [First Element of pattern starting at position n]]
- the first hash 322 can be performed 216 recursively in the hash signature detection method 201 without having to completely re-compute the entire hash value for each hash in the single series of hashes 314 . Only some elements of the hash value are computed each iteration. This dramatically reduces the computational expense of having to re-compute the entire first hash 322 each time for each first portion length target string 310 N before checking that computed hash value against the fast hash values 318 H N1 , H N2 , and H N3 .
- Other fast filter hashes could similarly be used.
- the prefix 306 defines the first portion of each malware signature 304 to be hashed in deriving 204 the fast hash. This same length is used in performing 216 the fast hash during the hash signature detection method 201 .
- the system and method next selects 214 a length of characters in the target application 308 identical to the length of characters used to derive 204 the fast hash, and performs 216 the fast hash on those selected characters.
- the system and method then compares 218 that result with the stored hash values 318 in the hash table 210 .
- the system and method selects 220 the next pattern of characters to hash by shifting one byte, character, or block further in the target application 308 , and repeats the steps of performing 216 the hash, comparing 218 the result, and selecting 220 the next pattern until there is a match in the compare 218 step or until there are no additional portion-sized 306 patterns left in the target application 308 .
- An embodiment of the hash signature detection method 201 that utilizes the prefix 306 is therefore as follows, where the second hash in the method, the DJB hash, will be defined and explained in a subsequent section:
- the Search function is implemented using Hash-Sort with Filter(S im )% m as the Hashing-Index. This Search function also compares the pseudorandom splatter set 307 , described in a later subsection, at that position in the hash table 210 to the target pseudorandom splatter set 310 S derived from that N-length target string 310 N .
- the prefix heuristic method is not employed, and instead the system uses the full length malware strings 304 .
- An example pattern matching routine without the prefix heuristic method is as follows:
- S ⁇ S0, S1, ...,Sm ⁇
- i 1 to m
- j 1 to n
- R’ ⁇ R1, R2, ...,Rk ⁇ called the Matched-Set consisting of rules whose signatures matched substrings in S.
- this n-pattern match algorithm requires generating fast hash values 312 for each n-length malware signature.
- This method computes n different fast filter hash values (corresponding to n signature lengths) for each input position in the target application 308 , creating multiple series of hashes 312 , and requires individually comparing 218 each element in the multiple series of hashes 312 individually with the corresponding fast hashed malware signature hashes 316 stored in the hash table 210 .
- Malware signatures 304 can be very long or very short, especially in the case of fragmented polymorphic viruses, where several malware signature fragments together identify a single malware variant. As the size of the hash table 210 increases, the performance of this embodiment decreases proportionally for each additional length of malware signature 304 .
- a pseudorandom splatter set 307 and a pseudorandom target splatter set 310 S provide an extra level of comparison before performing 222 the more rigorous slow or second hash 320 .
- the pseudorandom splatter set requires choosing, or deriving, 205 a number of pseudorandom bytes or blocks from the prefix 306 for each malware signature 304 to create a pseudorandom splatter set 307 that is stored along with the hashes in the hash table 210 as part of the hash table generation method 200 .
- An exemplary pseudorandom splatter set algorithm follows:
- the pseudorandom target splatter set 310 S consists of the same pattern of pseudorandom points in the target strings 310 N .
- the pseudorandom points in both the pseudorandom splatter set 307 and a pseudorandom target splatter set 310 S must match in the compare 219 step before performing the rigorous slow hash 320 .
- the hashed signature detection method 201 performs 222 a slow hash on a second portion 304 of the target application 308 , starting at the current position and using the same length of characters used in deriving 206 the slow hash.
- the hashed signature detection method 201 then compares 224 that result with the slow hashes 316 stored in the hash table 210 . If there is not a match, the selecting 220 step continues from where it left off, as if there had been no match during the last compare 218 step. If there is a match in the compare 224 step, the system and method identifies or flags 226 the target application 308 as possibly containing malware.
- a second hash 320 is derived 206 using a more rigorous hash called a slow hash.
- An example slow hash is the DJB hash provided below:
- deriving 206 the slow hash is done with the whole portion of each of the malware signature strings 304 . In another embodiment of the present invention, deriving 206 the slow hash is done using the same portion 306 as the fast hash.
- exemplary embodiments of the present invention are platform independent methods that utilize a two-stage hash in conjunction with a set of heuristics to quickly eliminate malware signature mismatches.
- the system and method results in a minimized amount of memory required to store malware signature patterns and results in fast malware search characteristics.
- the method and system for an on-write malware scanning framework 400 monitors the file system and is shown in FIG. 4 .
- the on-write malware scanning framework 400 scans the system directory tree 402 and for each directory in the directory tree 402 , it creates 404 a monitor process 406 a , 406 b , . . . , 406 n .
- Each monitor process, 406 a , 406 b , . . . , 406 n monitors 408 the operating system file system change notification flag, and when the flag is set, scans 410 the directory associated with the monitoring process for file changes. If no changes are found, the monitor processes 406 go back to monitoring 408 the operating system file system change notification flag. If changes are found, the monitor processes 406 identify or flag 412 each changed file and notify a malware scanning process.
- a file system in a Symbian® OS is organized like Microsoft Windows® (drives, directories, sub-directories and files).
- the on-write malware scanning framework 400 keeps track of any file or folder change in the file system by creating 404 monitor processes 406 for each directory folder.
- Each monitor process 406 a , 406 b , . . . , 406 n has a data structure as shown below for its directory folder.
- Each monitor process 406 contains a Subfolder_List, File_List and a Root that corresponds to the folder which is being watched.
- the File_List keeps track of the current Files in the Root and the Subfolder_List keeps track of the current subfolders in the Root.
- Each monitor process 406 a , 406 b , . . . , 406 n is an active object implemented within the Symbian® OS.
- the monitor processes 406 have a low priority and maintain an active session with the Symbian® File Server using the function RFs::NotifyChange(Root) which notifies the monitor processes 406 of any change to the root folder.
- Each monitor process 406 a , 406 b , . . . , 406 n handles the change notification.
- Each monitor process 406 a , 406 b , . . . , 406 n compares the current state of the Root with the state stored in the File_List and Subfolder_List.
- the File_List and Subfolder_List maintain a set of file/folder names along with their timestamps.
- a monitor process 406 a , 406 b , . . . , 406 n that is monitoring 408 the Symbian® OS obtains a notification of file system change from the file server, it scans 410 through the current set of files and folders. If no new files/folders exist then the monitor process 406 a , 406 b , . . . , 406 n ignores this notification and goes back to monitoring 408 . If files/folders are missing then it is a notification for deletion and the monitor process 406 a , 406 b , . . .
- 406 n updates its lists. If there is a new file/folder found for a particular monitor process 406 a , 406 b , . . . , 406 n then the monitor process 406 a , 406 b , . . . , 406 n handles the notification by flagging 412 the file/folder and notifying the malware scanning processes.
- the root monitor 406 a lies at the very top level of the file system.
- the OS obtains a file change notification, it compares a list of active drives to a list that was created when the object was started to see if a new drive was mounted on the device.
- the root monitor 406 a physical drives are its folders, which it treats the same way that other monitors 406 treat folders, with one small exception.
- the method and system for an on-write malware scanning framework 400 makes the root monitor 406 a process protected so the application will not exit when a memory card is inserted into the device.
- the on-access or on-write scanner embodiment presented herein preferably monitors file system changes using active objects as implemented within the Symbian® OS.
- the on-write scanner is implemented using other comparable objects.
- the on-write scanner is implemented as a separate low-priority thread or as a low-priority process.
- a system and method for application integrity checking on mobile platforms uses checksums to verify that an application is malware-free after a file is modified.
- a checksum database 510 is built 502 from executables known to be malware-free.
- the application integrity checking process 501 recomputes a checksum of the executable and checks 514 to see if the malware-free checksum of the executable is stored on the mobile device. If the malware-free checksum is not stored locally on the mobile device, the mobile device queries 516 a remote checksum database 510 for the malware-free checksum of the executable.
- the application integrity checking process 501 then verifies 518 that the recomputed checksum of the executable matches the malware-free checksum from the mobile device's database or the checksum database 510 . If it matches, the application integrity checking process 501 ignores 520 the modification to the executable or allows 520 the executable to run. If it does not match, the application integrity checking process 501 identifies, flags and/or prevents 522 the executable from running, and a sends 524 a signal or notice to a malware scanning server.
- a checksum database building process 500 initially builds 502 a checksum database 510 by collecting data from all the executable files on a device, or from any desired set of executable files, known to be malware-free.
- some or all information used to build 502 the checksum database 510 is imported from a known source of pre-computed checksum data, such as from an operational support system.
- checksum built 502 and entered into the checksum database 510 for each executable is a combination of:
- CRC checksum is used instead of the simpler checksum described above.
- CRC checksum provides increased robustness at the price of additional complexity.
- the system and method must re-compute the checksum for a file, e.g., an executable, every time a file write occurs.
- a change in checksum indicates that the executable has been changed. This change can be as a result of malware trying to overwrite the file.
- the application integrity checking process 501 checks 514 to see if the checksum is stored locally on the mobile device.
- the checksum database 510 is stored locally on the mobile device or alternatively, as in the case of an enterprise or network based anti-virus service, an enterprise or network server provides the mobile device with specific application checksum data when queried 516 by a given mobile device.
- the checksum database 510 is stored on another server, it is also possible for the mobile platform or device to verify 518 programs already installed on the device during installation.
- the application integrity checking process 501 then verifies 518 the executable checksum against the checksum from the checksum database 510 or local copy. If it matches, the application integrity checking process 501 ignores 520 the modification to the executable or allows 520 the executable to run. If it does not match, the application integrity checking process 501 identifies, flags and/or prevents 522 the executable from running, and sends 524 a signal or notice to a malware scanning server in the mobile network.
- the Symbian® kernel performs some basic checks before running an executable file. In particular, it checks if the Uid (a unique identifier for the application) has been tampered with or if the data has been changed. But these checks are very simple to avoid. For example, a malicious programmer can patch the changed data and recomputed checksum to make the infected file look valid.
- Uid a unique identifier for the application
- Symbian® E32 format executables Another embodiment of the system and method for an application integrity checking process 501 is described for Symbian® E32 format executables.
- the implementation is based on building a hash table of relevant E32 header information of all installed files and system libraries and using this to periodically check for possible infections.
- the E32 format already provides all the elements needed for the checksum described above through the E32 header.
- the E32 header in the Symbian® OS contains the iChecksumCode, iEntryPoint, iImportOffset information. This information can be directly used to check the integrity of the file.
- checksum database 510 is built on a clean device.
- the entries in the checksum database 510 are hashed based on the name of the executable.
- Each entry, following the checksum format described above, contains the following information:
- the new checksum elements are compared against the stored ones.
- the entries in the stored checksum table are updated based on the event that a file is created, deleted or replaced. In particular, when a file is replaced a check is made on the new file to ensure that invalid format or 0 byte executable files do not replace valid ones.
- the stored checksums are themselves vulnerable to corruption by a virus since they are stored on the device. An integrity check is first made on the stored checksum table by comparing the sum of all bytes from the last store to the present value. If the checksum database 510 itself is corrupted, then it is generated again after cleaning the entire device with a virus scanner.
- a checksum application integrity checking system and method uses checksums to perform integrity checks of the executables used by a mobile platform. This checksum based approach is used to keep track of possible changes made to executable content or system libraries on the device. Initially, the system and method stores the checksums from a clean device with applications that are known to be malware-free. Any changes to a checksum value flags the executable as possibly being malware-infected. The checksum is easily re-computable and represents the integrity of the entire executable.
- a high level feature set extraction method 600 has the operations of selecting 602 malware and non-malware infected mobile applications, extracting 604 features from the non-executable portions of the applications, and creating 606 features sets and rules from each application and flagging each on as either malware-infected or malware-free. These feature sets and rules are collected in a feature set database or feature data store 610 .
- the high level feature based malware detection method 601 derives 612 a feature set from the target application and compares 614 the derived 612 feature set with those in the feature data store 610 according to one or more rules defining when a match of such feature sets occurs.
- the high level feature based malware detection method 601 flags 618 the executable as possibly containing malware. If it is more similar to a non-malware feature set, as also determined by one of the associated rules, the high level feature based malware detection method 601 allows 618 the executable to execute on the mobile device.
- the information used to detect malware comprises a feature set selected from the list comprising such program information or features as file name, file size, vendor of the program and version of the program.
- the program information used in the high level feature based malware extraction and detection methods 600 , 601 is referred to generically as features. Any individual feature by itself usually is neither necessary nor sufficient to tell whether or not a program is malicious.
- the high level feature based malware extraction and detection methods 600 , 601 rather detects malware by using via one or more rules a combination of these features, i.e., to create 606 a feature set or program feature set definition, which is a combination of multiple features to provide the high level feature based malware detection method 601 with sufficient information to distinguish malware-infected from malware-free programs.
- an exemplary feature set for one embodiment of high level feature set extraction method 600 for a limited access mobile platform, e.g., a BlackBerry® type device, consists of the following feature elements:
- a first exemplary embodiment of the high level feature set extraction method 600 extracts 602 a feature set with all of the features elements typically available from a BlackBerry® type system program executable to create 606 the feature set definition or rule for matching.
- Example 1 extract 604 all feature elements from a program to create a program feature set rule (definition):
- the second exemplary embodiment details how the high level feature set extraction method 600 processes a blank feature element field in the feature set used to create 606 a program rule or definition.
- Example 2 extract 604 features and handle missing or empty data:
- the final exemplary embodiment details how the high level feature set extraction method 600 uses a wildcard in a feature element of a rule to capture changes due to polymorphic malware.
- This embodiment of the system and method enables the detection of malware that modifies or adapts itself during spreading, i.e., malware that exhibits polymorphism. Adaptive malware cloaks itself to make it harder to detect by subtly changing specific features.
- the system and method uses partial-matching techniques in order to detect the morphed versions of these malware features.
- specific features or portions of these program features that are known to remain constant in known malware are emphasized and used to provide a stronger basis for concluding that a specific program is malware.
- Other features sets are created 606 from the visible features available on other operating systems, or other implementations of limited access or BlackBerry® type operating systems, as well as subsets of the available features.
- the feature set is selected by those of ordinary skill in the art using the criteria presented herein in order to obtain sufficient detection rates, (i.e. limited or effectively no false positives, and limited or no false negatives).
- the high level feature based malware detection method 601 is implemented with two modes of operation.
- the first mode is an on-demand scanning system whereby malware is detected by scanning all of the device files for malware.
- the second mode of operation is to detect malware whenever a new application or program is installed by scanning the application/program whenever it is initially installed. Exemplary embodiments as implemented on a BlackBerry® type device, are described below.
- On-Demand Scan A user activated scan that scans all the device files for malware.
- the high level feature based malware detection method 601 retrieves a list of all the applications installed. Feature sets are derived 612 from all of the applications installed. The feature set of each application is compared 614 against the feature data store 610 comprising feature sets defining known malware. If a match is detected, the application is identified or flagged 618 and then possibly deleted or cleaned. Other appropriate action to contain the malware can also be initiated. If the feature sets do not match, the high level feature based malware detection method 601 allows 616 the executable to run on the mobile platform.
- On-Access Scan This is a background scan that is performed whenever a new application is installed on a mobile platform. Any new installation triggers an event that is caught by the high level feature based malware detection method 601 . The newly installed application is then scanned by the system and method to detect malware using the same method as described for On-Demand scan.
- the advantage with the On-Access scan is that it is non-obtrusive to a user and immediately detects threats before the malware causes further damage or spreads to other mobile platforms or devices in a network.
- a heuristic malware profile creation method 700 first organizes 702 existing malware based on their functionality into families of malware.
- the heuristic malware profile creation method 700 scans 703 the original sample from each malware family to obtain a list of DLL calls used in the malware, then eliminates 704 those DLL calls that are known not to be associated with the core malicious behaviors of the family. Using the DLL calls that remain, the heuristic malware profile creation method 700 creates 706 a feature set of feature elements that is associated with the malicious behaviors of the family.
- the heuristic malware profile creation method 700 uses training data to create 708 rules and malware profiles as a probability model, populating the suspect DLL call probability model database 710 with rules and profiles of DLL calls used in the different families of malware.
- the heuristic malware profile detection method 701 scans 712 the target applications for DLL calls and then queries 714 the suspect DLL call probability model database 710 for malware profiles that contain those DLL calls and for rules for applying those profiles.
- a data structure is created 716 that identifies which suspect DLL calls are in the target application, and that data structure is compared 718 with the malware profiles from the suspect DLL call probability model database 710 .
- a large percentage of malware in the mobile domain demonstrates common functionality (e.g., deleting system files, sending MMS messages).
- Malware can be classified into different families or classes based on common functionality.
- Each family of malware has an original sample and variants derived from code of the original sample.
- the heuristic malware profile creation and detection methods 700 , 701 exploit the fact that variants in the same family of malware share malicious core behaviors and have similar patterns of DLL calls, or imports.
- the list of DLL imports used by a malware gives a high-level view of the behaviors of the malware in terms of its functionality. For example, AppDisabler disables device applications whereas Commwarrior sends unwanted MMS messages.
- each variant can add its own specific functionality (e.g., a graphical interface), and therefore detection of each family of malware exploits only the core behaviors.
- These DLL imports also are easy to extract from the executable files making it an efficient method.
- Every executable uses a set of DLL imports. After organizing 702 malware into families, the set of DLL imports is scanned 703 from the original malware sample for a given family of malware. The total number of DLL imports obtained from an executable is usually very large. To reduce this and obtain the core functionality, imports known to occur commonly in all executables are eliminated 704 . User interface related DLL imports are also eliminated 704 because they generally do not contribute to malicious behavior of viruses. The remaining DLLs are used to create 706 a feature set of DLL calls associated with the malicious behaviors for a family of malware.
- the heuristic malware profile creation method 700 creates 706 malware profiles of DLL calls in the suspect DLL call database 710 using a heuristic approach to determine which DLL calls should be used to identify malware.
- the heuristic malware profile creation method 700 takes the feature set for a family of malware and, using training data and an algorithm to reduce the occurrence of false positives and false negatives, determines how many, or which, of the DLL calls in that feature set are needed to indicate the presence of that core malicious behavior in a target application.
- the heuristic malware profile creation method 700 uses that information to create 708 a probability model for the malware profile(s) in the suspect DLL call probability model database 710 .
- the preferred model for building a classifier for each virus family is a naive Bayesian model.
- the following hypotheses is constructed: the hypothesis that a file contains malicious code H 0 and the hypothesis that the code is not corrupted H 1 .
- C 00 be the cost of a virus detection, C 11 that of a correct rejection, C 10 that of missing or false rejection, and C 01 that of false alarm.
- C 01 that of false alarm.
- the following decision rule is used:
- A is the DLL feature set described above and P(H i
- ⁇ is a parameter which depends on the prior probabilities as well as the cost functions and P(A
- the value of alpha can vary for different families of viruses.
- the only constraint in selecting the value of alpha for a given family is to minimize the number of false positives below a user desired range (i.e. a larger range for minimal false positives, but greater likelihood of a false negative or a smaller range with more false positives, but lower likelihood of a false negative).
- a person of ordinary skill in the art can balance the rates of false positives and false negatives by selecting different values of ⁇ .
- Exemplary alpha values for common viruses to meet the less than 1% false positive rate described above include:
- H i ) are computed using training data.
- the individual features the DLL import functions in the DLL set
- specific features of the DLL import functions in the DLL set are correlated and this correlation is used to improve the quality of the training data.
- the probabilities for the individual features correspond to the frequency of occurrence of the specific DLL import function in the training data, and are captured in the rule(s).
- the system first evaluates a given executable DLL import feature set to create a DLL import feature vector.
- the feature set represents the DLL imports as a set of feature elements comprising a 1 or 0 depending on whether or not a specific DLL and function is imported or not.
- Each features vector is represented as a data structure such as a binary string that completely specifies for each of the DLL import functions, a feature element, in the feature set whether the import occurs or not.
- the feature vector is ⁇ 101 ⁇ .
- the probability of that specific executable being a virus with the feature vector ⁇ 101 ⁇ is then computed from the conditional probability data developed from the training data:
- NonVirus), are computed from the training data. Once the probabilities are calculated, a target executable is classified as a virus according to the following probability model: if Prob_Virus>Prob_NonVirus*alpha.
- the heuristic malware profile detection method 701 scans 712 the target application for all DLL calls, and the suspect DLL call database 710 is queried 714 to determine which of those DLLs should be used to identify the existence of malware.
- a data structure is created 716 which nominally is one or more feature vectors describing the presence or absence of DLL calls (each being a feature element) associated with each of the malware profiles in the suspect DLL call database 710 .
- the heuristic malware profile detection method 701 plugs those feature vectors into the above probability model, or algorithm, with the heuristically derived conditional probabilities to compare 718 the feature vectors to the malware profiles in the suspect DLL call database 710 .
- heuristic malware profile creation and detection methods 700 , 701 on a mobile device with the Symbian® OS follows. Although this particular embodiment is based around Symbian® OS malware and files, the system and method can be generalized by one of ordinary skill in the art to other mobile phone operating systems.
- Symbian® OS framework all interaction between the user process and the kernel takes place using imported DLL functions. Operations which can be used for malicious purposes, such as the system file deletion operation, use some of these imported functions.
- Symbian® executable code is of following types: .dll, .app, .exe or .mdl. These files are further compressed and packaged into a SIS file format for installation on the mobile device.
- the SIS file may also contain other content such as bitmaps, icon files (AIF) and compiled resource files (.rsc).
- the SIS file format contains the following sections. First, a file header (68 or 100 bytes long) followed by records describing the data and the data itself which is pointed to by the records. The data pointed to by the records consist of executable code. Next, the file data is de-compressed before extracting the DLL imports from it. The list of DLL import functions used by a specific file are set as input to the classifier.
- Extracting DLL Imports The executable code in Symbian® uses a special format called E32 format. It consists of the E32 header followed by a code section, initialized and un-initialized data sections, the import section and the relocation section.
- the import section starts with a header as defined in the E32ImportSection data structure followed by an array of import blocks as defined in E32ImportBlock data structure. Each import block contains the name of the DLL followed by all the imported functions. Each imported function appears as a number which gives the position in the DLL.
- DLL Import Set Using knowledge-based feature reduction, DLLs that are used by almost all executables malicious or not are eliminated as are those DLLs which provide user interface functionality. Specifically, the following DLLs are filtered out:
- EIK* (all libraries starting with EIK like EIKCOCTL, EIKCORE, . . . ]
- AKN* all libraries starting with AKN like AknNotify
- the malware histogram creation method 800 requires selecting 802 a good sample space of malware-free and malware infected mobile applications.
- the malware histogram creation method 800 decompresses 804 each mobile application and the object code sections are extracted 806 .
- Next histograms of each application are created 808 , and, from those histograms, malware profiles are created 810 and stored in a malware histogram probability model database 812 .
- the malware histogram detection method 800 decompresses 814 a target application and creates 816 a histogram of the code sections. This histogram is compared 818 with the malware profiles stored in the malware histogram probability model database 812 .
- the malware histogram creation and detection methods 800 , 801 use statistical analysis to extract features from existing virus samples and use them for generic detection of new malware. Because most new malware are variants of existing malware families there is similarity in the object code among existing malware infected files. The malware histogram creation and detection methods 800 , 801 exploit this object code similarity.
- these generic features are based on ARM opcode.
- Most mobile phone operating systems e.g., Symbian®, Windows Mobile®, Palm®
- the malware histogram creation method 800 shown on FIG. 8 , selects 802 a large number of malware-free and malware-infected executables for ARM compatible mobile devices to train the histogram profiles.
- Symbian® executable code is of three types: .dll, .app or .exe. These files are further packaged into a SIS file format for installation on a mobile device.
- the SIS file may also contain other content like bitmaps, icon files (AIF) and compiled resource files (.rsc).
- AIF icon files
- .rsc compiled resource files
- the feature extraction is meaningful only if the features are obtained from the executable content (since malicious code is meant to be executed).
- the malware histogram creation method 800 decompresses 804 the SIS packages and extracts 806 the object code sections.
- the SIS file format contains the following sections: First, a file header (68 or 100 bytes long) followed by records describing the data and the data itself which is pointed to by the records.
- the malware histogram creation method 800 only uses the data pointed to by the records which consist of the executable files (.app, .dll, .exe).
- the records also contain pointers to the filename which is used to filter out files not used in the feature extraction.
- the file data is generally stored in compressed format and needs to be decompressed 804 before it can be used for feature extraction. The following algorithm decompresses 804 the SIS package.
- Input a SIS file X Obtain n the number of files packaged in X. Get Pointer to first File Record from Header. while(n>0) Obtain Name of File from file record If (File obtained is executable) Decompress file data pointed to by the File Record Store the Decompressed data n ⁇ Goto next file record stored contiguously after the previous one end while Output: A set of decompressed data files containing executable code.
- the uncompressed and decoded executable code is not always 100% relevant. Malware can, and almost always does, inserts random data into the code to hide execution patterns. Removal of unnecessary or garbage data provides for better and more efficient analysis.
- the decompressed data files do not only contain executable code.
- the executable code in Symbian® use a special format called E32 format. It consists of the E32 header followed by a code section, initialized and un-initialized data sections, the import section and the relocation section. The header consists of the offset and the length of the code section which contains the executable instructions.
- Input Set of decompressed Data Files For each data file in the Input set Extract the header using E32ImageHeader class. Extract E32ImageHeader::iCodeSize length of data from the data file - starting from E32ImageHeader::iCodeOffset position in the file. Store the extracted Code Block end For Output: Set of Code-Blocks extracted from Input
- malware histogram detection method 801 creates 808 an index and a set of histogram data values.
- the ARM processor has the characteristic that each individual code instruction is a predefined number of bits, e.g., 32 bits, in length. A direct utilization however of this encoding results in a feature set of 232 instructions, meaning a histogram index having 232 members—one for each code instruction.
- code instructions are decoded and divided in broad categories.
- the following set of code instruction categories function as the index to the histogram:
- Input A 32-bit length instruction.
- Output An instruction index in the set of instruction categories.
- the features or data in the histogram are the frequency of occurrence of each of the distinct code instruction categories described above. These features are obtained from each file using the following compute feature histogram algorithm:
- Input The set of extracted instructions.
- H 0 be the hypothesis that a file contains malicious code
- H 1 be the hypothesis that the code is not corrupted.
- a particular file with feature A is considered malicious if:
- the prior probabilities, P(H 0 ) and P(H 1 ), and the parameters, m k and ⁇ k , are estimated from the training data.
- the training data file is comprised of a large set of non-virus files and about 50% of all known viruses.
- A* from the whole feature set is used for classification.
- A is obtained using cross-validation with the following algorithm:
- the error rate of a particular feature set is tested by equally dividing all the training files into three groups. Among the three groups, pick two of them for training and the remaining one for testing.
- PD and PR be the percentage of detection, i.e., the percentage of malicious files that are detected, the percentage of correct reject, i.e., the percentage of normal files that are classified as not malicious.
- the error rate is the average of PD and PR on the testing set.
- the malware histogram probability model database 812 stores the feature set and associated histogram, also known as the rule, after the probabilities have been computed using the training data.
- the malware histogram detection method 801 decompresses 814 the target application and a histogram of the code instructions is created 816 using the same functions above.
- the selected feature sets of the histogram of the target application are compared 818 using the associated rule with the trained probabilities of the malware profiles stored in the malware histogram probability model database 812 to determine if malware is present in the target application.
- a feature based relationship determining method 900 builds a feature set probability model database 912 of malware probability profiles and associated rules for matching by first selecting 902 malware-free and malware-infected mobile applications, extracting 904 object code from the selected applications, analyzing 906 the code by monitoring ARM branch-link commands, identifying common code procedures, and monitoring activated functions in the mobile device, building 908 feature set relationships and creating 910 malware probability models.
- the feature based malware detection method 901 scans 914 a target application's code, derives 916 which feature sets are present in the target application, and compares 918 the derived feature sets to the malware probability models stored in the feature set probability model database 912 via the appropriate rules. If the feature sets match a malware profile according to the rule(s), the system and method identifies and flags 922 the target application as possibly containing malware. Otherwise, the target application is allowed 920 to run on the mobile platform.
- the feature based malware extraction and detection methods 900 , 901 use probability models to examine the relationship between a set of basic procedures used by normal non-malicious, or malware-free, programs and a set of procedures typically used by malicious malware.
- the feature based relationship determining method 900 selects 902 a number of malicious applications and breaks them down into their respective sequences of basic procedures which are then analyzed 906 for both code and behavior.
- the detection method identifies procedures that resemble malware behavior in an executable, including but not limited to Self-Replication, Spreading, and System Corruption. These procedures have a high probability of being found in malware.
- a malware program attempts to make a copy of itself. Once this is done it creates an installation package file so that it can be installed on other devices. This functionality is implemented in a number of ways, but generally the malware follows the following strategy:
- a malware program attempts to spread from one device to another.
- the most effective spreading mechanisms for malware include Bluetooth® and MMS.
- Malware programs that spread over Bluetooth® usually adopt the following strategy:
- a malware program destroys or corrupts application files or system files on the mobile device. Such malware can target specific applications such as anti-virus applications or in general destroy all installed applications. The following general strategy is used to corrupt applications on a device:
- the feature based relationship determining method 900 extracts 904 object code for individual procedures, disassembles it into assembly code, and categorizes it.
- Most malicious procedures such as replication, spreading, and system corruption use system functions, e.g., functions like File Open, File Read, etc. Identifying 906 these functionalities in binary executables allows them to be used as feature elements in a feature set.
- System functions are provided by the mobile platform for which the malware has been written. Most existing mobile executables are written to run on ARM processors. Whenever a system function call is used, it translates into a Branch-Link command in terms of ARM assembly code.
- the use of standard functions is identified by analyzing the parameter of the Branch-Link ARM command in an executable.
- the following procedures are identified using this method:
- File System related functions e.g., read, copy, replace, etc.
- Process related functionality e.g., Process kill
- Device related functionality e.g., Device restart
- the feature based relationship determining method executes individual procedures in a mobile handset environment and monitors 906 the events, or activated functions, that occur from executing the procedures. It is possible that the above mentioned code analysis does not provide all the features of malware.
- a malware when installed tries to access an instant messaging application and asks the application to broadcast instant messages to all of its contacts. Since the malware is using the application as intended, code analysis does not reveal its malicious intent such that the malware is achieving its goal indirectly.
- additional procedures are obtained by observing or monitoring 906 the run-time behavior of malware on a real device by allowing it to execute on the device.
- a monitoring system is developed on a mobile device to monitor usage of key resources on the device that are capable of being misused by malware. These include accessing communication protocols and system applications.
- the feature based relationship determining method 900 uses the information from the code analysis and behavior analysis to build 908 a feature set.
- Each event and corresponding assembly code make up a feature element and together the feature elements from all known malicious functions or behaviors form a feature set.
- the feature set is obtained 908 after code/behavior analysis of multiple malware-infected applications.
- the feature set listed below represents an example feature set. These feature elements of the feature set are listed for convenience only. It would be readily apparent to one of ordinary skill in the art to develop a comparable set of feature elements.
- Sample feature elements are:
- Contact Database This feature is related to Spreading using MMS. Using this feature we identify if a malware tries to access a User's contact database
- H0 be the hypothesis that a file contains malicious code and H1 otherwise.
- the decision rule is closely related to the costs of false alarm and missing the detection of malware. If the cost of raising a false alarm is much higher than that of missing malware, a quite stringent decision rule is used; that is, only a program that is very likely to be malicious is detected as a virus. Consequently, there are fewer false alarms, but there is also a tendency to miss more viruses.
- Each variable ⁇ bm ⁇ characterizes a core function of malware-infected and/or malware-free program, and the entire set ⁇ bm ⁇ includes all the core functions. Assume that once these variables are given, the posterior probability of whether a file is malicious or not does not depend on the procedure any more, that is,
- Equation (3) A is divided into several groups, each of which corresponds to a specific core function. Since a group ⁇ Am ⁇ usually contains a few features, the corresponding probability P(Am
- malware code often try to obfuscate their malware by reordering sections of code to escape detection by malware scanners that look for matching signatures or code templates.
- the probability model described above does not have an order specific limitation, and can therefore detect malware once certain features are recognized as being present, regardless of how they are coded by malware writers.
- the malware procedure identification, code/behavior analysis, and development of the Bayesian Classification algorithm are tailored to each manufacturer/model of mobile phone for each service provider data network.
- many feature sets and Bayesian formulas are reused to some degree.
- the feature sets and rules e.g., formulas, are stored in a feature set probability model database 912 and downloaded into a mobile device.
- the feature based malware detection method 901 scans 914 the target application's code in the mobile device.
- Each of the feature elements in a pre-defined feature set are derived 916 from the target application.
- the result is represented in a binary feature set vector, or feature vector, with a “1” indicating that the procedure is present in the searched executable, and a “0” otherwise.
- CoreStats 1000 comprises the following components:
- CoreStats 1000 monitors the Operator's Network 1008 by receiving communications from mobile client devices, or mobile platforms, 1010 .
- the mobile client devices 1010 in the operator network 1008 contain a client virus scanner 1012 capable of detecting viruses on mobile client devices 1010 .
- a full circle transaction comprises an infection report 1014 sent from a client device 1010 to CoreStats 1000 , and an acknowledgement 1016 sent from CoreStats 1000 back to the client device 1010 .
- a sample malware per platform report 1100 in CoreStats 1000 illustrates which mobile platforms are infected with the most malware.
- a sample malware spreading report 1200 in CoreStats 1000 illustrates which malware are spreading the fastest.
- a sample user infection report 1300 in CoreStats 1000 shows recently infected mobile platforms.
- a sample virus producer report 1400 in CoreStats 1000 shows which users, or clients, are responsible for spreading the most malware.
- FIG. 10 a illustrates a deployment of CoreStats 1000 outside of the operator network 1008 but alternatively, it also is deployed effectively at various other points in the mobile network.
- the reporting/visualization engine 1004 uses data from the client data server 1002 to graphically report malware statistics in the network.
- the client devices 1010 contain virus scanning 1012 algorithms which report back information about any malware to the Client Data Server 1002 .
- the reporting/visualization component 1004 takes input from the client data server 1002 to generate statistics and dynamic graphs depicting malware activity.
- Client devices 1010 usually mobile platforms such as mobile phones, contain virus scanning software, or client virus scanners 1012 , that scan the mobile devices 1010 for malware.
- a handset upon detecting malware generates an internal log file in plain text containing the name of the infected file and the name of the malware that infected the file as a semi-colon delimited text file.
- the entries in the log file are as follows: “C: ⁇ CinBell_Viruses.zip-Cabir.D(sis); C: ⁇ CinBell_Viruses ⁇ 3d_oidi500.sis-Cabir.D(sis); C: ⁇ CinBell_Viruses ⁇ autoexecdaemon.SIS-Cabir.gen(app);”.
- the client virus scanners 1012 report back information about any malware to the client data server 1002 .
- Report generation can be automatically triggered upon finding a virus, upon a periodic fixed time interval, or in response to polling by the client data server 1002 .
- the reports are sent, for example, using http, ftp, or any packet data transmission method as would be generally known in the art.
- Such reports typically comprise information such as, but not limited to detailed virus/threat vector information, device identification including type of mobile device, operating system, software and versions, and user information.
- a sample report contains the following information:
- CoreStats 1000 performs information gathering functions. Embedding within CoreStats 1000 is a database 1006 to store raw information gathered by CoreStats 1000 from the client virus scanners 1012 . User specific information is stored in a secure portion of the database 1006 to maintain customer privacy.
- the database 1006 has a log file comprising the following information:
- FIG. 10 b illustrates an efficient full-circle transaction between the client device 1010 and CoreStats 1000 .
- the client device 1010 sends an infection report 1014 to CoreStats 1000 (on the network)
- This particular implementation has two advantages. First, client devices 1010 do not send duplicated information to the CoreStats 1000 about old virus infections, only current ones. Second, client devices 1010 are less burdened memory-wise since they need to retain infection reports 1014 locally for a small duration of time. This is especially important in the case of mobile devices 1010 since they have limited memory resources.
- Infection reports 1014 can be configured to be pushed from the client device 1010 to CoreStats 1000 either ad hoc or periodically at regular intervals; the infection reports 1014 can remain in the client device 1010 until queried (pulled) by CoreStats 1000 ; or the infection reports 1014 can be delivered to CoreStats 1000 using some combination of pulling and pushing.
- CoreStats 1000 also performs report generating functions.
- the reporting/visualization engine 1004 uses both stored and real-time information, including individual user information, to generate statistics and dynamic graphs depicting malware activity and relative levels of malware activity. For example, the reporting/visualization engine 1004 generates straightforward visual reports to alert managers and operators as to which platforms are infected with the most viruses, which viruses are spreading the fastest, the most recently infected users, and which infected users are spreading the most viruses.
- a sample malware per platform report 1100 in CoreStats 1000 illustrates which platforms are infected with the most malware.
- the sample malware per platform report 1100 comprises option selections 1102 for generating a report regarding a selectable interval of time in the past 1104 or the most current period of time 1106 .
- the report is run to the screen 1110 or it is exported 1108 in a data structure, for example, a semi-colon delimited text file.
- the data can be presented any number of ways including, for example, a graphical representation 1112 of the number of viruses per platform.
- a sample malware spreading report 1200 in CoreStats 1000 illustrates which malware are spreading the fastest.
- the sample malware spreading report 1200 comprises options selections 1102 for generating a report regarding a selectable interval of time in the past 1104 or the most current period of time 1106 .
- the report can be run to the screen 1110 or it can be exported 1108 in a data structure, for example a semi-colon delimited text file.
- the data can be presented any number of ways including, for example, a graphical representation 1212 of the number of instances of each virus detected in the network.
- a sample user infection report 1300 in CoreStats 1000 shows recently infected users.
- the sample user infection report 1300 comprises option selections 1102 for generating a report regarding a selectable interval of time in the past 1104 or the most current period of time 1106 .
- the report can be run to the screen 1110 or it can be exported 1108 in a data structure, for example a semi-colon delimited text file.
- the data can be presented any number of ways including, for example, a text list 1312 of which platforms are infected by which viruses.
- a sample virus producer report 1400 in CoreStats 1000 shows which users are responsible for spreading the most malware.
- the sample user infecting report 1400 comprises option selections 1102 for generating a report regarding a selectable interval of time in the past 1104 or the most current period of time 1106 .
- the report can be run to the screen 1110 or it can be exported 1108 in a data structure, for example a semi-colon delimited text file.
- the data can be presented any number of ways including, for example, a text list 1412 of which platforms are infected by, and therefore likely to be spreading, the most viruses.
- Some additional reports generated by the reporting/visualization engine 1004 include the growth of individual viruses over time, and infected subscriber information. User specific information is stored in a secure portion of the database 1006 to maintain customer privacy. Other functions and metrics can be formed by one of ordinary skill in the art.
- CoreStats 1000 helps mobile network administrators and operators is by reporting alarms upstream to other operational support systems or OAM&P (Operations, Administration, Maintenance, and Provisioning) systems used by network service providers to manage their networks 1008 .
- OAM&P Operations, Administration, Maintenance, and Provisioning
- the term “operational support system” is generally understood to include a broad range of computer systems and servers created by many different vendors and used by network operators to manage and control their networks and individual network elements.
- An operational support system may have centralized or distributed servers.
- Network elements are those individual systems that are assembled by the network operators to build out a functioning network. Many network elements are managed by one or more operational support system, and are capable of reporting alarms to operational support system, as well as receiving and sending configuration information.
- CoreStats 1000 operates as a stand-alone system with some associated virus scanning modules running independently in user mobile devices 1010 to aid in reporting and visualizing viruses on mobile networks 1008 , and monitoring the current status of virus infections on a mobile network 1008 .
- CoreStats 1000 can also integrate with other operational support systems, reporting alarms upstream to typical OAM&P (Operations, Administration, Maintenance, and Provisioning) systems used by network service providers to manage their networks 1008 .
- OAM&P Operations, Administration, Maintenance, and Provisioning
- CoreStats 1000 is an application that operates inside the operator network 1008 , at the edge of the operator network 1008 , inside a network element of the operator network 1008 , or in a combination of locations.
- OAM&P Order, Administration, Maintenance, and Provisioning
- a central management server 1502 in CoreStats 1000 uses a device independent secure management protocol, such as a DM protocol, to update malware definitions in client malware scanners 1012 from a database 1006 of the most recent malware definitions.
- the client malware scanners 1012 reside in mobile client devices 1010 in an operator's network 1008 .
- the SyncML DM standard provides a Device Management (DM) protocol for transfer management actions between a client device 1010 or mobile phone client and a central management server 1502 .
- DM Device Management
- SyncML DM enables an operator in the enterprise or carrier network 1008 to remotely manage the settings of the mobile client devices 1010 using the DM management objects.
- Those settings can, in principle, be of any kind, including but not limited to, anti-virus definitions, security parameters and other information to mobile client devices 1010 or phones connected to the enterprise or carrier network 1008 .
- the description of the present invention in terms of the OMA/DM framework is for convenience only and describes the preferred embodiment of the present invention.
- the system and method of the present invention applies equally to any network communication scheme employing a device independent secure management protocol.
- OMA DM framework builds upon the principles of data synchronization.
- Data synchronization is typical two-way synchronization, where one central database is synchronized with one or several remote databases. Changes can happen in both places.
- OMA DM is characteristic in the way that the original data is always in a database 1006 accessible from a central management server 1502 , for example in CoreStats 1000 , and may be placed in the operator's network 1008 and owned by a service provider or an operator (shown in FIG. 15 as outside the operator's network 1008 .) Settings data are applied from the central place to the remote place. This must be done in a controlled and secure way.
- the exchange of OMA DM commands and status uses binary encoded XML (WBXML).
- the central management server 1502 is a device management server that sends DM commands to the client device 1010 and the client device 1010 answers back with a status message.
- the DM commands can be Add, Get, Replace, Delete, and so on, and the status is the result in form of a status code and eventual returned data (for example, with a Get command).
- the OMA DM implementation in the client device 1010 consists of two main parts:
- the OMA DM Protocol holds the state machine controlling establishment, management, and termination of the DM session.
- OMA DM User Agent takes care of executing the actual OMA DM commands and generates the relevant status messages.
- the leaf node holds the data.
- the data can be one single value or a structure or even a file including any kind of data.
- the interior nodes are used to structure the data and to address where in the tree the data is stored.
- the root is the placeholder for the complete management tree.
- the management tree is grouped into Management Objects. Each management object holds a well-defined group of leaf nodes each holding a certain parameter.
- the malware protection system as disclosed herein uses a leaf node as defined by the OMA DM standard to hold the database 1006 of malware signatures or definitions for the malware protection system on a given mobile device.
- a leaf node can also be used to hold specific malware protection system settings, such as desired update and full-system scan parameters, and a variety of security settings and other relevant information.
- the update of the malware signatures or definitions is performed using the OMA DM protocol.
- the OMA definition User Agent executes the OMA DM commands necessary to update the malware system files and other settings such as security parameters and information on a mobile client device 1010 .
- the User Agent also provides status information back to the central management server 1502 to indicate successful update, etc.
- the User Agent can also be used to execute specific anti-virus commands, such as initiate a full system scan, etc.
- the database 1006 connected to the OMA DM enabled central management server 1502 serves as a central repository for malware definitions, settings and other information.
- the OMA DM enabled central management server 1502 also coordinates the operation of specific anti-virus programs and security levels throughout the operator's network 1008 . For example, when malware is detected on the network 1008 , the OMA DM enabled central management server 1502 issues commands to the mobile devices 1010 to update the relative malware scan levels relative to specific threat vectors, as well as, updated malware definition files to enable the mobile client device 1010 to handle the potential virus outbreak.
- the OMA DM enabled central management server 1502 is maintained as either an enterprise or carrier network-based system.
- the individual enterprise or carrier network 1008 OMA DM enabled central management servers 1502 obtain malware update information and system security parameters and other information through a variety of means.
- the malware signatures and updates are provided by a third-party server as part of a subscription service.
- the updated signatures and information are received by the OMA DM enabled central management server 1502 are then propagated using the OMA DM protocols to the mobile client devices 1010 associated with the OMA DM server.
- the carrier or enterprise central management server 1502 actively manages the security parameters and other settings as necessary based on the subject threat of a given malware on the managed enterprise or carrier network 1008 at a given time.
- the malware signatures are actively identified by programs running on the enterprise or carrier network server 1008 that then identify specific signatures in the database 1006 for distribution to the mobile client devices 1010 .
- the present malware protection system embeds the malware protection application at the firmware level of the client device 1010 , thereby reducing the need for customization of the client malware scanner 1012 for different platforms.
- the client malware scanners 1012 on the mobile client devices 1010 are managed by the DM server 1008 at the carrier or enterprise network level.
- the DM server 1008 in CoreStats 1000 thus manages all updating of the client devices' 1010 malware definitions using the OMA DM protocols.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computational Linguistics (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Hardware Redundancy (AREA)
- Debugging And Monitoring (AREA)
- Detection And Prevention Of Errors In Transmission (AREA)
- Detection And Correction Of Errors (AREA)
- Image Analysis (AREA)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/697,672 US20070240222A1 (en) | 2006-04-06 | 2007-04-06 | System and Method for Managing Malware Protection on Mobile Devices |
Applications Claiming Priority (11)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US78974806P | 2006-04-06 | 2006-04-06 | |
US78995806P | 2006-04-06 | 2006-04-06 | |
US78974906P | 2006-04-06 | 2006-04-06 | |
US78976606P | 2006-04-06 | 2006-04-06 | |
US78974506P | 2006-04-06 | 2006-04-06 | |
US78974406P | 2006-04-06 | 2006-04-06 | |
US78974306P | 2006-04-06 | 2006-04-06 | |
US78974606P | 2006-04-06 | 2006-04-06 | |
US82464906P | 2006-09-06 | 2006-09-06 | |
US82849106P | 2006-10-06 | 2006-10-06 | |
US11/697,672 US20070240222A1 (en) | 2006-04-06 | 2007-04-06 | System and Method for Managing Malware Protection on Mobile Devices |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070240222A1 true US20070240222A1 (en) | 2007-10-11 |
Family
ID=38581629
Family Applications (9)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/697,647 Expired - Fee Related US9104871B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for mobile platforms |
US11/697,642 Active 2030-04-13 US8321941B2 (en) | 2006-04-06 | 2007-04-06 | Malware modeling detection system and method for mobile platforms |
US11/697,668 Active 2030-06-02 US8312545B2 (en) | 2006-04-06 | 2007-04-06 | Non-signature malware detection system and method for mobile platforms |
US11/697,672 Abandoned US20070240222A1 (en) | 2006-04-06 | 2007-04-06 | System and Method for Managing Malware Protection on Mobile Devices |
US11/697,664 Active 2030-02-19 US9064115B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for limited access mobile platforms |
US11/697,658 Active 2033-11-14 US9009818B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for compressed data on mobile platforms |
US13/074,819 Abandoned US20110179484A1 (en) | 2006-04-06 | 2011-03-29 | Malware detection system and method for mobile platforms |
US14/685,391 Active US9542555B2 (en) | 2006-04-06 | 2015-04-13 | Malware detection system and method for compressed data on mobile platforms |
US14/822,488 Expired - Fee Related US9576131B2 (en) | 2006-04-06 | 2015-08-10 | Malware detection system and method for mobile platforms |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/697,647 Expired - Fee Related US9104871B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for mobile platforms |
US11/697,642 Active 2030-04-13 US8321941B2 (en) | 2006-04-06 | 2007-04-06 | Malware modeling detection system and method for mobile platforms |
US11/697,668 Active 2030-06-02 US8312545B2 (en) | 2006-04-06 | 2007-04-06 | Non-signature malware detection system and method for mobile platforms |
Family Applications After (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/697,664 Active 2030-02-19 US9064115B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for limited access mobile platforms |
US11/697,658 Active 2033-11-14 US9009818B2 (en) | 2006-04-06 | 2007-04-06 | Malware detection system and method for compressed data on mobile platforms |
US13/074,819 Abandoned US20110179484A1 (en) | 2006-04-06 | 2011-03-29 | Malware detection system and method for mobile platforms |
US14/685,391 Active US9542555B2 (en) | 2006-04-06 | 2015-04-13 | Malware detection system and method for compressed data on mobile platforms |
US14/822,488 Expired - Fee Related US9576131B2 (en) | 2006-04-06 | 2015-08-10 | Malware detection system and method for mobile platforms |
Country Status (4)
Country | Link |
---|---|
US (9) | US9104871B2 (de) |
EP (1) | EP2011099A4 (de) |
MX (1) | MX2008012891A (de) |
WO (6) | WO2007117636A2 (de) |
Cited By (350)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070016951A1 (en) * | 2005-07-13 | 2007-01-18 | Piccard Paul L | Systems and methods for identifying sources of malware |
US20080120611A1 (en) * | 2006-10-30 | 2008-05-22 | Jeffrey Aaron | Methods, systems, and computer program products for controlling software application installations |
US20080127336A1 (en) * | 2006-09-19 | 2008-05-29 | Microsoft Corporation | Automated malware signature generation |
US20080148407A1 (en) * | 2006-12-18 | 2008-06-19 | Cat Computer Services Pvt Ltd | Virus Detection in Mobile Devices Having Insufficient Resources to Execute Virus Detection Software |
US20080155696A1 (en) * | 2006-12-22 | 2008-06-26 | Sybase 365, Inc. | System and Method for Enhanced Malware Detection |
US20080209517A1 (en) * | 2007-02-27 | 2008-08-28 | Airdefense, Inc. | Systems and methods for generating, managing, and displaying alarms for wireless network monitoring |
US20090013054A1 (en) * | 2007-07-06 | 2009-01-08 | Yahoo! Inc. | Detecting spam messages using rapid sender reputation feedback analysis |
US20090031162A1 (en) * | 2007-07-23 | 2009-01-29 | Abhijit Bose | Apparatus and method for repairing computer system infected by malware |
US20090064335A1 (en) * | 2007-09-05 | 2009-03-05 | Yahoo! Inc. | Instant messaging malware protection |
US20090100519A1 (en) * | 2007-10-16 | 2009-04-16 | Mcafee, Inc. | Installer detection and warning system and method |
US20090235357A1 (en) * | 2008-03-14 | 2009-09-17 | Computer Associates Think, Inc. | Method and System for Generating a Malware Sequence File |
US7634262B1 (en) * | 2006-03-07 | 2009-12-15 | Trend Micro, Inc. | Virus pattern update for mobile device |
US20100083380A1 (en) * | 2008-09-29 | 2010-04-01 | Harris Mark D | Network stream scanning facility |
US20100100939A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | Secure mobile platform system |
US20100100959A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
US20100100964A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | Security status and information display system |
US20100100963A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for attack and malware prevention |
US20100100591A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for a mobile cross-platform software system |
US20100107254A1 (en) * | 2008-10-29 | 2010-04-29 | Eiland Edward E | Network intrusion detection using mdl compress for deep packet inspection |
US20100107255A1 (en) * | 2008-10-29 | 2010-04-29 | Eiland Edward E | Intrusion Detection Using MDL Compression |
US20100146589A1 (en) * | 2007-12-21 | 2010-06-10 | Drivesentry Inc. | System and method to secure a computer system by selective control of write access to a data storage medium |
US7743419B1 (en) * | 2009-10-01 | 2010-06-22 | Kaspersky Lab, Zao | Method and system for detection and prediction of computer virus-related epidemics |
US20100162400A1 (en) * | 2008-12-11 | 2010-06-24 | Scansafe Limited | Malware detection |
US20100162350A1 (en) * | 2008-12-24 | 2010-06-24 | Korea Information Security Agency | Security system of managing irc and http botnets, and method therefor |
US20100195493A1 (en) * | 2009-02-02 | 2010-08-05 | Peter Hedman | Controlling a packet flow from a user equipment |
US20100210240A1 (en) * | 2009-02-17 | 2010-08-19 | Flexilis, Inc. | System and method for remotely securing or recovering a mobile device |
US20100257253A1 (en) * | 2009-04-01 | 2010-10-07 | Motorola, Inc. | Method and Apparatus to Vet an Executable Program Using a Model |
US20100281540A1 (en) * | 2009-05-01 | 2010-11-04 | Mcafee, Inc. | Detection of code execution exploits |
US20100287547A1 (en) * | 2009-05-08 | 2010-11-11 | Samsung Electronics Co., Ltd. | System and method for verifying integrity of software package in mobile terminal |
US20110047620A1 (en) * | 2008-10-21 | 2011-02-24 | Lookout, Inc., A California Corporation | System and method for server-coupled malware prevention |
US20110047033A1 (en) * | 2009-02-17 | 2011-02-24 | Lookout, Inc. | System and method for mobile device replacement |
US20110047597A1 (en) * | 2008-10-21 | 2011-02-24 | Lookout, Inc., A California Corporation | System and method for security data collection and analysis |
US20110065419A1 (en) * | 2009-04-07 | 2011-03-17 | Juniper Networks | System and Method for Controlling a Mobile |
US7934261B1 (en) * | 2007-06-13 | 2011-04-26 | Trend Micro, Inc. | On-demand cleanup system |
US20110119765A1 (en) * | 2009-11-18 | 2011-05-19 | Flexilis, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
US20110138470A1 (en) * | 2009-12-03 | 2011-06-09 | Verizon Patent And Licensing, Inc. | Automated testing for security vulnerabilities of devices |
US20110145920A1 (en) * | 2008-10-21 | 2011-06-16 | Lookout, Inc | System and method for adverse mobile application identification |
US20110173340A1 (en) * | 2007-05-15 | 2011-07-14 | Adams Phillip M | Computerized, copy detection and discrimination apparatus and method |
US20110179430A1 (en) * | 2010-01-18 | 2011-07-21 | Samsung Electronics Co., Ltd. | Computer System and Method for Preventing Dynamic-Link Library Injection Attack |
US8028338B1 (en) * | 2008-09-30 | 2011-09-27 | Symantec Corporation | Modeling goodware characteristics to reduce false positive malware signatures |
US20110295894A1 (en) * | 2010-05-27 | 2011-12-01 | Samsung Sds Co., Ltd. | System and method for matching pattern |
US8127358B1 (en) * | 2007-05-30 | 2012-02-28 | Trend Micro Incorporated | Thin client for computer security applications |
US8171388B2 (en) | 2007-11-15 | 2012-05-01 | Yahoo! Inc. | Trust based moderation |
US20120185939A1 (en) * | 2011-01-13 | 2012-07-19 | F-Secure Corporation | Malware detection |
US8230510B1 (en) * | 2008-10-02 | 2012-07-24 | Trend Micro Incorporated | Scanning computer data for malicious codes using a remote server computer |
US8276202B1 (en) * | 2009-06-30 | 2012-09-25 | Aleksandr Dubrovsky | Cloud-based gateway security scanning |
US8281392B2 (en) | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US8291497B1 (en) * | 2009-03-20 | 2012-10-16 | Symantec Corporation | Systems and methods for byte-level context diversity-based automatic malware signature generation |
US8302193B1 (en) * | 2008-05-30 | 2012-10-30 | Symantec Corporation | Methods and systems for scanning files for malware |
US8301727B1 (en) * | 2010-02-19 | 2012-10-30 | Mcafee, Inc. | System, method, and computer program product for receiving security content utilizing a serial over LAN connection |
US20120311709A1 (en) * | 2010-12-23 | 2012-12-06 | Korea Internet & Security Agency | Automatic management system for group and mutant information of malicious codes |
US8364705B1 (en) | 2008-09-24 | 2013-01-29 | Symantec Corporation | Methods and systems for determining a file set |
US8365288B2 (en) | 2010-06-21 | 2013-01-29 | Samsung Sds Co., Ltd. | Anti-malware device, server, and method of matching malware patterns |
US8365297B1 (en) | 2011-12-28 | 2013-01-29 | Kaspersky Lab Zao | System and method for detecting malware targeting the boot process of a computer using boot process emulation |
US20130081142A1 (en) * | 2011-09-22 | 2013-03-28 | Raytheon Company | System, Method, and Logic for Classifying Communications |
EP2577546A2 (de) * | 2010-06-03 | 2013-04-10 | Nokia Corp. | Verfahren und vorrichtung zur analyse und erkennung bösartiger software |
US20130152201A1 (en) * | 2011-12-12 | 2013-06-13 | Microsoft Corporation | Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine |
US8479296B2 (en) * | 2010-12-30 | 2013-07-02 | Kaspersky Lab Zao | System and method for detecting unknown malware |
WO2013158789A1 (en) | 2012-04-18 | 2013-10-24 | Mcafee, Inc. | Detection and prevention of installation of malicious mobile applications |
US8655307B1 (en) | 2012-10-26 | 2014-02-18 | Lookout, Inc. | System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security |
US8656494B2 (en) * | 2012-02-28 | 2014-02-18 | Kaspersky Lab, Zao | System and method for optimization of antivirus processing of disk files |
US8683452B1 (en) * | 2010-12-21 | 2014-03-25 | Emc Corporation | Dynamically obfuscated javascript |
US20140101748A1 (en) * | 2012-10-10 | 2014-04-10 | Dell Products L.P. | Adaptive System Behavior Change on Malware Trigger |
US8701190B1 (en) * | 2010-02-22 | 2014-04-15 | Symantec Corporation | Inferring file and website reputations by belief propagation leveraging machine reputation |
US8706745B1 (en) | 2008-05-30 | 2014-04-22 | Symantec Corporation | Systems and methods for determining a file set |
US8726338B2 (en) | 2012-02-02 | 2014-05-13 | Juniper Networks, Inc. | Dynamic threat protection in mobile networks |
US8738765B2 (en) | 2011-06-14 | 2014-05-27 | Lookout, Inc. | Mobile device DNS optimization |
US20140165190A1 (en) * | 2012-12-10 | 2014-06-12 | Lookout Inc. | Method and apparatus for enhanced file system monitoring on mobile communications devices |
US8788881B2 (en) | 2011-08-17 | 2014-07-22 | Lookout, Inc. | System and method for mobile device push communications |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US8850571B2 (en) * | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8850569B1 (en) * | 2008-04-15 | 2014-09-30 | Trend Micro, Inc. | Instant messaging malware protection |
US8849909B2 (en) | 2007-07-06 | 2014-09-30 | Yahoo! Inc. | Real-time asynchronous event aggregation systems |
EP2784716A1 (de) * | 2013-03-25 | 2014-10-01 | British Telecommunications public limited company | Erkennung verdächtiger Programme |
US8855601B2 (en) | 2009-02-17 | 2014-10-07 | Lookout, Inc. | System and method for remotely-initiated audio communication |
US8855599B2 (en) | 2012-12-31 | 2014-10-07 | Lookout, Inc. | Method and apparatus for auxiliary communications with mobile communications device |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8881287B1 (en) | 2009-03-20 | 2014-11-04 | Symantec Corporation | Systems and methods for library function identification in automatic malware signature generation |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8904520B1 (en) | 2009-03-19 | 2014-12-02 | Symantec Corporation | Communication-based reputation system |
US20150007327A1 (en) * | 2005-06-30 | 2015-01-01 | Webroot Solutions Ltd | Methods and apparatus for dealing with malware |
US8943598B1 (en) * | 2014-08-12 | 2015-01-27 | Bank Of America Corporation | Automatic compromise detection for hardware signature for payment authentication |
US8949797B2 (en) | 2010-04-16 | 2015-02-03 | International Business Machines Corporation | Optimizing performance of integrity monitoring |
US8948795B2 (en) | 2012-05-08 | 2015-02-03 | Sybase 365, Inc. | System and method for dynamic spam detection |
US8973130B2 (en) | 2010-07-21 | 2015-03-03 | Samsung Sds Co., Ltd. | Device and method for providing SOC-based anti-malware service, and interface method |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US20150088967A1 (en) * | 2013-09-24 | 2015-03-26 | Igor Muttik | Adaptive and recursive filtering for sample submission |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US20150121072A1 (en) * | 2013-10-30 | 2015-04-30 | Electronics And Telecommunications Research Institute | Object verification apparatus and its integrity authentication method |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US9043919B2 (en) | 2008-10-21 | 2015-05-26 | Lookout, Inc. | Crawling multiple markets and correlating |
US9042876B2 (en) | 2009-02-17 | 2015-05-26 | Lookout, Inc. | System and method for uploading location information based on device movement |
US9053322B2 (en) | 2012-07-12 | 2015-06-09 | Industrial Technology Research Institute | Computing environment security method and electronic computing system |
US9071638B1 (en) | 2004-04-01 | 2015-06-30 | Fireeye, Inc. | System and method for malware containment |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9124472B1 (en) | 2012-07-25 | 2015-09-01 | Symantec Corporation | Providing file information to a client responsive to a file download stability prediction |
US20150262067A1 (en) * | 2014-03-13 | 2015-09-17 | Qualcomm Incorporated | Behavioral Analysis for Securing Peripheral Devices |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9183383B1 (en) | 2014-12-05 | 2015-11-10 | AO Kaspersky Lab | System and method of limiting the operation of trusted applications in presence of suspicious programs |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9202049B1 (en) | 2010-06-21 | 2015-12-01 | Pulse Secure, Llc | Detecting malware on mobile devices |
US9208215B2 (en) | 2012-12-27 | 2015-12-08 | Lookout, Inc. | User classification based on data gathered from a computing device |
US9215074B2 (en) | 2012-06-05 | 2015-12-15 | Lookout, Inc. | Expressing intent to control behavior of application components |
EP2924943A4 (de) * | 2012-12-21 | 2015-12-16 | Huawei Tech Co Ltd | Virusdetektionsverfahren und -vorrichtung |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9235704B2 (en) | 2008-10-21 | 2016-01-12 | Lookout, Inc. | System and method for a scanning API |
US9237171B2 (en) | 2011-08-17 | 2016-01-12 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9262638B2 (en) | 2006-12-29 | 2016-02-16 | Symantec Corporation | Hygiene based computer security |
US20160063243A1 (en) * | 2013-10-03 | 2016-03-03 | Qualcomm Incorporated | Malware Detection and Prevention by Monitoring and Modifying a Hardware Pipeline |
US9280369B1 (en) | 2013-07-12 | 2016-03-08 | The Boeing Company | Systems and methods of analyzing a software component |
US9282109B1 (en) | 2004-04-01 | 2016-03-08 | Fireeye, Inc. | System and method for analyzing packets |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9294448B2 (en) | 2011-02-03 | 2016-03-22 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
EP2998902A1 (de) * | 2014-09-16 | 2016-03-23 | Baidu Online Network Technology (Beijing) Co., Ltd | Verfahren und Vorrichtung zur Verarbeitung einer Datei |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9306974B1 (en) | 2013-12-26 | 2016-04-05 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US9306960B1 (en) | 2004-04-01 | 2016-04-05 | Fireeye, Inc. | Systems and methods for unauthorized activity defense |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9336025B2 (en) | 2013-07-12 | 2016-05-10 | The Boeing Company | Systems and methods of analyzing a software component |
US9356944B1 (en) | 2004-04-01 | 2016-05-31 | Fireeye, Inc. | System and method for detecting malicious traffic using a virtual machine configured with a select software environment |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US9361461B2 (en) | 2013-05-21 | 2016-06-07 | Samsung Electronics Co., Ltd. | Method and apparatus for detecting malware and recording medium thereof |
US9367680B2 (en) | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
WO2016107753A1 (en) * | 2014-12-30 | 2016-07-07 | British Telecommunications Public Limited Company | Malware detection in migrated virtual machines |
WO2016107754A1 (en) * | 2014-12-30 | 2016-07-07 | British Telecommunications Public Limited Company | Malware detection |
US9396082B2 (en) | 2013-07-12 | 2016-07-19 | The Boeing Company | Systems and methods of analyzing a software component |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US9424409B2 (en) | 2013-01-10 | 2016-08-23 | Lookout, Inc. | Method and system for protecting privacy and enhancing security on an electronic device |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9442881B1 (en) | 2011-08-31 | 2016-09-13 | Yahoo! Inc. | Anti-spam transient entity classification |
US20160267270A1 (en) * | 2015-03-13 | 2016-09-15 | Electronics And Telecommunications Research Institute | Method and system for fast inspection of android malwares |
US9479521B2 (en) | 2013-09-30 | 2016-10-25 | The Boeing Company | Software network behavior analysis and identification system |
US9479357B1 (en) * | 2010-03-05 | 2016-10-25 | Symantec Corporation | Detecting malware on mobile devices based on mobile behavior analysis |
US9483645B2 (en) * | 2008-03-05 | 2016-11-01 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9519682B1 (en) | 2011-05-26 | 2016-12-13 | Yahoo! Inc. | User trustworthiness |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9576131B2 (en) | 2006-04-06 | 2017-02-21 | Juniper Networks, Inc. | Malware detection system and method for mobile platforms |
US9589129B2 (en) | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9607148B1 (en) * | 2009-06-30 | 2017-03-28 | Symantec Corporation | Method and apparatus for detecting malware on a computer system |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9628498B1 (en) | 2004-04-01 | 2017-04-18 | Fireeye, Inc. | System and method for bot detection |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9642008B2 (en) | 2013-10-25 | 2017-05-02 | Lookout, Inc. | System and method for creating and assigning a policy for a mobile communications device based on personal data |
US20170126716A1 (en) * | 2015-10-30 | 2017-05-04 | F-Secure Corporation | Malware detection |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US20170230397A1 (en) * | 2008-10-21 | 2017-08-10 | Lookout, Inc. | System and method for assessing data objects on mobile communications devices |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9754102B2 (en) | 2006-08-07 | 2017-09-05 | Webroot Inc. | Malware management through kernel detection during a boot sequence |
US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US20170286095A1 (en) * | 2016-03-30 | 2017-10-05 | International Business Machines Corporation | Software discovery using exclusion |
US9792436B1 (en) * | 2013-04-29 | 2017-10-17 | Symantec Corporation | Techniques for remediating an infected file |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9824356B2 (en) | 2014-08-12 | 2017-11-21 | Bank Of America Corporation | Tool for creating a system hardware signature for payment authentication |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US9838416B1 (en) | 2004-06-14 | 2017-12-05 | Fireeye, Inc. | System and method of detecting malicious content |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9852290B1 (en) | 2013-07-12 | 2017-12-26 | The Boeing Company | Systems and methods of analyzing a software component |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9955352B2 (en) | 2009-02-17 | 2018-04-24 | Lookout, Inc. | Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such |
WO2018081215A1 (en) * | 2016-10-26 | 2018-05-03 | Mcafee, Llc | Automated security policy |
WO2018077996A1 (en) * | 2016-10-27 | 2018-05-03 | Bitdefender Ipr Management Ltd | Dynamic reputation indicator for optimizing computer security operations |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US20180189492A1 (en) * | 2017-01-05 | 2018-07-05 | Fujitsu Limited | Non-transitory computer-readable storage medium, information processing apparatus and method |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US10032023B1 (en) * | 2016-03-25 | 2018-07-24 | Symantec Corporation | Systems and methods for selectively applying malware signatures |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
EP3370183A1 (de) * | 2017-03-02 | 2018-09-05 | X Development LLC | Kennzeichnen von malwre-dateien zur ähnlichkkeitssuche |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
WO2018185455A1 (en) * | 2017-04-03 | 2018-10-11 | Edinburgh Napier University | Method for reducing false-positives for identification of digital content |
US10122747B2 (en) | 2013-12-06 | 2018-11-06 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US20190034413A1 (en) * | 2017-07-31 | 2019-01-31 | 51 Degrees Mobile Experts Limited | Identifying properties of a communication device |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
CN109414763A (zh) * | 2016-07-26 | 2019-03-01 | 惠普发展公司,有限责任合伙企业 | 三维(3d)印刷 |
US10223534B2 (en) | 2015-10-15 | 2019-03-05 | Twistlock, Ltd. | Static detection of vulnerabilities in base images of software containers |
US10237073B2 (en) | 2015-01-19 | 2019-03-19 | InAuth, Inc. | Systems and methods for trusted path secure communication |
US10243985B2 (en) | 2014-06-03 | 2019-03-26 | Hexadite Ltd. | System and methods thereof for monitoring and preventing security incidents in a computerized environment |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10334062B2 (en) | 2016-02-25 | 2019-06-25 | InAuth, Inc. | Systems and methods for recognizing a device |
US10341365B1 (en) | 2015-12-30 | 2019-07-02 | Fireeye, Inc. | Methods and system for hiding transition events for malware detection |
US20190228151A1 (en) * | 2018-01-25 | 2019-07-25 | Mcafee, Llc | System and method for malware signature generation |
US10419454B2 (en) | 2014-02-28 | 2019-09-17 | British Telecommunications Public Limited Company | Malicious encrypted traffic inhibitor |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
EP3540625A1 (de) * | 2015-03-31 | 2019-09-18 | Juniper Networks, Inc. | Konfiguration einer sandkastenumgebung zur schadprogrammprüfung |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10528726B1 (en) | 2014-12-29 | 2020-01-07 | Fireeye, Inc. | Microvisor-based malware detection appliance architecture |
US10536471B1 (en) * | 2016-03-31 | 2020-01-14 | EMC IP Holding Company LLC | Malware detection in virtual machines |
US10540494B2 (en) | 2015-05-01 | 2020-01-21 | Lookout, Inc. | Determining source of side-loaded software using an administrator server |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US20200042720A1 (en) * | 2014-09-22 | 2020-02-06 | Mcafee, Llc | Pre-launch process vulnerability assessment |
US10567411B2 (en) | 2015-10-01 | 2020-02-18 | Twistlock, Ltd. | Dynamically adapted traffic inspection and filtering in containerized environments |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US10574630B2 (en) | 2011-02-15 | 2020-02-25 | Webroot Inc. | Methods and apparatus for malware threat research |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US10586042B2 (en) | 2015-10-01 | 2020-03-10 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10599833B2 (en) | 2015-10-01 | 2020-03-24 | Twistlock, Ltd. | Networking-based profiling of containers and security enforcement |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US20200110877A1 (en) * | 2017-09-29 | 2020-04-09 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10664590B2 (en) | 2015-10-01 | 2020-05-26 | Twistlock, Ltd. | Filesystem action profiling of containers and security enforcement |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10701091B1 (en) | 2013-03-15 | 2020-06-30 | Fireeye, Inc. | System and method for verifying a cyberthreat |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10706145B2 (en) | 2015-10-01 | 2020-07-07 | Twistlock, Ltd. | Runtime detection of vulnerabilities in software containers |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10728263B1 (en) | 2015-04-13 | 2020-07-28 | Fireeye, Inc. | Analytic-based security monitoring system and method |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10733296B2 (en) | 2015-12-24 | 2020-08-04 | British Telecommunications Public Limited Company | Software security |
US10740456B1 (en) | 2014-01-16 | 2020-08-11 | Fireeye, Inc. | Threat-aware architecture |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10771483B2 (en) | 2016-12-30 | 2020-09-08 | British Telecommunications Public Limited Company | Identifying an attacked computing device |
US10778446B2 (en) | 2015-10-15 | 2020-09-15 | Twistlock, Ltd. | Detection of vulnerable root certificates in software containers |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10826901B2 (en) | 2015-11-25 | 2020-11-03 | InAuth, Inc. | Systems and method for cross-channel device binding |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10839077B2 (en) | 2015-12-24 | 2020-11-17 | British Telecommunications Public Limited Company | Detecting malicious software |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10891377B2 (en) | 2015-12-24 | 2021-01-12 | British Telecommunications Public Limited Company | Malicious software identification |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10922418B2 (en) | 2015-10-01 | 2021-02-16 | Twistlock, Ltd. | Runtime detection and mitigation of vulnerabilities in application software containers |
US10931689B2 (en) | 2015-12-24 | 2021-02-23 | British Telecommunications Public Limited Company | Malicious network traffic identification |
US10943014B2 (en) | 2015-10-01 | 2021-03-09 | Twistlock, Ltd | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11036564B2 (en) | 2017-01-05 | 2021-06-15 | Fujitsu Limited | Non-transitory computer-readable storage medium, information processing apparatus and method for detecting malware |
US11063920B2 (en) | 2011-02-03 | 2021-07-13 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US11063909B1 (en) * | 2019-07-03 | 2021-07-13 | Centripetal Networks, Inc. | Methods and systems for efficient cyber protections of mobile devices |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11093852B2 (en) | 2016-10-19 | 2021-08-17 | Accertify, Inc. | Systems and methods for recognizing a device and/or an instance of an app invoked on a device |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US20210303676A1 (en) * | 2020-03-31 | 2021-09-30 | Airbus Operations Gmbh | Information processing architecture for implementation in a vehicle |
US11159549B2 (en) | 2016-03-30 | 2021-10-26 | British Telecommunications Public Limited Company | Network traffic threat identification |
US11170113B2 (en) * | 2017-01-04 | 2021-11-09 | Checkmarx Ltd. | Management of security vulnerabilities |
US11176251B1 (en) | 2018-12-21 | 2021-11-16 | Fireeye, Inc. | Determining malware via symbolic function hash analysis |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11194901B2 (en) | 2016-03-30 | 2021-12-07 | British Telecommunications Public Limited Company | Detecting computer security threats using communication characteristics of communication protocols |
US11201876B2 (en) | 2015-12-24 | 2021-12-14 | British Telecommunications Public Limited Company | Malicious software identification |
US11200080B1 (en) | 2015-12-11 | 2021-12-14 | Fireeye Security Holdings Us Llc | Late load technique for deploying a virtualization layer underneath a running operating system |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11232206B2 (en) | 2019-04-23 | 2022-01-25 | Microsoft Technology Licensing, Llc | Automated malware remediation and file restoration management |
US11232205B2 (en) * | 2019-04-23 | 2022-01-25 | Microsoft Technology Licensing, Llc | File storage service initiation of antivirus software locally installed on a user device |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11244056B1 (en) | 2014-07-01 | 2022-02-08 | Fireeye Security Holdings Us Llc | Verification of trusted threat-aware visualization layer |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11270016B2 (en) | 2018-09-12 | 2022-03-08 | British Telecommunications Public Limited Company | Ransomware encryption algorithm determination |
US20220086010A1 (en) * | 2019-06-28 | 2022-03-17 | Intel Corporation | Message index aware multi-hash acelerator for post quantum cryptography secure hash-based signing and verification |
US11310238B1 (en) | 2019-03-26 | 2022-04-19 | FireEye Security Holdings, Inc. | System and method for retrieval and analysis of operational data from customer, cloud-hosted virtual resources |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11366902B2 (en) * | 2019-07-17 | 2022-06-21 | AO Kaspersky Lab | System and method of detecting malicious files based on file fragments |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11403563B2 (en) | 2016-10-19 | 2022-08-02 | Accertify, Inc. | Systems and methods for facilitating recognition of a device and/or an instance of an app invoked on a device |
US11423144B2 (en) | 2016-08-16 | 2022-08-23 | British Telecommunications Public Limited Company | Mitigating security attacks in virtualized computing environments |
US11436327B1 (en) | 2019-12-24 | 2022-09-06 | Fireeye Security Holdings Us Llc | System and method for circumventing evasive code for cyberthreat detection |
US11449612B2 (en) | 2018-09-12 | 2022-09-20 | British Telecommunications Public Limited Company | Ransomware remediation |
US11489857B2 (en) | 2009-04-21 | 2022-11-01 | Webroot Inc. | System and method for developing a risk profile for an internet resource |
US11522884B1 (en) | 2019-12-24 | 2022-12-06 | Fireeye Security Holdings Us Llc | Subscription and key management system |
US11546315B2 (en) * | 2020-05-28 | 2023-01-03 | Hewlett Packard Enterprise Development Lp | Authentication key-based DLL service |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11562076B2 (en) | 2016-08-16 | 2023-01-24 | British Telecommunications Public Limited Company | Reconfigured virtual machine to mitigate attack |
US11582191B2 (en) | 2019-07-03 | 2023-02-14 | Centripetal Networks, Inc. | Cyber protections of remote networks via selective policy enforcement at a central network |
US11601444B1 (en) | 2018-12-31 | 2023-03-07 | Fireeye Security Holdings Us Llc | Automated system for triage of customer issues |
US11636198B1 (en) | 2019-03-30 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for cybersecurity analyzer update and concurrent management system |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11677786B1 (en) | 2019-03-29 | 2023-06-13 | Fireeye Security Holdings Us Llc | System and method for detecting and protecting against cybersecurity attacks on servers |
US11677757B2 (en) | 2017-03-28 | 2023-06-13 | British Telecommunications Public Limited Company | Initialization vector identification for encrypted malware traffic detection |
US20230205878A1 (en) * | 2021-12-28 | 2023-06-29 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US11743290B2 (en) | 2018-12-21 | 2023-08-29 | Fireeye Security Holdings Us Llc | System and method for detecting cyberattacks impersonating legitimate sources |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11838300B1 (en) | 2019-12-24 | 2023-12-05 | Musarubra Us Llc | Run-time configurable cybersecurity system |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11979428B1 (en) | 2016-03-31 | 2024-05-07 | Musarubra Us Llc | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US12008102B2 (en) | 2018-09-12 | 2024-06-11 | British Telecommunications Public Limited Company | Encryption key seed determination |
US12056239B2 (en) * | 2020-08-18 | 2024-08-06 | Micro Focus Llc | Thread-based malware detection |
US12074887B1 (en) | 2018-12-21 | 2024-08-27 | Musarubra Us Llc | System and method for selectively processing content after identification and removal of malicious content |
US12081540B2 (en) | 2021-05-04 | 2024-09-03 | Lookout, Inc. | Configuring access to a network service based on a security state of a mobile device |
Families Citing this family (442)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1466435B1 (de) | 2002-01-08 | 2019-05-22 | Seven Networks, LLC | Sicherer transport für ein mobilkommunikationsnetzwerk |
DK1500206T3 (da) * | 2002-04-19 | 2012-10-22 | Google Inc | System og fremgangsmåde til styring af trådløse apparater i en virksomhed |
US8789183B1 (en) * | 2002-07-19 | 2014-07-22 | Fortinet, Inc. | Detecting network traffic content |
US7603711B2 (en) * | 2002-10-31 | 2009-10-13 | Secnap Networks Security, LLC | Intrusion detection system |
US7051322B2 (en) | 2002-12-06 | 2006-05-23 | @Stake, Inc. | Software analysis framework |
US8468126B2 (en) | 2005-08-01 | 2013-06-18 | Seven Networks, Inc. | Publishing data in an information community |
US7853563B2 (en) | 2005-08-01 | 2010-12-14 | Seven Networks, Inc. | Universal data aggregation |
US7917468B2 (en) | 2005-08-01 | 2011-03-29 | Seven Networks, Inc. | Linking of personal information management data |
US8775823B2 (en) | 2006-12-29 | 2014-07-08 | Commvault Systems, Inc. | System and method for encrypting secondary copies of data |
US7877703B1 (en) | 2005-03-14 | 2011-01-25 | Seven Networks, Inc. | Intelligent rendering of information in a limited display environment |
US8438633B1 (en) | 2005-04-21 | 2013-05-07 | Seven Networks, Inc. | Flexible real-time inbox access |
WO2006136660A1 (en) | 2005-06-21 | 2006-12-28 | Seven Networks International Oy | Maintaining an ip connection in a mobile network |
US8381297B2 (en) | 2005-12-13 | 2013-02-19 | Yoggie Security Systems Ltd. | System and method for providing network security to mobile devices |
US8869270B2 (en) | 2008-03-26 | 2014-10-21 | Cupp Computing As | System and method for implementing content and network security inside a chip |
US20080276302A1 (en) | 2005-12-13 | 2008-11-06 | Yoggie Security Systems Ltd. | System and Method for Providing Data and Device Security Between External and Host Devices |
US7769395B2 (en) | 2006-06-20 | 2010-08-03 | Seven Networks, Inc. | Location-based operations and messaging |
US20140373144A9 (en) | 2006-05-22 | 2014-12-18 | Alen Capalik | System and method for analyzing unauthorized intrusion into a computer network |
KR100809416B1 (ko) * | 2006-07-28 | 2008-03-05 | 한국전자통신연구원 | 보안 시스템을 위한 최적 시그니처 자동 생성 장치 및 방법 |
US9860274B2 (en) | 2006-09-13 | 2018-01-02 | Sophos Limited | Policy management |
CA2701689C (en) * | 2006-10-06 | 2016-09-06 | Smobile Systems, Inc. | System and method of malware sample collection on mobile networks |
US9069957B2 (en) * | 2006-10-06 | 2015-06-30 | Juniper Networks, Inc. | System and method of reporting and visualizing malware on mobile networks |
CA2706721C (en) * | 2006-11-27 | 2016-05-31 | Smobile Systems, Inc. | Wireless intrusion prevention system and method |
US20080196104A1 (en) * | 2007-02-09 | 2008-08-14 | George Tuvell | Off-line mms malware scanning system and method |
US8613080B2 (en) | 2007-02-16 | 2013-12-17 | Veracode, Inc. | Assessment and analysis of software security flaws in virtual machines |
US9246938B2 (en) * | 2007-04-23 | 2016-01-26 | Mcafee, Inc. | System and method for detecting malicious mobile program code |
US8365272B2 (en) | 2007-05-30 | 2013-01-29 | Yoggie Security Systems Ltd. | System and method for providing network and computer firewall protection with dynamic address isolation to a device |
US8693494B2 (en) | 2007-06-01 | 2014-04-08 | Seven Networks, Inc. | Polling |
US8805425B2 (en) | 2007-06-01 | 2014-08-12 | Seven Networks, Inc. | Integrated messaging |
US8621610B2 (en) * | 2007-08-06 | 2013-12-31 | The Regents Of The University Of Michigan | Network service for the detection, analysis and quarantine of malicious and unwanted files |
US8037536B2 (en) * | 2007-11-14 | 2011-10-11 | Bank Of America Corporation | Risk scoring system for the prevention of malware |
US8590039B1 (en) | 2007-11-28 | 2013-11-19 | Mcafee, Inc. | System, method and computer program product for sending information extracted from a potentially unwanted data sample to generate a signature |
US8364181B2 (en) | 2007-12-10 | 2013-01-29 | Seven Networks, Inc. | Electronic-mail filtering for mobile devices |
US9002828B2 (en) | 2007-12-13 | 2015-04-07 | Seven Networks, Inc. | Predictive content delivery |
US8141045B2 (en) * | 2007-12-14 | 2012-03-20 | International Business Machines Corporation | Automatically identifying the source of copied software |
KR20090065977A (ko) * | 2007-12-18 | 2009-06-23 | 삼성에스디에스 주식회사 | 파일의 바이러스 감염여부 판정방법 |
US8862657B2 (en) | 2008-01-25 | 2014-10-14 | Seven Networks, Inc. | Policy based content service |
US20090193338A1 (en) | 2008-01-28 | 2009-07-30 | Trevor Fiatal | Reducing network and battery consumption during content delivery and playback |
US20090204578A1 (en) * | 2008-02-12 | 2009-08-13 | Microsoft Corporation | Targeted queries using an oma dm protocol |
US9306796B1 (en) | 2008-03-18 | 2016-04-05 | Mcafee, Inc. | System, method, and computer program product for dynamically configuring a virtual environment for identifying unwanted data |
US8549624B2 (en) * | 2008-04-14 | 2013-10-01 | Mcafee, Inc. | Probabilistic shellcode detection |
US8621608B2 (en) | 2008-04-29 | 2013-12-31 | Mcafee, Inc. | System, method, and computer program product for dynamically adjusting a level of security applied to a system |
US8839431B2 (en) * | 2008-05-12 | 2014-09-16 | Enpulz, L.L.C. | Network browser based virus detection |
US8353041B2 (en) * | 2008-05-16 | 2013-01-08 | Symantec Corporation | Secure application streaming |
US8214977B2 (en) * | 2008-05-21 | 2012-07-10 | Symantec Corporation | Centralized scanner database with optimal definition distribution using network queries |
US8732825B2 (en) * | 2008-05-28 | 2014-05-20 | Symantec Corporation | Intelligent hashes for centralized malware detection |
US9152789B2 (en) * | 2008-05-28 | 2015-10-06 | Zscaler, Inc. | Systems and methods for dynamic cloud-based malware behavior analysis |
US9609015B2 (en) * | 2008-05-28 | 2017-03-28 | Zscaler, Inc. | Systems and methods for dynamic cloud-based malware behavior analysis |
US8813050B2 (en) * | 2008-06-03 | 2014-08-19 | Isight Partners, Inc. | Electronic crime detection and tracking |
US8132258B1 (en) | 2008-06-12 | 2012-03-06 | Trend Micro Incorporated | Remote security servers for protecting customer computers against computer security threats |
US8787947B2 (en) | 2008-06-18 | 2014-07-22 | Seven Networks, Inc. | Application discovery on mobile devices |
US8301904B1 (en) | 2008-06-24 | 2012-10-30 | Mcafee, Inc. | System, method, and computer program product for automatically identifying potentially unwanted data as unwanted |
US8078158B2 (en) | 2008-06-26 | 2011-12-13 | Seven Networks, Inc. | Provisioning applications for a mobile device |
US8079081B1 (en) * | 2008-06-27 | 2011-12-13 | Alert Logic, Inc. | Systems and methods for automated log event normalization using three-staged regular expressions |
US9071974B2 (en) * | 2008-06-29 | 2015-06-30 | Oceans Edge, Inc. | Mobile telephone firewall and compliance enforcement system and method |
US8291494B1 (en) * | 2008-07-08 | 2012-10-16 | Mcafee, Inc. | System, method, and computer program product for detecting unwanted activity associated with an object, based on an attribute associated with the object |
US8935789B2 (en) * | 2008-07-21 | 2015-01-13 | Jayant Shukla | Fixing computer files infected by virus and other malware |
US8464341B2 (en) * | 2008-07-22 | 2013-06-11 | Microsoft Corporation | Detecting machines compromised with malware |
US8631488B2 (en) | 2008-08-04 | 2014-01-14 | Cupp Computing As | Systems and methods for providing security services during power management mode |
US20100058474A1 (en) * | 2008-08-29 | 2010-03-04 | Avg Technologies Cz, S.R.O. | System and method for the detection of malware |
US8909759B2 (en) | 2008-10-10 | 2014-12-09 | Seven Networks, Inc. | Bandwidth measurement |
US8726391B1 (en) * | 2008-10-10 | 2014-05-13 | Symantec Corporation | Scheduling malware signature updates in relation to threat awareness and environmental safety |
US9292689B1 (en) | 2008-10-14 | 2016-03-22 | Trend Micro Incorporated | Interactive malicious code detection over a computer network |
US8935788B1 (en) * | 2008-10-15 | 2015-01-13 | Trend Micro Inc. | Two stage virus detection |
US9177144B2 (en) * | 2008-10-30 | 2015-11-03 | Mcafee, Inc. | Structural recognition of malicious code patterns |
US8087081B1 (en) | 2008-11-05 | 2011-12-27 | Trend Micro Incorporated | Selection of remotely located servers for computer security operations |
IL195340A (en) | 2008-11-17 | 2013-06-27 | Shlomo Dolev | Builds and detects malware signatures for executable codes on your computer |
WO2010059864A1 (en) | 2008-11-19 | 2010-05-27 | Yoggie Security Systems Ltd. | Systems and methods for providing real time access monitoring of a removable media device |
US8161556B2 (en) * | 2008-12-17 | 2012-04-17 | Symantec Corporation | Context-aware real-time computer-protection systems and methods |
US8621625B1 (en) * | 2008-12-23 | 2013-12-31 | Symantec Corporation | Methods and systems for detecting infected files |
US8200953B1 (en) * | 2009-01-07 | 2012-06-12 | Adobe Systems Incorporated | Method and system to automatically update a configuration scheme |
US8813222B1 (en) | 2009-01-21 | 2014-08-19 | Bitdefender IPR Management Ltd. | Collaborative malware scanning |
US8627461B2 (en) | 2009-03-04 | 2014-01-07 | Mcafee, Inc. | System, method, and computer program product for verifying an identification of program information as unwanted |
US8266698B1 (en) * | 2009-03-09 | 2012-09-11 | Symantec Corporation | Using machine infection characteristics for behavior-based detection of malware |
US9208315B2 (en) * | 2009-03-17 | 2015-12-08 | Microsoft Corporation | Identification of telemetry data |
US8490187B2 (en) * | 2009-03-20 | 2013-07-16 | Microsoft Corporation | Controlling malicious activity detection using behavioral models |
US10055251B1 (en) | 2009-04-22 | 2018-08-21 | The Trustees Of Columbia University In The City Of New York | Methods, systems, and media for injecting code into embedded devices |
US8769689B2 (en) * | 2009-04-24 | 2014-07-01 | Hb Gary, Inc. | Digital DNA sequence |
US8549649B2 (en) * | 2009-04-30 | 2013-10-01 | Emc Corporation | Systems and methods for sensitive data remediation |
US8839458B2 (en) * | 2009-05-12 | 2014-09-16 | Nokia Corporation | Method, apparatus, and computer program for providing application security |
US8484152B2 (en) * | 2009-06-26 | 2013-07-09 | Hbgary, Inc. | Fuzzy hash algorithm |
US8776218B2 (en) | 2009-07-21 | 2014-07-08 | Sophos Limited | Behavioral-based host intrusion prevention system |
US8607340B2 (en) * | 2009-07-21 | 2013-12-10 | Sophos Limited | Host intrusion prevention system using software and user behavior analysis |
US10102352B2 (en) * | 2009-08-10 | 2018-10-16 | Arm Limited | Content usage monitor |
US8375450B1 (en) * | 2009-10-05 | 2013-02-12 | Trend Micro, Inc. | Zero day malware scanner |
US9779267B2 (en) * | 2009-10-07 | 2017-10-03 | F-Secure Oyj | Computer security method and apparatus |
US8869282B1 (en) | 2009-10-15 | 2014-10-21 | American Megatrends, Inc. | Anti-malware support for firmware |
US8863282B2 (en) * | 2009-10-15 | 2014-10-14 | Mcafee Inc. | Detecting and responding to malware using link files |
US8539583B2 (en) | 2009-11-03 | 2013-09-17 | Mcafee, Inc. | Rollback feature |
US20110113491A1 (en) * | 2009-11-12 | 2011-05-12 | Deutsche Telekom Ag | Collaborative system for protecting against the propagation of malwares in a network |
US8640241B2 (en) * | 2009-11-16 | 2014-01-28 | Quatum Corporation | Data identification system |
US8353037B2 (en) * | 2009-12-03 | 2013-01-08 | International Business Machines Corporation | Mitigating malicious file propagation with progressive identifiers |
US8479286B2 (en) | 2009-12-15 | 2013-07-02 | Mcafee, Inc. | Systems and methods for behavioral sandboxing |
US20110154495A1 (en) * | 2009-12-21 | 2011-06-23 | Stranne Odd Wandenor | Malware identification and scanning |
US8719939B2 (en) * | 2009-12-31 | 2014-05-06 | Mcafee, Inc. | Malware detection via reputation system |
US8892896B2 (en) * | 2010-01-08 | 2014-11-18 | Microsoft Corporation | Capability and behavior signatures |
US8494974B2 (en) * | 2010-01-18 | 2013-07-23 | iSIGHT Partners Inc. | Targeted security implementation through security loss forecasting |
WO2011095484A1 (en) * | 2010-02-02 | 2011-08-11 | Gemalto Sa | Method of countermeasure against the installation-by-tearing of viruses onto a secure portable mass storage device |
US8612398B2 (en) * | 2010-03-11 | 2013-12-17 | Microsoft Corporation | Clean store for operating system and software recovery |
JP5540316B2 (ja) * | 2010-04-08 | 2014-07-02 | Kddi株式会社 | マルウェア判定システムおよびプログラム |
US9213838B2 (en) * | 2011-05-13 | 2015-12-15 | Mcafee Ireland Holdings Limited | Systems and methods of processing data associated with detection and/or handling of malware |
US8578345B1 (en) * | 2010-04-15 | 2013-11-05 | Symantec Corporation | Malware detection efficacy by identifying installation and uninstallation scenarios |
US8972953B2 (en) * | 2010-04-16 | 2015-03-03 | Salesforce.Com, Inc. | Methods and systems for internally debugging code in an on-demand service environment |
US8561193B1 (en) * | 2010-05-17 | 2013-10-15 | Symantec Corporation | Systems and methods for analyzing malware |
JP5425840B2 (ja) * | 2010-06-07 | 2014-02-26 | サムソン エスディーエス カンパニー リミテッド | アンチマルウェアシステム及びその動作方法 |
US9106697B2 (en) | 2010-06-24 | 2015-08-11 | NeurallQ, Inc. | System and method for identifying unauthorized activities on a computer system using a data structure model |
US8789189B2 (en) * | 2010-06-24 | 2014-07-22 | NeurallQ, Inc. | System and method for sampling forensic data of unauthorized activities using executability states |
US9239907B1 (en) * | 2010-07-06 | 2016-01-19 | Symantec Corporation | Techniques for identifying misleading applications |
US8838783B2 (en) | 2010-07-26 | 2014-09-16 | Seven Networks, Inc. | Distributed caching for resource and mobile network traffic management |
EP3407673B1 (de) | 2010-07-26 | 2019-11-20 | Seven Networks, LLC | Koordinierung eines mobilnetzwerkverkehrs zwischen mehreren anwendungen |
EP2609538B1 (de) | 2010-08-25 | 2016-10-19 | Lookout Inc. | System und verfahren für servergekoppelte unterdrückung von schadprogrammen |
US8776219B2 (en) | 2010-08-27 | 2014-07-08 | Microsoft Corporation | Application selection using current detection intelligence |
US9215548B2 (en) | 2010-09-22 | 2015-12-15 | Ncc Group Security Services, Inc. | Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms |
US8479291B1 (en) * | 2010-10-28 | 2013-07-02 | Symantec Corporation | Systems and methods for identifying polymorphic malware |
CN103620576B (zh) | 2010-11-01 | 2016-11-09 | 七网络公司 | 适用于移动应用程序行为和网络条件的缓存 |
US8843153B2 (en) | 2010-11-01 | 2014-09-23 | Seven Networks, Inc. | Mobile traffic categorization and policy for network use optimization while preserving user experience |
US8484314B2 (en) | 2010-11-01 | 2013-07-09 | Seven Networks, Inc. | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
WO2012060995A2 (en) | 2010-11-01 | 2012-05-10 | Michael Luna | Distributed caching in a wireless network of content delivered for a mobile application over a long-held request |
US8819827B1 (en) * | 2010-11-10 | 2014-08-26 | Open Invention Network, Llc | Method and apparatus of performing data executable integrity verification |
US8869307B2 (en) * | 2010-11-19 | 2014-10-21 | Mobile Iron, Inc. | Mobile posture-based policy, remediation and access control for enterprise resources |
CN103404193B (zh) | 2010-11-22 | 2018-06-05 | 七网络有限责任公司 | 调校数据传输以优化为通过无线网络的传输建立的连接 |
EP3422775A1 (de) | 2010-11-22 | 2019-01-02 | Seven Networks, LLC | Optimierung von ressourcenabfrageintervallen zur zufriedenstellenden beantwortung von anfragen auf mobilen vorrichtungen |
US8763126B2 (en) | 2010-12-08 | 2014-06-24 | At&T Intellectual Property I, L.P. | Devices, systems, and methods for detecting proximity-based mobile propagation |
TWI435236B (zh) * | 2010-12-15 | 2014-04-21 | Inst Information Industry | 惡意程式偵測裝置、惡意程式偵測方法及其電腦程式產品 |
CN102542186A (zh) * | 2010-12-15 | 2012-07-04 | 财团法人资讯工业策进会 | 恶意程序检测装置以及恶意程序检测方法 |
GB2501416B (en) | 2011-01-07 | 2018-03-21 | Seven Networks Llc | System and method for reduction of mobile network traffic used for domain name system (DNS) queries |
US9129110B1 (en) * | 2011-01-14 | 2015-09-08 | The United States Of America As Represented By The Secretary Of The Air Force | Classifying computer files as malware or whiteware |
US9058490B1 (en) * | 2011-02-11 | 2015-06-16 | Symantec Corporation | Systems and methods for providing a secure uniform resource locator (URL) shortening service |
US8769691B1 (en) * | 2011-02-14 | 2014-07-01 | Trend Micro, Inc. | Network traffic reduction |
US8978136B2 (en) * | 2011-02-17 | 2015-03-10 | Terremark Worldwide, Inc. | Systems and methods for detection and suppression of abnormal conditions within a networked environment |
US8438644B2 (en) | 2011-03-07 | 2013-05-07 | Isight Partners, Inc. | Information system security based on threat vectors |
DE102012006309A1 (de) * | 2011-03-29 | 2012-10-04 | Htc Corp. | Verfahren zur Handhabung einer Schadapplikation in einem Applikationsverkaufssystem eines Telekommunikationsunternehmens und zugehörige Kommunikationsvorrichtung |
WO2012145541A2 (en) | 2011-04-19 | 2012-10-26 | Seven Networks, Inc. | Social caching for device resource sharing and management |
US8990891B1 (en) | 2011-04-19 | 2015-03-24 | Pulse Secure, Llc | Provisioning layer two network access for mobile devices |
GB2496537B (en) | 2011-04-27 | 2014-10-15 | Seven Networks Inc | System and method for making requests on behalf of a mobile device based on atmoic processes for mobile network traffic relief |
WO2012149434A2 (en) | 2011-04-27 | 2012-11-01 | Seven Networks, Inc. | Detecting and preserving state for satisfying application requests in a distributed proxy and cache system |
US8042186B1 (en) * | 2011-04-28 | 2011-10-18 | Kaspersky Lab Zao | System and method for detection of complex malware |
CN102222199B (zh) * | 2011-06-03 | 2013-05-08 | 奇智软件(北京)有限公司 | 应用程序身份识别方法及系统 |
US20140123319A1 (en) * | 2011-06-27 | 2014-05-01 | Nokia Corporation | System, Method and Apparatus For Facilitating Resource Security |
US8984581B2 (en) * | 2011-07-27 | 2015-03-17 | Seven Networks, Inc. | Monitoring mobile application activities for malicious traffic on a mobile device |
EP2610776B1 (de) * | 2011-09-16 | 2019-08-21 | Veracode, Inc. | Automatisierte verhaltens- und statische analyse unter verwendung eines instrumentierten sandkastens und maschinenlernklassifizierung für mobile sicherheit |
US9280377B2 (en) | 2013-03-29 | 2016-03-08 | Citrix Systems, Inc. | Application with multiple operation modes |
US8806570B2 (en) | 2011-10-11 | 2014-08-12 | Citrix Systems, Inc. | Policy-based application management |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US8799994B2 (en) | 2011-10-11 | 2014-08-05 | Citrix Systems, Inc. | Policy-based application management |
US8886925B2 (en) | 2011-10-11 | 2014-11-11 | Citrix Systems, Inc. | Protecting enterprise data through policy-based encryption of message attachments |
US9781151B1 (en) * | 2011-10-11 | 2017-10-03 | Symantec Corporation | Techniques for identifying malicious downloadable applications |
US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
US8699703B2 (en) | 2011-10-19 | 2014-04-15 | Apple Inc. | System and method for pseudo-random polymorphic tree construction |
KR102029465B1 (ko) * | 2011-11-17 | 2019-10-08 | 삼성에스디에스 주식회사 | 검색 또는 패턴 매칭 엔진 및 이를 구비한 단말장치와 그 방법 |
US8925049B2 (en) * | 2011-11-18 | 2014-12-30 | Lockheed Martin Corporation | Automated wireless vulnerability assessment using hand-held wireless devices |
WO2013086214A1 (en) | 2011-12-06 | 2013-06-13 | Seven Networks, Inc. | A system of redundantly clustered machines to provide failover mechanisms for mobile traffic management and network resource conservation |
US8918503B2 (en) | 2011-12-06 | 2014-12-23 | Seven Networks, Inc. | Optimization of mobile traffic directed to private networks and operator configurability thereof |
US9009250B2 (en) | 2011-12-07 | 2015-04-14 | Seven Networks, Inc. | Flexible and dynamic integration schemas of a traffic management system with various network operators for network traffic alleviation |
US9277443B2 (en) | 2011-12-07 | 2016-03-01 | Seven Networks, Llc | Radio-awareness of mobile device for sending server-side control signals using a wireless network optimized transport protocol |
US20130159511A1 (en) | 2011-12-14 | 2013-06-20 | Seven Networks, Inc. | System and method for generating a report to a network operator by distributing aggregation of data |
US9832095B2 (en) | 2011-12-14 | 2017-11-28 | Seven Networks, Llc | Operation modes for mobile traffic optimization and concurrent management of optimized and non-optimized traffic |
US8861354B2 (en) | 2011-12-14 | 2014-10-14 | Seven Networks, Inc. | Hierarchies and categories for management and deployment of policies for distributed wireless traffic optimization |
US9071636B2 (en) * | 2011-12-21 | 2015-06-30 | Verizon Patent And Licensing Inc. | Predictive scoring management system for application behavior |
US8863288B1 (en) | 2011-12-30 | 2014-10-14 | Mantech Advanced Systems International, Inc. | Detecting malicious software |
US8909202B2 (en) | 2012-01-05 | 2014-12-09 | Seven Networks, Inc. | Detection and management of user interactions with foreground applications on a mobile device in distributed caching |
CN103198256B (zh) | 2012-01-10 | 2016-05-25 | 凹凸电子(武汉)有限公司 | 用于检测应用程序状态的检测系统及方法 |
US8776223B2 (en) * | 2012-01-16 | 2014-07-08 | Qualcomm Incorporated | Dynamic execution prevention to inhibit return-oriented programming |
US8806643B2 (en) | 2012-01-25 | 2014-08-12 | Symantec Corporation | Identifying trojanized applications for mobile environments |
WO2013116856A1 (en) | 2012-02-02 | 2013-08-08 | Seven Networks, Inc. | Dynamic categorization of applications for network access in a mobile network |
WO2013116852A1 (en) | 2012-02-03 | 2013-08-08 | Seven Networks, Inc. | User as an end point for profiling and optimizing the delivery of content and data in a wireless network |
KR102132501B1 (ko) * | 2012-02-15 | 2020-07-09 | 더 트러스티이스 오브 콜롬비아 유니버시티 인 더 시티 오브 뉴욕 | 매립 디바이스에 대한 공격을 금지하기 위한 방법, 시스템 및 미디어 |
US9158893B2 (en) | 2012-02-17 | 2015-10-13 | Shape Security, Inc. | System for finding code in a data flow |
US9286063B2 (en) | 2012-02-22 | 2016-03-15 | Veracode, Inc. | Methods and systems for providing feedback and suggested programming methods |
US20130227352A1 (en) * | 2012-02-24 | 2013-08-29 | Commvault Systems, Inc. | Log monitoring |
US8978137B2 (en) | 2012-02-29 | 2015-03-10 | Cisco Technology, Inc. | Method and apparatus for retroactively detecting malicious or otherwise undesirable software |
US9558348B1 (en) * | 2012-03-01 | 2017-01-31 | Mcafee, Inc. | Ranking software applications by combining reputation and code similarity |
US9832211B2 (en) | 2012-03-19 | 2017-11-28 | Qualcomm, Incorporated | Computing device to detect malware |
CN102663286B (zh) * | 2012-03-21 | 2015-05-06 | 北京奇虎科技有限公司 | 一种病毒apk的识别方法及装置 |
US8281399B1 (en) * | 2012-03-28 | 2012-10-02 | Symantec Corporation | Systems and methods for using property tables to perform non-iterative malware scans |
US8812695B2 (en) | 2012-04-09 | 2014-08-19 | Seven Networks, Inc. | Method and system for management of a virtual network connection without heartbeat messages |
US10263899B2 (en) | 2012-04-10 | 2019-04-16 | Seven Networks, Llc | Enhanced customer service for mobile carriers using real-time and historical mobile application and traffic or optimization data associated with mobile devices in a mobile network |
US9690635B2 (en) | 2012-05-14 | 2017-06-27 | Qualcomm Incorporated | Communicating behavior information in a mobile computing device |
US9202047B2 (en) | 2012-05-14 | 2015-12-01 | Qualcomm Incorporated | System, apparatus, and method for adaptive observation of mobile device behavior |
US9298494B2 (en) | 2012-05-14 | 2016-03-29 | Qualcomm Incorporated | Collaborative learning for efficient behavioral analysis in networked mobile device |
US9324034B2 (en) | 2012-05-14 | 2016-04-26 | Qualcomm Incorporated | On-device real-time behavior analyzer |
US9609456B2 (en) | 2012-05-14 | 2017-03-28 | Qualcomm Incorporated | Methods, devices, and systems for communicating behavioral analysis information |
US9117084B2 (en) * | 2012-05-15 | 2015-08-25 | Ixia | Methods, systems, and computer readable media for measuring detection accuracy of a security device using benign traffic |
US20130332522A1 (en) * | 2012-06-08 | 2013-12-12 | Microsoft Corporation | Fast channel for system management |
US10409984B1 (en) * | 2012-06-15 | 2019-09-10 | Square, Inc. | Hierarchical data security measures for a mobile device |
US9043920B2 (en) | 2012-06-27 | 2015-05-26 | Tenable Network Security, Inc. | System and method for identifying exploitable weak points in a network |
US9088606B2 (en) | 2012-07-05 | 2015-07-21 | Tenable Network Security, Inc. | System and method for strategic anti-malware monitoring |
US9069963B2 (en) * | 2012-07-05 | 2015-06-30 | Raytheon Bbn Technologies Corp. | Statistical inspection systems and methods for components and component relationships |
WO2014011216A1 (en) | 2012-07-13 | 2014-01-16 | Seven Networks, Inc. | Dynamic bandwidth adjustment for browsing or streaming activity in a wireless network based on prediction of user behavior when interacting with mobile applications |
US8875303B2 (en) | 2012-08-02 | 2014-10-28 | Google Inc. | Detecting pirated applications |
US9319897B2 (en) | 2012-08-15 | 2016-04-19 | Qualcomm Incorporated | Secure behavior analysis over trusted execution environment |
US9495537B2 (en) | 2012-08-15 | 2016-11-15 | Qualcomm Incorporated | Adaptive observation of behavioral features on a mobile device |
US9330257B2 (en) | 2012-08-15 | 2016-05-03 | Qualcomm Incorporated | Adaptive observation of behavioral features on a mobile device |
US9747440B2 (en) | 2012-08-15 | 2017-08-29 | Qualcomm Incorporated | On-line behavioral analysis engine in mobile device with multiple analyzer model providers |
CN103634268B (zh) * | 2012-08-20 | 2016-12-21 | 中国联合网络通信集团有限公司 | 安全控制方法及装置 |
US8732834B2 (en) * | 2012-09-05 | 2014-05-20 | Symantec Corporation | Systems and methods for detecting illegitimate applications |
US9419985B1 (en) * | 2012-09-25 | 2016-08-16 | Morta Security Inc | Interrogating malware |
US11126720B2 (en) | 2012-09-26 | 2021-09-21 | Bluvector, Inc. | System and method for automated machine-learning, zero-day malware detection |
US9292688B2 (en) * | 2012-09-26 | 2016-03-22 | Northrop Grumman Systems Corporation | System and method for automated machine-learning, zero-day malware detection |
WO2014059037A2 (en) | 2012-10-09 | 2014-04-17 | Cupp Computing As | Transaction security systems and methods |
US8726343B1 (en) | 2012-10-12 | 2014-05-13 | Citrix Systems, Inc. | Managing dynamic policies and settings in an orchestration framework for connected devices |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US20140109171A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
US20140109176A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
US8910239B2 (en) | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
CN104854561B (zh) | 2012-10-16 | 2018-05-11 | 思杰系统有限公司 | 用于应用程序管理框架的应用程序封装 |
US9338657B2 (en) | 2012-10-16 | 2016-05-10 | Mcafee, Inc. | System and method for correlating security events with subscriber information in a mobile network environment |
US20170134957A1 (en) * | 2012-10-16 | 2017-05-11 | Mcafee, Inc. | System and method for correlating network information with subscriber information in a mobile network environment |
US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
US9185093B2 (en) * | 2012-10-16 | 2015-11-10 | Mcafee, Inc. | System and method for correlating network information with subscriber information in a mobile network environment |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US9015832B1 (en) * | 2012-10-19 | 2015-04-21 | Google Inc. | Application auditing through object level code inspection |
US9161258B2 (en) | 2012-10-24 | 2015-10-13 | Seven Networks, Llc | Optimized and selective management of policy deployment to mobile clients in a congested network to prevent further aggravation of network congestion |
CN103780589A (zh) * | 2012-10-24 | 2014-05-07 | 腾讯科技(深圳)有限公司 | 病毒提示方法、客户端设备和服务器 |
US9792432B2 (en) * | 2012-11-09 | 2017-10-17 | Nokia Technologies Oy | Method and apparatus for privacy-oriented code optimization |
US9043906B2 (en) * | 2012-11-28 | 2015-05-26 | William Christopher Hardy | System and method for preventing operation of undetected malware loaded onto a computing device |
US9471788B2 (en) * | 2012-12-14 | 2016-10-18 | Sap Se | Evaluation of software applications |
US9307493B2 (en) | 2012-12-20 | 2016-04-05 | Seven Networks, Llc | Systems and methods for application management of mobile device radio state promotion and demotion |
US9274816B2 (en) | 2012-12-21 | 2016-03-01 | Mcafee, Inc. | User driven emulation of applications |
TWI461952B (zh) * | 2012-12-26 | 2014-11-21 | Univ Nat Taiwan Science Tech | 惡意程式偵測方法與系統 |
CN103294953B (zh) * | 2012-12-27 | 2016-01-13 | 武汉安天信息技术有限责任公司 | 一种手机恶意代码检测方法及系统 |
US9686023B2 (en) | 2013-01-02 | 2017-06-20 | Qualcomm Incorporated | Methods and systems of dynamically generating and using device-specific and device-state-specific classifier models for the efficient classification of mobile device behaviors |
US9684870B2 (en) | 2013-01-02 | 2017-06-20 | Qualcomm Incorporated | Methods and systems of using boosted decision stumps and joint feature selection and culling algorithms for the efficient classification of mobile device behaviors |
US10089582B2 (en) | 2013-01-02 | 2018-10-02 | Qualcomm Incorporated | Using normalized confidence values for classifying mobile device behaviors |
TWI505127B (zh) * | 2013-01-14 | 2015-10-21 | Univ Nat Taiwan Science Tech | 加殼程式分類系統以及用於偵測網域名稱攻擊的電腦程式產品 |
US9183246B2 (en) * | 2013-01-15 | 2015-11-10 | Microsoft Technology Licensing, Llc | File system with per-file selectable integrity |
US9742559B2 (en) | 2013-01-22 | 2017-08-22 | Qualcomm Incorporated | Inter-module authentication for securing application execution integrity within a computing device |
US9271238B2 (en) | 2013-01-23 | 2016-02-23 | Seven Networks, Llc | Application or context aware fast dormancy |
US8874761B2 (en) | 2013-01-25 | 2014-10-28 | Seven Networks, Inc. | Signaling optimization in a wireless network for traffic utilizing proprietary and non-proprietary protocols |
US10152591B2 (en) | 2013-02-10 | 2018-12-11 | Paypal, Inc. | Protecting against malware variants using reconstructed code of malware |
US9521156B2 (en) | 2013-02-10 | 2016-12-13 | Paypal, Inc. | Method and product for providing a predictive security product and evaluating existing security products |
US9491187B2 (en) | 2013-02-15 | 2016-11-08 | Qualcomm Incorporated | APIs for obtaining device-specific behavior classifier models from the cloud |
CN104036187B (zh) * | 2013-03-04 | 2017-04-12 | 阿里巴巴集团控股有限公司 | 计算机病毒类型确定方法及其系统 |
US9239922B1 (en) * | 2013-03-11 | 2016-01-19 | Trend Micro Inc. | Document exploit detection using baseline comparison |
US9326185B2 (en) | 2013-03-11 | 2016-04-26 | Seven Networks, Llc | Mobile network congestion recognition for optimization of mobile traffic |
US20140281516A1 (en) | 2013-03-12 | 2014-09-18 | Commvault Systems, Inc. | Automatic file decryption |
US10649970B1 (en) * | 2013-03-14 | 2020-05-12 | Invincea, Inc. | Methods and apparatus for detection of functionality |
US9467464B2 (en) | 2013-03-15 | 2016-10-11 | Tenable Network Security, Inc. | System and method for correlating log data to discover network vulnerabilities and assets |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US8849978B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing an enterprise application store |
US20140297840A1 (en) | 2013-03-29 | 2014-10-02 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US8850049B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing mobile device management functionalities for a managed browser |
US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US8813179B1 (en) | 2013-03-29 | 2014-08-19 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9355223B2 (en) | 2013-03-29 | 2016-05-31 | Citrix Systems, Inc. | Providing a managed browser |
US20130254889A1 (en) * | 2013-03-29 | 2013-09-26 | Sky Socket, Llc | Server-Side Restricted Software Compliance |
US9519788B2 (en) | 2013-04-10 | 2016-12-13 | International Business Machines Corporation | Identifying security vulnerabilities related to inter-process communications |
RU2531861C1 (ru) * | 2013-04-26 | 2014-10-27 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ оценки вредоносности кода, исполняемого в адресном пространстве доверенного процесса |
EP3005584B1 (de) * | 2013-05-31 | 2019-11-20 | Intel IP Corporation | Effiziente benutzer-, dienst- oder inhaltsdarstellung zur vorrichtungskommunikation |
RU2541120C2 (ru) * | 2013-06-06 | 2015-02-10 | Закрытое акционерное общество "Лаборатория Касперского" | Система и способ обнаружения вредоносных исполняемых файлов на основании сходства ресурсов исполняемых файлов |
CA2915383C (en) | 2013-06-24 | 2023-05-02 | Cylance Inc. | Automated system for generative multimodel multiclass classification and similarity analysis using machine learning |
US20140379637A1 (en) * | 2013-06-25 | 2014-12-25 | Microsoft Corporation | Reverse replication to rollback corrupted files |
US11157976B2 (en) | 2013-07-08 | 2021-10-26 | Cupp Computing As | Systems and methods for providing digital content marketplace security |
US9075989B2 (en) | 2013-07-11 | 2015-07-07 | Symantec Corporation | Identifying misuse of legitimate objects |
US9065765B2 (en) | 2013-07-22 | 2015-06-23 | Seven Networks, Inc. | Proxy server associated with a mobile carrier for enhancing mobile traffic management in a mobile network |
US20150033339A1 (en) * | 2013-07-29 | 2015-01-29 | Crowdstrike, Inc. | Irrelevant Code Identification |
US9336389B1 (en) * | 2013-08-19 | 2016-05-10 | Amazon Technologies, Inc. | Rapid malware inspection of mobile applications |
US9589130B2 (en) * | 2013-08-20 | 2017-03-07 | White Cloud Security, L.L.C. | Application trust-listing security service |
WO2015047126A1 (en) * | 2013-09-27 | 2015-04-02 | Emc Corporation | Dynamic malicious application detection in storage systems |
US9405610B1 (en) | 2013-10-03 | 2016-08-02 | Initial State Technologies, Inc. | Apparatus and method for processing log file data |
US9405755B1 (en) | 2013-10-03 | 2016-08-02 | Initial State Technologies, Inc. | Apparatus and method for processing log file data |
US9405651B1 (en) * | 2013-10-03 | 2016-08-02 | Initial State Technologies, Inc. | Apparatus and method for processing log file data |
US9098707B2 (en) * | 2013-10-14 | 2015-08-04 | International Business Machines Corporation | Mobile device application interaction reputation risk assessment |
US10194321B2 (en) | 2013-10-24 | 2019-01-29 | The Mitre Corporation | Periodic mobile forensics |
CN104573514B (zh) * | 2013-10-29 | 2018-09-04 | 腾讯科技(深圳)有限公司 | 压缩文件的检测方法及装置 |
US9961133B2 (en) | 2013-11-04 | 2018-05-01 | The Johns Hopkins University | Method and apparatus for remote application monitoring |
US10567398B2 (en) | 2013-11-04 | 2020-02-18 | The Johns Hopkins University | Method and apparatus for remote malware monitoring |
US9503465B2 (en) * | 2013-11-14 | 2016-11-22 | At&T Intellectual Property I, L.P. | Methods and apparatus to identify malicious activity in a network |
CN103793649A (zh) * | 2013-11-22 | 2014-05-14 | 北京奇虎科技有限公司 | 通过云安全扫描文件的方法和装置 |
US9125060B2 (en) * | 2013-11-22 | 2015-09-01 | At&T Mobility Ii Llc | Methods, systems, and computer program products for intercepting, in a carrier network, data destined for a mobile device to determine patterns in the data |
CN104700031B (zh) * | 2013-12-06 | 2019-12-13 | 腾讯科技(深圳)有限公司 | 防止应用操作中远程代码被执行的方法、装置及系统 |
US9117081B2 (en) | 2013-12-20 | 2015-08-25 | Bitdefender IPR Management Ltd. | Strongly isolated malware scanning using secure virtual containers |
CN103678692B (zh) * | 2013-12-26 | 2018-04-27 | 北京奇虎科技有限公司 | 一种下载文件的安全扫描方法及装置 |
EP3087526A4 (de) * | 2013-12-27 | 2017-06-21 | McAfee, Inc. | Trennung ausführbarer dateien mit netzwerkaktivitäten |
EP3087527B1 (de) * | 2013-12-27 | 2019-08-07 | McAfee, LLC | System und verfahren zur erkennung bösartiger multimediadateien |
CN103761476B (zh) * | 2013-12-30 | 2016-11-09 | 北京奇虎科技有限公司 | 特征提取的方法及装置 |
US20160134652A1 (en) * | 2014-01-29 | 2016-05-12 | Verint Systems Ltd. | Method for recognizing disguised malicious document |
US10469510B2 (en) * | 2014-01-31 | 2019-11-05 | Juniper Networks, Inc. | Intermediate responses for non-html downloads |
US9262296B1 (en) * | 2014-01-31 | 2016-02-16 | Cylance Inc. | Static feature extraction from structured files |
US10110616B1 (en) * | 2014-02-11 | 2018-10-23 | DataVisor Inc. | Using group analysis to determine suspicious accounts or activities |
US9762614B2 (en) | 2014-02-13 | 2017-09-12 | Cupp Computing As | Systems and methods for providing network security using a secure digital device |
US9769189B2 (en) * | 2014-02-21 | 2017-09-19 | Verisign, Inc. | Systems and methods for behavior-based automated malware analysis and classification |
US9953163B2 (en) * | 2014-02-23 | 2018-04-24 | Cyphort Inc. | System and method for detection of malicious hypertext transfer protocol chains |
CN104915596B (zh) * | 2014-03-10 | 2018-01-26 | 可牛网络技术(北京)有限公司 | apk病毒特征库构建方法、装置及apk病毒检测系统 |
US9723014B2 (en) * | 2014-03-31 | 2017-08-01 | International Business Machines Corporation | Detecting malware-related activity on a computer |
US9749344B2 (en) | 2014-04-03 | 2017-08-29 | Fireeye, Inc. | System and method of cyber threat intensity determination and application to cyber threat mitigation |
US9749343B2 (en) | 2014-04-03 | 2017-08-29 | Fireeye, Inc. | System and method of cyber threat structure mapping and application to cyber threat mitigation |
US8997226B1 (en) | 2014-04-17 | 2015-03-31 | Shape Security, Inc. | Detection of client-side malware activity |
US9940459B1 (en) | 2014-05-19 | 2018-04-10 | Invincea, Inc. | Methods and devices for detection of malware |
US10180867B2 (en) * | 2014-06-11 | 2019-01-15 | Leviathan Security Group, Inc. | System and method for bruteforce intrusion detection |
US9465939B2 (en) | 2014-06-27 | 2016-10-11 | Mcafee, Inc. | Mitigation of malware |
US20170185785A1 (en) * | 2014-07-14 | 2017-06-29 | Iota Security Inc. | System, method and apparatus for detecting vulnerabilities in electronic devices |
US9659176B1 (en) * | 2014-07-17 | 2017-05-23 | Symantec Corporation | Systems and methods for generating repair scripts that facilitate remediation of malware side-effects |
US10158664B2 (en) | 2014-07-22 | 2018-12-18 | Verisign, Inc. | Malicious code detection |
US9990505B2 (en) * | 2014-08-12 | 2018-06-05 | Redwall Technologies, Llc | Temporally isolating data accessed by a computing device |
JP6380537B2 (ja) * | 2014-08-22 | 2018-08-29 | 日本電気株式会社 | 分析装置、分析方法及びコンピュータ読み取り可能な記録媒体 |
SG11201701570RA (en) | 2014-09-02 | 2017-03-30 | Nasdaq Inc | Data packet processing methods, systems, and apparatus |
CN104239793B (zh) * | 2014-09-10 | 2017-05-31 | 珠海市君天电子科技有限公司 | 病毒检测方法和装置 |
US9965627B2 (en) * | 2014-09-14 | 2018-05-08 | Sophos Limited | Labeling objects on an endpoint for encryption management |
US9405928B2 (en) * | 2014-09-17 | 2016-08-02 | Commvault Systems, Inc. | Deriving encryption rules based on file content |
US10091174B2 (en) | 2014-09-29 | 2018-10-02 | Dropbox, Inc. | Identifying related user accounts based on authentication data |
US10783254B2 (en) * | 2014-10-02 | 2020-09-22 | Massachusetts Institute Of Technology | Systems and methods for risk rating framework for mobile applications |
KR101624264B1 (ko) | 2014-11-17 | 2016-05-25 | 주식회사 안랩 | 공유 라이브러리 파일의 악성 진단 장치 및 방법 |
US9832216B2 (en) | 2014-11-21 | 2017-11-28 | Bluvector, Inc. | System and method for network data characterization |
US9268561B1 (en) * | 2014-12-10 | 2016-02-23 | Sap Se | Federated services to dynamically switch features in applications |
US9727728B2 (en) * | 2014-12-12 | 2017-08-08 | International Business Machines Corporation | Normalizing and detecting inserted malicious code |
CN105787352A (zh) * | 2014-12-18 | 2016-07-20 | 中兴通讯股份有限公司 | 一种可执行模块的提供、加载方法及终端 |
US9665716B2 (en) * | 2014-12-23 | 2017-05-30 | Mcafee, Inc. | Discovery of malicious strings |
US9787638B1 (en) * | 2014-12-30 | 2017-10-10 | Juniper Networks, Inc. | Filtering data using malicious reference information |
CA2973367A1 (en) | 2015-01-07 | 2016-07-14 | Countertack Inc. | System and method for monitoring a computer system using machine interpretable code |
US10044750B2 (en) * | 2015-01-16 | 2018-08-07 | Microsoft Technology Licensing, Llc | Code labeling based on tokenized code samples |
US9715589B2 (en) | 2015-01-23 | 2017-07-25 | Red Hat, Inc. | Operating system consistency and malware protection |
CN104598824B (zh) * | 2015-01-28 | 2016-04-06 | 国家计算机网络与信息安全管理中心 | 一种恶意程序检测方法及其装置 |
WO2016125837A1 (ja) * | 2015-02-04 | 2016-08-11 | 日本電信電話株式会社 | 悪性通信パターン抽出装置、悪性通信パターン抽出システム、悪性通信パターン抽出方法、および、悪性通信パターン抽出プログラム |
CN104657657B (zh) * | 2015-02-12 | 2018-08-07 | 北京盛世光明软件股份有限公司 | 一种识别软件种类的方法及系统 |
US9787719B2 (en) | 2015-02-26 | 2017-10-10 | Symantec Corporation | Trusted third party broker for collection and private sharing of successful computer security practices |
US9794290B2 (en) | 2015-02-26 | 2017-10-17 | Symantec Corporation | Quantitative security improvement system based on crowdsourcing |
US9672357B2 (en) * | 2015-02-26 | 2017-06-06 | Mcafee, Inc. | System and method to mitigate malware |
US9779239B2 (en) | 2015-03-15 | 2017-10-03 | Fujitsu Limited | Detection of malicious software behavior using signature-based static analysis |
US10708296B2 (en) | 2015-03-16 | 2020-07-07 | Threattrack Security, Inc. | Malware detection based on training using automatic feature pruning with anomaly detection of execution graphs |
US9749353B1 (en) | 2015-03-16 | 2017-08-29 | Wells Fargo Bank, N.A. | Predictive modeling for anti-malware solutions |
US9794265B1 (en) | 2015-03-16 | 2017-10-17 | Wells Fargo Bank, N.A. | Authentication and authorization without the use of supplicants |
US10007784B2 (en) * | 2015-03-27 | 2018-06-26 | Intel Corporation | Technologies for control flow exploit mitigation using processor trace |
WO2016168733A1 (en) * | 2015-04-17 | 2016-10-20 | Symantec Corporation | Quantitative security improvement system based on crowdsourcing |
CN106156619B (zh) * | 2015-04-23 | 2020-04-03 | 腾讯科技(深圳)有限公司 | 应用安全防护方法及装置 |
US9892261B2 (en) | 2015-04-28 | 2018-02-13 | Fireeye, Inc. | Computer imposed countermeasures driven by malware lineage |
CN106203102B (zh) * | 2015-05-06 | 2019-10-11 | 北京金山安全管理系统技术有限公司 | 一种全网终端的病毒查杀方法及装置 |
US10733594B1 (en) * | 2015-05-11 | 2020-08-04 | Square, Inc. | Data security measures for mobile devices |
US10599844B2 (en) * | 2015-05-12 | 2020-03-24 | Webroot, Inc. | Automatic threat detection of executable files based on static data analysis |
WO2016190841A1 (en) * | 2015-05-22 | 2016-12-01 | Hewlett Packard Enterprise Development Lp | Marginal distribution in a graphical model |
US10305928B2 (en) | 2015-05-26 | 2019-05-28 | Cisco Technology, Inc. | Detection of malware and malicious applications |
CN105095755A (zh) * | 2015-06-15 | 2015-11-25 | 安一恒通(北京)科技有限公司 | 文件识别方法和装置 |
US10169584B1 (en) | 2015-06-25 | 2019-01-01 | Symantec Corporation | Systems and methods for identifying non-malicious files on computing devices within organizations |
US10055586B1 (en) | 2015-06-29 | 2018-08-21 | Symantec Corporation | Systems and methods for determining the trustworthiness of files within organizations |
US9690938B1 (en) | 2015-08-05 | 2017-06-27 | Invincea, Inc. | Methods and apparatus for machine learning based malware detection |
US10169347B2 (en) * | 2015-09-08 | 2019-01-01 | International Business Machines Corporation | Layer identification and dependency analysis for management of images |
US10326789B1 (en) * | 2015-09-25 | 2019-06-18 | Amazon Technologies, Inc. | Web Bot detection and human differentiation |
US10296742B2 (en) * | 2015-10-31 | 2019-05-21 | Mcafee, Llc | Decision forest compilation |
US9838405B1 (en) * | 2015-11-20 | 2017-12-05 | Symantec Corporation | Systems and methods for determining types of malware infections on computing devices |
DE102015014964A1 (de) * | 2015-11-20 | 2017-05-24 | Voxeljet Ag | Verfahren und Vorrichtung für 3D-Druck mit engem Wellenlängenspektrum |
US9836605B2 (en) | 2015-12-08 | 2017-12-05 | Bank Of America Corporation | System for detecting unauthorized code in a software application |
US11386067B2 (en) * | 2015-12-15 | 2022-07-12 | Red Hat, Inc. | Data integrity checking in a distributed filesystem using object versioning |
US9912700B2 (en) | 2016-01-04 | 2018-03-06 | Bank Of America Corporation | System for escalating security protocol requirements |
US9749308B2 (en) | 2016-01-04 | 2017-08-29 | Bank Of America Corporation | System for assessing network authentication requirements based on situational instance |
US10002248B2 (en) | 2016-01-04 | 2018-06-19 | Bank Of America Corporation | Mobile device data security system |
US9723485B2 (en) | 2016-01-04 | 2017-08-01 | Bank Of America Corporation | System for authorizing access based on authentication via separate channel |
US10003686B2 (en) | 2016-01-04 | 2018-06-19 | Bank Of America Corporation | System for remotely controlling access to a mobile device |
KR102582580B1 (ko) * | 2016-01-19 | 2023-09-26 | 삼성전자주식회사 | 악성 코드 분석을 위한 전자 장치 및 이의 방법 |
WO2017126786A1 (ko) * | 2016-01-19 | 2017-07-27 | 삼성전자 주식회사 | 악성 코드 분석을 위한 전자 장치 및 이의 방법 |
MX2018009079A (es) * | 2016-01-24 | 2022-12-15 | Syed Kamran Hasan | Seguridad informatica basada en inteligencia artificial. |
RU2617924C1 (ru) * | 2016-02-18 | 2017-04-28 | Акционерное общество "Лаборатория Касперского" | Способ обнаружения вредоносного приложения на устройстве пользователя |
US10528734B2 (en) * | 2016-03-25 | 2020-01-07 | The Mitre Corporation | System and method for vetting mobile phone software applications |
US10003606B2 (en) | 2016-03-30 | 2018-06-19 | Symantec Corporation | Systems and methods for detecting security threats |
US9916446B2 (en) | 2016-04-14 | 2018-03-13 | Airwatch Llc | Anonymized application scanning for mobile devices |
US9917862B2 (en) | 2016-04-14 | 2018-03-13 | Airwatch Llc | Integrated application scanning and mobile enterprise computing management system |
CN108698318B (zh) * | 2016-04-20 | 2021-02-02 | 惠普发展公司,有限责任合伙企业 | 使用环氧模塑化合物的三维(3d)打印 |
US10891379B2 (en) * | 2016-04-26 | 2021-01-12 | Nec Corporation | Program analysis system, program analysis method and storage medium |
CN106682507B (zh) * | 2016-05-19 | 2019-05-14 | 腾讯科技(深圳)有限公司 | 病毒库的获取方法及装置、设备、服务器、系统 |
US10169595B2 (en) * | 2016-05-20 | 2019-01-01 | International Business Machines Corporation | Detecting malicious data access in a distributed environment |
RU2628923C1 (ru) * | 2016-05-20 | 2017-08-22 | Акционерное общество "Лаборатория Касперского" | Система и способ распределения файлов между виртуальными машинами, входящими в распределённую систему виртуальных машин, для выполнения антивирусной проверки |
US10505960B2 (en) | 2016-06-06 | 2019-12-10 | Samsung Electronics Co., Ltd. | Malware detection by exploiting malware re-composition variations using feature evolutions and confusions |
DE102016210351A1 (de) * | 2016-06-10 | 2017-12-14 | Continental Teves Ag & Co. Ohg | Verfahren zum Koppeln eines Mobilfunkendgeräts und zum Überwachen einer Kopplung |
US10318735B2 (en) | 2016-06-22 | 2019-06-11 | Invincea, Inc. | Methods and apparatus for detecting whether a string of characters represents malicious activity using machine learning |
US10373167B2 (en) | 2016-06-30 | 2019-08-06 | Square, Inc. | Logical validation of devices against fraud |
US10546302B2 (en) | 2016-06-30 | 2020-01-28 | Square, Inc. | Logical validation of devices against fraud and tampering |
US10404734B2 (en) | 2016-07-07 | 2019-09-03 | International Business Machines Corporation | Root cause analysis in dynamic software testing via probabilistic modeling |
US10938844B2 (en) * | 2016-07-22 | 2021-03-02 | At&T Intellectual Property I, L.P. | Providing security through characterizing mobile traffic by domain names |
CN109074458B (zh) * | 2016-07-28 | 2022-04-15 | 惠普发展公司,有限责任合伙企业 | 用于传送代码包变体的系统和方法 |
GB2555192B (en) | 2016-08-02 | 2021-11-24 | Invincea Inc | Methods and apparatus for detecting and identifying malware by mapping feature data into a semantic space |
US10372909B2 (en) * | 2016-08-19 | 2019-08-06 | Hewlett Packard Enterprise Development Lp | Determining whether process is infected with malware |
US10498761B2 (en) | 2016-08-23 | 2019-12-03 | Duo Security, Inc. | Method for identifying phishing websites and hindering associated activity |
US10503901B2 (en) | 2016-09-01 | 2019-12-10 | Cylance Inc. | Training a machine learning model for container file analysis |
US10637874B2 (en) | 2016-09-01 | 2020-04-28 | Cylance Inc. | Container file analysis using machine learning model |
US10091231B1 (en) | 2016-09-15 | 2018-10-02 | Symantec Corporation | Systems and methods for detecting security blind spots |
CN106485139B (zh) * | 2016-09-29 | 2019-06-04 | 商客通尚景科技(上海)股份有限公司 | 一种应用程序的安全验证方法 |
US10268734B2 (en) * | 2016-09-30 | 2019-04-23 | International Business Machines Corporation | Providing search results based on natural language classification confidence information |
US10542017B1 (en) | 2016-10-13 | 2020-01-21 | Symantec Corporation | Systems and methods for personalizing security incident reports |
CN107977305B (zh) * | 2016-10-24 | 2019-05-03 | 百度在线网络技术(北京)有限公司 | 用于检测应用的方法和装置 |
CN106503558B (zh) * | 2016-11-18 | 2019-02-19 | 四川大学 | 一种基于社团结构分析的Android恶意代码检测方法 |
US10489589B2 (en) * | 2016-11-21 | 2019-11-26 | Cylance Inc. | Anomaly based malware detection |
US10735462B2 (en) * | 2016-12-01 | 2020-08-04 | Kaminario Technologies Ltd. | Computer malware detection |
US10268825B2 (en) * | 2016-12-01 | 2019-04-23 | International Business Machines Corporation | Amalgamating code vulnerabilities across projects |
TWI622894B (zh) * | 2016-12-13 | 2018-05-01 | 宏碁股份有限公司 | 電子裝置及偵測惡意檔案的方法 |
US20190391806A1 (en) * | 2016-12-19 | 2019-12-26 | Nippon Telegraph And Telephone Corporation | Determination apparatus, determination method, and determination program |
US10621349B2 (en) * | 2017-01-24 | 2020-04-14 | Cylance Inc. | Detection of malware using feature hashing |
US10783246B2 (en) | 2017-01-31 | 2020-09-22 | Hewlett Packard Enterprise Development Lp | Comparing structural information of a snapshot of system memory |
US10496993B1 (en) | 2017-02-15 | 2019-12-03 | Square, Inc. | DNS-based device geolocation |
US10554684B2 (en) * | 2017-03-29 | 2020-02-04 | Juniper Networks, Inc. | Content-based optimization and pre-fetching mechanism for security analysis on a network device |
CN107145780B (zh) * | 2017-03-31 | 2021-07-27 | 腾讯科技(深圳)有限公司 | 恶意软件检测方法及装置 |
US11232364B2 (en) | 2017-04-03 | 2022-01-25 | DataVisor, Inc. | Automated rule recommendation engine |
WO2018187541A1 (en) * | 2017-04-06 | 2018-10-11 | Walmart Apollo, Llc | Infected file detection and quarantine system |
US10104101B1 (en) * | 2017-04-28 | 2018-10-16 | Qualys, Inc. | Method and apparatus for intelligent aggregation of threat behavior for the detection of malware |
US11424993B1 (en) | 2017-05-30 | 2022-08-23 | Amazon Technologies, Inc. | Artificial intelligence system for network traffic flow based detection of service usage policy violations |
US10552308B1 (en) | 2017-06-23 | 2020-02-04 | Square, Inc. | Analyzing attributes of memory mappings to identify processes running on a device |
US10726128B2 (en) * | 2017-07-24 | 2020-07-28 | Crowdstrike, Inc. | Malware detection using local computational models |
US10554678B2 (en) | 2017-07-26 | 2020-02-04 | Cisco Technology, Inc. | Malicious content detection with retrospective reporting |
CN107493325B (zh) * | 2017-08-02 | 2020-12-15 | 深圳市易材科技有限公司 | 一种实时通信服务动态分布式部署的方法 |
US10498749B2 (en) * | 2017-09-11 | 2019-12-03 | GM Global Technology Operations LLC | Systems and methods for in-vehicle network intrusion detection |
US10686815B2 (en) | 2017-09-11 | 2020-06-16 | GM Global Technology Operations LLC | Systems and methods for in-vehicle network intrusion detection |
US10885213B2 (en) | 2017-09-12 | 2021-01-05 | Sophos Limited | Secure firewall configurations |
US10635813B2 (en) | 2017-10-06 | 2020-04-28 | Sophos Limited | Methods and apparatus for using machine learning on multiple file fragments to identify malware |
CN107900334B (zh) * | 2017-11-17 | 2020-02-21 | 北京科技大学 | 一种基于阵列式布粉的激光高通量制备方法 |
US10715536B2 (en) | 2017-12-29 | 2020-07-14 | Square, Inc. | Logical validation of devices against fraud and tampering |
US11003774B2 (en) | 2018-01-26 | 2021-05-11 | Sophos Limited | Methods and apparatus for detection of malicious documents using machine learning |
US11941491B2 (en) | 2018-01-31 | 2024-03-26 | Sophos Limited | Methods and apparatus for identifying an impact of a portion of a file on machine learning classification of malicious content |
US11609984B2 (en) * | 2018-02-14 | 2023-03-21 | Digital Guardian Llc | Systems and methods for determining a likelihood of an existence of malware on an executable |
US11270205B2 (en) | 2018-02-28 | 2022-03-08 | Sophos Limited | Methods and apparatus for identifying the shared importance of multiple nodes within a machine learning model for multiple tasks |
US11023327B2 (en) * | 2018-03-20 | 2021-06-01 | Western Digital Technologies, Inc. | Encryption detection and backup management |
US11943248B1 (en) | 2018-04-06 | 2024-03-26 | Keysight Technologies, Inc. | Methods, systems, and computer readable media for network security testing using at least one emulated server |
CN108712433A (zh) * | 2018-05-25 | 2018-10-26 | 南京森林警察学院 | 一种网络安全检测方法和系统 |
US10671370B2 (en) * | 2018-05-30 | 2020-06-02 | Red Hat, Inc. | Distributing file system states |
US10984101B2 (en) * | 2018-06-18 | 2021-04-20 | Deep Instinct | Methods and systems for malware detection and categorization |
US10708163B1 (en) | 2018-07-13 | 2020-07-07 | Keysight Technologies, Inc. | Methods, systems, and computer readable media for automatic configuration and control of remote inline network monitoring probe |
US11120131B2 (en) * | 2018-07-30 | 2021-09-14 | Rubrik, Inc. | Ransomware infection detection in filesystems |
US11030314B2 (en) * | 2018-07-31 | 2021-06-08 | EMC IP Holding Company LLC | Storage system with snapshot-based detection and remediation of ransomware attacks |
US10901979B2 (en) * | 2018-08-29 | 2021-01-26 | International Business Machines Corporation | Generating responses to queries based on selected value assignments |
US11507958B1 (en) | 2018-09-26 | 2022-11-22 | Block, Inc. | Trust-based security for transaction payments |
US11494762B1 (en) | 2018-09-26 | 2022-11-08 | Block, Inc. | Device driver for contactless payments |
US11947668B2 (en) | 2018-10-12 | 2024-04-02 | Sophos Limited | Methods and apparatus for preserving information between layers within a neural network |
US20200118162A1 (en) * | 2018-10-15 | 2020-04-16 | Affle (India) Limited | Method and system for application installation and detection of fraud in advertisement |
CN109359439B (zh) * | 2018-10-26 | 2019-12-13 | 北京天融信网络安全技术有限公司 | 软件检测方法、装置、设备及存储介质 |
US11574052B2 (en) | 2019-01-31 | 2023-02-07 | Sophos Limited | Methods and apparatus for using machine learning to detect potentially malicious obfuscated scripts |
RU2726878C1 (ru) * | 2019-04-15 | 2020-07-16 | Акционерное общество "Лаборатория Касперского" | Способ ускорения полной антивирусной проверки файлов на мобильном устройстве |
RU2726877C1 (ru) * | 2019-04-15 | 2020-07-16 | Акционерное общество "Лаборатория Касперского" | Способ выборочного повторного антивирусного сканирования файлов на мобильном устройстве |
US11100064B2 (en) | 2019-04-30 | 2021-08-24 | Commvault Systems, Inc. | Automated log-based remediation of an information management system |
US11182481B1 (en) * | 2019-07-31 | 2021-11-23 | Trend Micro Incorporated | Evaluation of files for cyber threats using a machine learning model |
CN110515652B (zh) * | 2019-08-30 | 2021-10-15 | 腾讯科技(深圳)有限公司 | 代码摘要的生成方法、装置和存储介质 |
US11216558B2 (en) * | 2019-09-24 | 2022-01-04 | Quick Heal Technologies Limited | Detecting malwares in data streams |
RU2739830C1 (ru) * | 2019-09-30 | 2020-12-28 | Акционерное общество "Лаборатория Касперского" | Система и способ выбора средства обнаружения вредоносных файлов |
US10824722B1 (en) * | 2019-10-04 | 2020-11-03 | Intezer Labs, Ltd. | Methods and systems for genetic malware analysis and classification using code reuse patterns |
US11093612B2 (en) * | 2019-10-17 | 2021-08-17 | International Business Machines Corporation | Maintaining system security |
US11831670B1 (en) | 2019-11-18 | 2023-11-28 | Tanium Inc. | System and method for prioritizing distributed system risk remediations |
US11363059B2 (en) * | 2019-12-13 | 2022-06-14 | Microsoft Technology Licensing, Llc | Detection of brute force attacks |
RU2722692C1 (ru) * | 2020-02-21 | 2020-06-03 | Общество с ограниченной ответственностью «Группа АйБи ТДС» | Способ и система выявления вредоносных файлов в неизолированной среде |
CN111368298B (zh) * | 2020-02-27 | 2023-07-21 | 腾讯科技(深圳)有限公司 | 一种病毒文件识别方法、装置、设备及存储介质 |
US11368361B2 (en) * | 2020-06-05 | 2022-06-21 | Microsoft Technology Licensing, Llc | Tamper-resistant service management for enterprise systems |
US11563764B1 (en) | 2020-08-24 | 2023-01-24 | Tanium Inc. | Risk scoring based on compliance verification test results in a local network |
US11775639B2 (en) * | 2020-10-23 | 2023-10-03 | Sophos Limited | File integrity monitoring |
CA3202464A1 (en) * | 2020-12-30 | 2022-07-07 | Virsec Systems, Inc. | Zero dwell time process library and script monitoring |
RU2758997C1 (ru) * | 2021-03-25 | 2021-11-08 | Общество с ограниченной ответственностью "Траст" | Способ защиты информационно-вычислительной сети от вторжений |
US12010129B2 (en) | 2021-04-23 | 2024-06-11 | Sophos Limited | Methods and apparatus for using machine learning to classify malicious infrastructure |
US11436330B1 (en) * | 2021-07-14 | 2022-09-06 | Soos Llc | System for automated malicious software detection |
Citations (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020042886A1 (en) * | 2000-08-31 | 2002-04-11 | Pasi Lahti | Software virus protection |
US20030065793A1 (en) * | 2001-09-28 | 2003-04-03 | Victor Kouznetsov | Anti-virus policy enforcement system and method |
US6553378B1 (en) * | 2000-03-31 | 2003-04-22 | Network Associates, Inc. | System and process for reporting network events with a plurality of hierarchically-structured databases in a distributed computing environment |
US20030115483A1 (en) * | 2001-12-04 | 2003-06-19 | Trend Micro Incorporated | Virus epidemic damage control system and method for network environment |
US20030120951A1 (en) * | 2001-12-21 | 2003-06-26 | Gartside Paul Nicholas | Generating malware definition data for mobile computing devices |
US20030229801A1 (en) * | 2001-08-01 | 2003-12-11 | Networks Associates Technology, Inc. | Wireless malware scanning back-end system and method |
US20030233574A1 (en) * | 2001-08-01 | 2003-12-18 | Networks Associates Technology, Inc. | System, method and computer program product for equipping wireless devices with malware scanning capabilities |
US20040123117A1 (en) * | 2002-12-18 | 2004-06-24 | Symantec Corporation | Validation for behavior-blocking system |
US20040209609A1 (en) * | 2003-04-17 | 2004-10-21 | Ntt Docomo, Inc. | Platform-independent scanning subsystem API for use in a mobile communication framework |
US20040250115A1 (en) * | 2003-04-21 | 2004-12-09 | Trend Micro Incorporated. | Self-contained mechanism for deploying and controlling data security services via a web browser platform |
US7007302B1 (en) * | 2001-08-31 | 2006-02-28 | Mcafee, Inc. | Efficient management and blocking of malicious code and hacking attempts in a network environment |
US20060191011A1 (en) * | 2005-02-24 | 2006-08-24 | Samsung Electronics Co., Ltd. | Method for curing a virus on a mobile communication network |
US20060200863A1 (en) * | 2005-03-01 | 2006-09-07 | Microsoft Corporation | On-access scan of memory for malware |
US20060277408A1 (en) * | 2005-06-03 | 2006-12-07 | Bhat Sathyanarayana P | System and method for monitoring and maintaining a wireless device |
US20070028296A1 (en) * | 2005-07-29 | 2007-02-01 | Advanced Micro Devices, Inc. | Secure patch installation for WWAN systems |
US20070030539A1 (en) * | 2005-07-28 | 2007-02-08 | Mformation Technologies, Inc. | System and method for automatically altering device functionality |
US7210168B2 (en) * | 2001-10-15 | 2007-04-24 | Mcafee, Inc. | Updating malware definition data for mobile data processing devices |
US7228565B2 (en) * | 2001-05-15 | 2007-06-05 | Mcafee, Inc. | Event reporting between a reporting computer and a receiving computer |
US7231440B1 (en) * | 2000-12-18 | 2007-06-12 | Mcafee, Inc. | System and method for distributing portable computer virus definition records with binary file conversion |
US7231637B1 (en) * | 2001-07-26 | 2007-06-12 | Mcafee, Inc. | Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server |
US7243373B2 (en) * | 2001-07-25 | 2007-07-10 | Mcafee, Inc. | On-access malware scanning |
US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
Family Cites Families (94)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US2463467A (en) * | 1945-09-08 | 1949-03-01 | Socony Vacuum Oil Co Inc | Preparation of spheroidal aerogel pellets |
US3296105A (en) | 1964-04-03 | 1967-01-03 | Du Pont | Zinc cyanide electroplating bath and process |
DE1570586A1 (de) | 1965-07-03 | 1970-02-05 | Bayer Ag | Verfahren zur Herstellung von festen Poly-2-vinylpyridin-N-oxyd |
JP2501771B2 (ja) * | 1993-01-19 | 1996-05-29 | インターナショナル・ビジネス・マシーンズ・コーポレイション | 不所望のソフトウェア・エンティティの複数の有効なシグネチャを得る方法及び装置 |
US5371160A (en) | 1993-04-06 | 1994-12-06 | Reilly Industries, Inc. | Linear polyvinylpyridine polymers and processes |
GB2283341A (en) | 1993-10-29 | 1995-05-03 | Sophos Plc | Central virus checker for computer network. |
US5675711A (en) * | 1994-05-13 | 1997-10-07 | International Business Machines Corporation | Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses |
US5919257A (en) | 1997-08-08 | 1999-07-06 | Novell, Inc. | Networked workstation intrusion detection system |
US6357008B1 (en) * | 1997-09-23 | 2002-03-12 | Symantec Corporation | Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases |
US6577920B1 (en) | 1998-10-02 | 2003-06-10 | Data Fellows Oyj | Computer virus screening |
US7076650B1 (en) * | 1999-12-24 | 2006-07-11 | Mcafee, Inc. | System and method for selective communication scanning at a firewall and a network node |
US6892303B2 (en) * | 2000-01-06 | 2005-05-10 | International Business Machines Corporation | Method and system for caching virus-free file certificates |
US6785818B1 (en) * | 2000-01-14 | 2004-08-31 | Symantec Corporation | Thwarting malicious registry mapping modifications and map-loaded module masquerade attacks |
WO2001058967A1 (en) | 2000-02-09 | 2001-08-16 | Reilly Industries, Inc. | Polymer compositions useful as dye complexing agents, and processes for preparing same |
US6971019B1 (en) * | 2000-03-14 | 2005-11-29 | Symantec Corporation | Histogram-based virus detection |
US20040034794A1 (en) | 2000-05-28 | 2004-02-19 | Yaron Mayer | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
US20030159070A1 (en) * | 2001-05-28 | 2003-08-21 | Yaron Mayer | System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages |
US6973578B1 (en) * | 2000-05-31 | 2005-12-06 | Networks Associates Technology, Inc. | System, method and computer program product for process-based selection of virus detection actions |
US20040064737A1 (en) * | 2000-06-19 | 2004-04-01 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses |
US20040073617A1 (en) * | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
US7069589B2 (en) * | 2000-07-14 | 2006-06-27 | Computer Associates Think, Inc.. | Detection of a class of viral code |
US20070192863A1 (en) | 2005-07-01 | 2007-08-16 | Harsh Kapoor | Systems and methods for processing data flows |
US7086090B1 (en) * | 2000-10-20 | 2006-08-01 | International Business Machines Corporation | Method and system for protecting pervasive devices and servers from exchanging viruses |
US20020049862A1 (en) * | 2000-10-23 | 2002-04-25 | Gladney Glenn A. | Method and apparatus for providing optical internetworking to wide area networks, metropolitan area networks, and local area networks using modular components |
US6934857B1 (en) * | 2000-11-27 | 2005-08-23 | Networks Associates Technology, Inc. | Security system and method for handheld computers |
US6678635B2 (en) | 2001-01-23 | 2004-01-13 | Intel Corporation | Method and system for detecting semantic events |
US7089592B2 (en) * | 2001-03-15 | 2006-08-08 | Brighterion, Inc. | Systems and methods for dynamic detection and prevention of electronic fraud |
WO2002101516A2 (en) | 2001-06-13 | 2002-12-19 | Intruvert Networks, Inc. | Method and apparatus for distributed network security |
US7069594B1 (en) * | 2001-06-15 | 2006-06-27 | Mcafee, Inc. | File system level integrity verification and validation |
US7146642B1 (en) | 2001-06-29 | 2006-12-05 | Mcafee, Inc. | System, method and computer program product for detecting modifications to risk assessment scanning caused by an intermediate device |
US7421587B2 (en) * | 2001-07-26 | 2008-09-02 | Mcafee, Inc. | Detecting computer programs within packed computer files |
US7000250B1 (en) * | 2001-07-26 | 2006-02-14 | Mcafee, Inc. | Virtual opened share mode system with virus protection |
US7487544B2 (en) * | 2001-07-30 | 2009-02-03 | The Trustees Of Columbia University In The City Of New York | System and methods for detection of new malicious executables |
US7107617B2 (en) * | 2001-10-15 | 2006-09-12 | Mcafee, Inc. | Malware scanning of compressed computer files |
US7080408B1 (en) * | 2001-11-30 | 2006-07-18 | Mcafee, Inc. | Delayed-delivery quarantining of network communications having suspicious contents |
US7150042B2 (en) * | 2001-12-06 | 2006-12-12 | Mcafee, Inc. | Techniques for performing malware scanning of files stored within a file storage device of a computer network |
US7065790B1 (en) * | 2001-12-21 | 2006-06-20 | Mcafee, Inc. | Method and system for providing computer malware names from multiple anti-virus scanners |
TWI286701B (en) * | 2002-01-09 | 2007-09-11 | Via Tech Inc | Process for avoiding system infection of software viruses |
US7225343B1 (en) * | 2002-01-25 | 2007-05-29 | The Trustees Of Columbia University In The City Of New York | System and methods for adaptive model generation for detecting intrusions in computer systems |
US8090816B1 (en) | 2002-02-07 | 2012-01-03 | Mcafee, Inc. | System and method for real-time triggered event upload |
US7171689B2 (en) | 2002-02-25 | 2007-01-30 | Symantec Corporation | System and method for tracking and filtering alerts in an enterprise and generating alert indications for analysis |
US20030172291A1 (en) * | 2002-03-08 | 2003-09-11 | Paul Judge | Systems and methods for automated whitelisting in monitored communications |
US7155742B1 (en) * | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
US7409717B1 (en) * | 2002-05-23 | 2008-08-05 | Symantec Corporation | Metamorphic computer virus detection |
GB0214943D0 (en) * | 2002-06-28 | 2002-08-07 | Bitarts Ltd | Computer program protection |
US6678828B1 (en) * | 2002-07-22 | 2004-01-13 | Vormetric, Inc. | Secure network file access control system |
JP4660056B2 (ja) * | 2002-08-05 | 2011-03-30 | 株式会社セキュアウェア | データ処理装置 |
FI113499B (fi) * | 2002-09-12 | 2004-04-30 | Jarmo Talvitie | Turvajärjestelmä, menetelmä ja laite tietokonevirusten torjumiseksi sekä tiedon eristämiseksi |
US7243348B2 (en) * | 2002-09-19 | 2007-07-10 | Tripwire, Inc. | Computing apparatus with automatic integrity reference generation and maintenance |
US7469419B2 (en) | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
JP2004172871A (ja) * | 2002-11-19 | 2004-06-17 | Fujitsu Ltd | ウィルス拡散を防止する集線装置およびそのためのプログラム |
US7150044B2 (en) * | 2003-03-10 | 2006-12-12 | Mci, Llc | Secure self-organizing and self-provisioning anomalous event detection systems |
US7203959B2 (en) * | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
US6987963B2 (en) | 2003-04-17 | 2006-01-17 | Ntt Docomo, Inc. | System, method and computer program product for content/context sensitive scanning utilizing a mobile communication device |
US20040260775A1 (en) * | 2003-06-20 | 2004-12-23 | Xerox Corporation | System and method for sending messages |
US7392542B2 (en) * | 2003-08-29 | 2008-06-24 | Seagate Technology Llc | Restoration of data corrupted by viruses using pre-infected copy of data |
US6973305B2 (en) * | 2003-09-10 | 2005-12-06 | Qualcomm Inc | Methods and apparatus for determining device integrity |
US20050060535A1 (en) * | 2003-09-17 | 2005-03-17 | Bartas John Alexander | Methods and apparatus for monitoring local network traffic on local network segments and resolving detected security and network management problems occurring on those segments |
US20050065851A1 (en) * | 2003-09-22 | 2005-03-24 | Aronoff Jeffrey M. | System, method and computer program product for supplying to and collecting information from individuals |
US20050081053A1 (en) * | 2003-10-10 | 2005-04-14 | International Business Machines Corlporation | Systems and methods for efficient computer virus detection |
US20050108557A1 (en) * | 2003-10-11 | 2005-05-19 | Kayo David G. | Systems and methods for detecting and preventing unauthorized access to networked devices |
US20040172551A1 (en) * | 2003-12-09 | 2004-09-02 | Michael Connor | First response computer virus blocking. |
US7398399B2 (en) | 2003-12-12 | 2008-07-08 | International Business Machines Corporation | Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network |
US7669059B2 (en) * | 2004-03-23 | 2010-02-23 | Network Equipment Technologies, Inc. | Method and apparatus for detection of hostile software |
US20050216762A1 (en) * | 2004-03-25 | 2005-09-29 | Cyrus Peikari | Protecting embedded devices with integrated reset detection |
US7966658B2 (en) * | 2004-04-08 | 2011-06-21 | The Regents Of The University Of California | Detecting public network attacks using signatures and fast content analysis |
EP1742151A4 (de) * | 2004-04-26 | 2010-11-10 | Inc Nat University Iwate Unive | Extraktionseinrichtung für computervirus-eindeutige informationen, extraktionsverfahren für computervirus-eindeutige informationen und extraktionsprogramm für computervirus-eindeutige informationen |
US7490354B2 (en) * | 2004-06-10 | 2009-02-10 | International Business Machines Corporation | Virus detection in a network |
US20060026687A1 (en) * | 2004-07-31 | 2006-02-02 | Cyrus Peikari | Protecting embedded devices with integrated permission control |
JP4643204B2 (ja) | 2004-08-25 | 2011-03-02 | 株式会社エヌ・ティ・ティ・ドコモ | サーバ装置 |
US7509680B1 (en) * | 2004-09-01 | 2009-03-24 | Symantec Corporation | Detecting computer worms as they arrive at local computers through open network shares |
WO2006031496A2 (en) * | 2004-09-10 | 2006-03-23 | The Regents Of The University Of California | Method and apparatus for deep packet inspection |
US7685640B2 (en) * | 2004-09-21 | 2010-03-23 | Agere Systems Inc. | Methods and apparatus for interface adapter integrated virus protection |
US7480683B2 (en) * | 2004-10-01 | 2009-01-20 | Webroot Software, Inc. | System and method for heuristic analysis to identify pestware |
US7870202B2 (en) * | 2004-12-03 | 2011-01-11 | Clairmail Inc. | Apparatus for executing an application function using a smart card and methods therefor |
US20060130144A1 (en) * | 2004-12-14 | 2006-06-15 | Delta Insights, Llc | Protecting computing systems from unauthorized programs |
US7673341B2 (en) * | 2004-12-15 | 2010-03-02 | Microsoft Corporation | System and method of efficiently identifying and removing active malware from a computer |
US7546471B2 (en) * | 2005-01-14 | 2009-06-09 | Microsoft Corporation | Method and system for virus detection using pattern matching techniques |
US7735138B2 (en) * | 2005-01-14 | 2010-06-08 | Trend Micro Incorporated | Method and apparatus for performing antivirus tasks in a mobile wireless device |
US20060217111A1 (en) * | 2005-02-11 | 2006-09-28 | Sunil Marolia | Network for customer care and distribution of firmware and software updates |
US20070174630A1 (en) * | 2005-02-21 | 2007-07-26 | Marvin Shannon | System and Method of Mobile Anti-Pharming and Improving Two Factor Usage |
EP1705832A3 (de) * | 2005-03-22 | 2011-08-03 | Hewlett-Packard Development Company, L.P. | Geräteprofilzugriff in einem Verwaltungsnetz |
US7650639B2 (en) * | 2005-03-31 | 2010-01-19 | Microsoft Corporation | System and method for protecting a limited resource computer from malware |
US7603712B2 (en) | 2005-04-21 | 2009-10-13 | Microsoft Corporation | Protecting a computer that provides a Web service from malware |
US7496348B2 (en) * | 2005-06-07 | 2009-02-24 | Motorola, Inc. | Wireless communication network security method and system |
US7770785B2 (en) * | 2005-06-13 | 2010-08-10 | Qualcomm Incorporated | Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device |
US20060288411A1 (en) | 2005-06-21 | 2006-12-21 | Avaya, Inc. | System and method for mitigating denial of service attacks on communication appliances |
US8832827B2 (en) | 2005-07-14 | 2014-09-09 | Gryphonet Ltd. | System and method for detection and recovery of malfunction in mobile devices |
US20070056035A1 (en) * | 2005-08-16 | 2007-03-08 | Drew Copley | Methods and systems for detection of forged computer files |
US7844829B2 (en) | 2006-01-18 | 2010-11-30 | Sybase, Inc. | Secured database system with built-in antivirus protection |
US8578479B2 (en) * | 2006-03-21 | 2013-11-05 | Riverbed Technology, Inc. | Worm propagation mitigation |
US7996901B2 (en) | 2006-03-31 | 2011-08-09 | Lenovo (Singapore) Pte. Ltd. | Hypervisor area for email virus testing |
WO2007117636A2 (en) | 2006-04-06 | 2007-10-18 | Smobile Systems, Inc. | Malware detection system and method for comprssed data on mobile platforms |
US8561193B1 (en) * | 2010-05-17 | 2013-10-15 | Symantec Corporation | Systems and methods for analyzing malware |
-
2007
- 2007-04-06 WO PCT/US2007/008644 patent/WO2007117636A2/en active Application Filing
- 2007-04-06 WO PCT/US2007/008538 patent/WO2007117574A2/en active Application Filing
- 2007-04-06 WO PCT/US2007/008548 patent/WO2007117582A2/en active Application Filing
- 2007-04-06 US US11/697,647 patent/US9104871B2/en not_active Expired - Fee Related
- 2007-04-06 WO PCT/US2007/008530 patent/WO2007117567A2/en active Application Filing
- 2007-04-06 MX MX2008012891A patent/MX2008012891A/es active IP Right Grant
- 2007-04-06 US US11/697,642 patent/US8321941B2/en active Active
- 2007-04-06 WO PCT/US2007/008641 patent/WO2007117635A2/en active Application Filing
- 2007-04-06 US US11/697,668 patent/US8312545B2/en active Active
- 2007-04-06 US US11/697,672 patent/US20070240222A1/en not_active Abandoned
- 2007-04-06 EP EP07754962.4A patent/EP2011099A4/de not_active Withdrawn
- 2007-04-06 US US11/697,664 patent/US9064115B2/en active Active
- 2007-04-06 WO PCT/US2007/008553 patent/WO2007117585A2/en active Application Filing
- 2007-04-06 US US11/697,658 patent/US9009818B2/en active Active
-
2011
- 2011-03-29 US US13/074,819 patent/US20110179484A1/en not_active Abandoned
-
2015
- 2015-04-13 US US14/685,391 patent/US9542555B2/en active Active
- 2015-08-10 US US14/822,488 patent/US9576131B2/en not_active Expired - Fee Related
Patent Citations (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6553378B1 (en) * | 2000-03-31 | 2003-04-22 | Network Associates, Inc. | System and process for reporting network events with a plurality of hierarchically-structured databases in a distributed computing environment |
US20020042886A1 (en) * | 2000-08-31 | 2002-04-11 | Pasi Lahti | Software virus protection |
US7231440B1 (en) * | 2000-12-18 | 2007-06-12 | Mcafee, Inc. | System and method for distributing portable computer virus definition records with binary file conversion |
US7228565B2 (en) * | 2001-05-15 | 2007-06-05 | Mcafee, Inc. | Event reporting between a reporting computer and a receiving computer |
US7243373B2 (en) * | 2001-07-25 | 2007-07-10 | Mcafee, Inc. | On-access malware scanning |
US7231637B1 (en) * | 2001-07-26 | 2007-06-12 | Mcafee, Inc. | Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server |
US20030233574A1 (en) * | 2001-08-01 | 2003-12-18 | Networks Associates Technology, Inc. | System, method and computer program product for equipping wireless devices with malware scanning capabilities |
US20030233566A1 (en) * | 2001-08-01 | 2003-12-18 | Networks Associates Technology, Inc. | Malware scanning wireless service agent system and method |
US20040003276A1 (en) * | 2001-08-01 | 2004-01-01 | Networks Associates Technology, Inc. | Wireless architecture with malware scanning component manager and associated API |
US20040025042A1 (en) * | 2001-08-01 | 2004-02-05 | Networks Associates Technology, Inc. | Malware scanning user interface for wireless devices |
US20030229801A1 (en) * | 2001-08-01 | 2003-12-11 | Networks Associates Technology, Inc. | Wireless malware scanning back-end system and method |
US7171690B2 (en) * | 2001-08-01 | 2007-01-30 | Mcafee, Inc. | Wireless malware scanning back-end system and method |
US7096501B2 (en) * | 2001-08-01 | 2006-08-22 | Mcafee, Inc. | System, method and computer program product for equipping wireless devices with malware scanning capabilities |
US7007302B1 (en) * | 2001-08-31 | 2006-02-28 | Mcafee, Inc. | Efficient management and blocking of malicious code and hacking attempts in a network environment |
US20030065793A1 (en) * | 2001-09-28 | 2003-04-03 | Victor Kouznetsov | Anti-virus policy enforcement system and method |
US7210168B2 (en) * | 2001-10-15 | 2007-04-24 | Mcafee, Inc. | Updating malware definition data for mobile data processing devices |
US7062553B2 (en) * | 2001-12-04 | 2006-06-13 | Trend Micro, Inc. | Virus epidemic damage control system and method for network environment |
US20030115483A1 (en) * | 2001-12-04 | 2003-06-19 | Trend Micro Incorporated | Virus epidemic damage control system and method for network environment |
US20030120951A1 (en) * | 2001-12-21 | 2003-06-26 | Gartside Paul Nicholas | Generating malware definition data for mobile computing devices |
US20040123117A1 (en) * | 2002-12-18 | 2004-06-24 | Symantec Corporation | Validation for behavior-blocking system |
US20040209609A1 (en) * | 2003-04-17 | 2004-10-21 | Ntt Docomo, Inc. | Platform-independent scanning subsystem API for use in a mobile communication framework |
US6970697B2 (en) * | 2003-04-17 | 2005-11-29 | Ntt Docomo, Inc. | Platform-independent scanning subsystem API for use in a mobile communication framework |
US20040250115A1 (en) * | 2003-04-21 | 2004-12-09 | Trend Micro Incorporated. | Self-contained mechanism for deploying and controlling data security services via a web browser platform |
US20060191011A1 (en) * | 2005-02-24 | 2006-08-24 | Samsung Electronics Co., Ltd. | Method for curing a virus on a mobile communication network |
US20060200863A1 (en) * | 2005-03-01 | 2006-09-07 | Microsoft Corporation | On-access scan of memory for malware |
US20060277408A1 (en) * | 2005-06-03 | 2006-12-07 | Bhat Sathyanarayana P | System and method for monitoring and maintaining a wireless device |
US20070030539A1 (en) * | 2005-07-28 | 2007-02-08 | Mformation Technologies, Inc. | System and method for automatically altering device functionality |
US20070028296A1 (en) * | 2005-07-29 | 2007-02-01 | Advanced Micro Devices, Inc. | Secure patch installation for WWAN systems |
US20070240215A1 (en) * | 2006-03-28 | 2007-10-11 | Blue Coat Systems, Inc. | Method and system for tracking access to application data and preventing data exploitation by malicious programs |
Cited By (654)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10097573B1 (en) | 2004-04-01 | 2018-10-09 | Fireeye, Inc. | Systems and methods for malware defense |
US10284574B1 (en) | 2004-04-01 | 2019-05-07 | Fireeye, Inc. | System and method for threat detection and identification |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US10165000B1 (en) | 2004-04-01 | 2018-12-25 | Fireeye, Inc. | Systems and methods for malware attack prevention by intercepting flows of information |
US9282109B1 (en) | 2004-04-01 | 2016-03-08 | Fireeye, Inc. | System and method for analyzing packets |
US10623434B1 (en) | 2004-04-01 | 2020-04-14 | Fireeye, Inc. | System and method for virtual analysis of network data |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US10068091B1 (en) | 2004-04-01 | 2018-09-04 | Fireeye, Inc. | System and method for malware containment |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US9071638B1 (en) | 2004-04-01 | 2015-06-30 | Fireeye, Inc. | System and method for malware containment |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US10027690B2 (en) | 2004-04-01 | 2018-07-17 | Fireeye, Inc. | Electronic message analysis for malware detection |
US11637857B1 (en) | 2004-04-01 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for detecting malicious traffic using a virtual machine configured with a select software environment |
US9661018B1 (en) | 2004-04-01 | 2017-05-23 | Fireeye, Inc. | System and method for detecting anomalous behaviors using a virtual machine environment |
US9628498B1 (en) | 2004-04-01 | 2017-04-18 | Fireeye, Inc. | System and method for bot detection |
US9912684B1 (en) | 2004-04-01 | 2018-03-06 | Fireeye, Inc. | System and method for virtual analysis of network data |
US10587636B1 (en) | 2004-04-01 | 2020-03-10 | Fireeye, Inc. | System and method for bot detection |
US9591020B1 (en) | 2004-04-01 | 2017-03-07 | Fireeye, Inc. | System and method for signature generation |
US10757120B1 (en) | 2004-04-01 | 2020-08-25 | Fireeye, Inc. | Malicious network content detection |
US9197664B1 (en) | 2004-04-01 | 2015-11-24 | Fire Eye, Inc. | System and method for malware containment |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US11153341B1 (en) | 2004-04-01 | 2021-10-19 | Fireeye, Inc. | System and method for detecting malicious network content using virtual environment components |
US9306960B1 (en) | 2004-04-01 | 2016-04-05 | Fireeye, Inc. | Systems and methods for unauthorized activity defense |
US9516057B2 (en) | 2004-04-01 | 2016-12-06 | Fireeye, Inc. | Systems and methods for computer worm defense |
US10567405B1 (en) | 2004-04-01 | 2020-02-18 | Fireeye, Inc. | System for detecting a presence of malware from behavioral analysis |
US9356944B1 (en) | 2004-04-01 | 2016-05-31 | Fireeye, Inc. | System and method for detecting malicious traffic using a virtual machine configured with a select software environment |
US10511614B1 (en) | 2004-04-01 | 2019-12-17 | Fireeye, Inc. | Subscription based malware detection under management system control |
US11082435B1 (en) | 2004-04-01 | 2021-08-03 | Fireeye, Inc. | System and method for threat detection and identification |
US9838411B1 (en) | 2004-04-01 | 2017-12-05 | Fireeye, Inc. | Subscriber based protection system |
US9838416B1 (en) | 2004-06-14 | 2017-12-05 | Fireeye, Inc. | System and method of detecting malicious content |
US20150007327A1 (en) * | 2005-06-30 | 2015-01-01 | Webroot Solutions Ltd | Methods and apparatus for dealing with malware |
US11379582B2 (en) | 2005-06-30 | 2022-07-05 | Webroot Inc. | Methods and apparatus for malware threat research |
US10803170B2 (en) * | 2005-06-30 | 2020-10-13 | Webroot Inc. | Methods and apparatus for dealing with malware |
US20070016951A1 (en) * | 2005-07-13 | 2007-01-18 | Piccard Paul L | Systems and methods for identifying sources of malware |
US7634262B1 (en) * | 2006-03-07 | 2009-12-15 | Trend Micro, Inc. | Virus pattern update for mobile device |
US9576131B2 (en) | 2006-04-06 | 2017-02-21 | Juniper Networks, Inc. | Malware detection system and method for mobile platforms |
US9754102B2 (en) | 2006-08-07 | 2017-09-05 | Webroot Inc. | Malware management through kernel detection during a boot sequence |
US8281392B2 (en) | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US9996693B2 (en) * | 2006-09-19 | 2018-06-12 | Microsoft Technology Licensing, Llc | Automated malware signature generation |
US10891378B2 (en) * | 2006-09-19 | 2021-01-12 | Microsoft Technology Licensing, Llc | Automated malware signature generation |
US20120260343A1 (en) * | 2006-09-19 | 2012-10-11 | Microsoft Corporation | Automated malware signature generation |
US20080127336A1 (en) * | 2006-09-19 | 2008-05-29 | Microsoft Corporation | Automated malware signature generation |
US8201244B2 (en) * | 2006-09-19 | 2012-06-12 | Microsoft Corporation | Automated malware signature generation |
US20080120611A1 (en) * | 2006-10-30 | 2008-05-22 | Jeffrey Aaron | Methods, systems, and computer program products for controlling software application installations |
US8413135B2 (en) * | 2006-10-30 | 2013-04-02 | At&T Intellectual Property I, L.P. | Methods, systems, and computer program products for controlling software application installations |
US8793682B2 (en) | 2006-10-30 | 2014-07-29 | At&T Intellectual Property I, L.P. | Methods, systems, and computer program products for controlling software application installations |
US7945955B2 (en) * | 2006-12-18 | 2011-05-17 | Quick Heal Technologies Private Limited | Virus detection in mobile devices having insufficient resources to execute virus detection software |
US20080148407A1 (en) * | 2006-12-18 | 2008-06-19 | Cat Computer Services Pvt Ltd | Virus Detection in Mobile Devices Having Insufficient Resources to Execute Virus Detection Software |
US20080155696A1 (en) * | 2006-12-22 | 2008-06-26 | Sybase 365, Inc. | System and Method for Enhanced Malware Detection |
US9262638B2 (en) | 2006-12-29 | 2016-02-16 | Symantec Corporation | Hygiene based computer security |
US8205244B2 (en) * | 2007-02-27 | 2012-06-19 | Airdefense, Inc. | Systems and methods for generating, managing, and displaying alarms for wireless network monitoring |
US20080209517A1 (en) * | 2007-02-27 | 2008-08-28 | Airdefense, Inc. | Systems and methods for generating, managing, and displaying alarms for wireless network monitoring |
US20110173340A1 (en) * | 2007-05-15 | 2011-07-14 | Adams Phillip M | Computerized, copy detection and discrimination apparatus and method |
US8909733B2 (en) * | 2007-05-15 | 2014-12-09 | Phillip M. Adams | Computerized, copy detection and discrimination apparatus and method |
US8127358B1 (en) * | 2007-05-30 | 2012-02-28 | Trend Micro Incorporated | Thin client for computer security applications |
US8505101B1 (en) | 2007-05-30 | 2013-08-06 | Trend Micro Incorporated | Thin client for computer security applications |
US7934261B1 (en) * | 2007-06-13 | 2011-04-26 | Trend Micro, Inc. | On-demand cleanup system |
US8849909B2 (en) | 2007-07-06 | 2014-09-30 | Yahoo! Inc. | Real-time asynchronous event aggregation systems |
US7937468B2 (en) * | 2007-07-06 | 2011-05-03 | Yahoo! Inc. | Detecting spam messages using rapid sender reputation feedback analysis |
US20090013054A1 (en) * | 2007-07-06 | 2009-01-08 | Yahoo! Inc. | Detecting spam messages using rapid sender reputation feedback analysis |
US8448248B2 (en) * | 2007-07-23 | 2013-05-21 | Samsung Electronics Co., Ltd. | Apparatus and method for repairing computer system infected by malware |
US20090031162A1 (en) * | 2007-07-23 | 2009-01-29 | Abhijit Bose | Apparatus and method for repairing computer system infected by malware |
US8689330B2 (en) * | 2007-09-05 | 2014-04-01 | Yahoo! Inc. | Instant messaging malware protection |
US20090064335A1 (en) * | 2007-09-05 | 2009-03-05 | Yahoo! Inc. | Instant messaging malware protection |
US20090100519A1 (en) * | 2007-10-16 | 2009-04-16 | Mcafee, Inc. | Installer detection and warning system and method |
US9576253B2 (en) | 2007-11-15 | 2017-02-21 | Yahoo! Inc. | Trust based moderation |
US8171388B2 (en) | 2007-11-15 | 2012-05-01 | Yahoo! Inc. | Trust based moderation |
US20100146589A1 (en) * | 2007-12-21 | 2010-06-10 | Drivesentry Inc. | System and method to secure a computer system by selective control of write access to a data storage medium |
US9483645B2 (en) * | 2008-03-05 | 2016-11-01 | Mcafee, Inc. | System, method, and computer program product for identifying unwanted data based on an assembled execution profile of code |
US20090235357A1 (en) * | 2008-03-14 | 2009-09-17 | Computer Associates Think, Inc. | Method and System for Generating a Malware Sequence File |
US8850569B1 (en) * | 2008-04-15 | 2014-09-30 | Trend Micro, Inc. | Instant messaging malware protection |
US8302193B1 (en) * | 2008-05-30 | 2012-10-30 | Symantec Corporation | Methods and systems for scanning files for malware |
US8706745B1 (en) | 2008-05-30 | 2014-04-22 | Symantec Corporation | Systems and methods for determining a file set |
US8364705B1 (en) | 2008-09-24 | 2013-01-29 | Symantec Corporation | Methods and systems for determining a file set |
US8607347B2 (en) * | 2008-09-29 | 2013-12-10 | Sophos Limited | Network stream scanning facility |
US20100083380A1 (en) * | 2008-09-29 | 2010-04-01 | Harris Mark D | Network stream scanning facility |
US8028338B1 (en) * | 2008-09-30 | 2011-09-27 | Symantec Corporation | Modeling goodware characteristics to reduce false positive malware signatures |
US8230510B1 (en) * | 2008-10-02 | 2012-07-24 | Trend Micro Incorporated | Scanning computer data for malicious codes using a remote server computer |
US8881292B2 (en) * | 2008-10-21 | 2014-11-04 | Lookout, Inc. | Evaluating whether data is safe or malicious |
US9860263B2 (en) * | 2008-10-21 | 2018-01-02 | Lookout, Inc. | System and method for assessing data objects on mobile communications devices |
US20130086682A1 (en) * | 2008-10-21 | 2013-04-04 | Lookout, Inc., A California Corporation | System and method for preventing malware on a mobile communication device |
US20100100939A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | Secure mobile platform system |
US20130117846A1 (en) * | 2008-10-21 | 2013-05-09 | Lookout, Inc., A California Corporation | System and method for server-coupled application re-analysis to obtain characterization assessment |
US20170230397A1 (en) * | 2008-10-21 | 2017-08-10 | Lookout, Inc. | System and method for assessing data objects on mobile communications devices |
US20130133070A1 (en) * | 2008-10-21 | 2013-05-23 | Lookout, Inc. | System and method for attack and malware prevention |
US20130133071A1 (en) * | 2008-10-21 | 2013-05-23 | Lookout, Inc. | System and method for attack and malware prevention |
US9740852B2 (en) | 2008-10-21 | 2017-08-22 | Lookout, Inc. | System and method for assessing an application to be installed on a mobile communications device |
US20100100959A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
US20100100964A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | Security status and information display system |
US20100100963A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for attack and malware prevention |
US20100100591A1 (en) * | 2008-10-21 | 2010-04-22 | Flexilis, Inc. | System and method for a mobile cross-platform software system |
US8381303B2 (en) * | 2008-10-21 | 2013-02-19 | Kevin Patrick Mahaffey | System and method for attack and malware prevention |
US8505095B2 (en) * | 2008-10-21 | 2013-08-06 | Lookout, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
US8510843B2 (en) | 2008-10-21 | 2013-08-13 | Lookout, Inc. | Security status and information display system |
US8533844B2 (en) * | 2008-10-21 | 2013-09-10 | Lookout, Inc. | System and method for security data collection and analysis |
US9781148B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses between collections of mobile communications devices |
US8544095B2 (en) * | 2008-10-21 | 2013-09-24 | Lookout, Inc. | System and method for server-coupled application re-analysis |
US9779253B2 (en) | 2008-10-21 | 2017-10-03 | Lookout, Inc. | Methods and systems for sharing risk responses to improve the functioning of mobile communications devices |
US8561144B2 (en) | 2008-10-21 | 2013-10-15 | Lookout, Inc. | Enforcing security based on a security state assessment of a mobile device |
US10509910B2 (en) | 2008-10-21 | 2019-12-17 | Lookout, Inc. | Methods and systems for granting access to services based on a security state that varies with the severity of security events |
US20130283376A1 (en) * | 2008-10-21 | 2013-10-24 | Lookout, Inc. | System and method for security analysis based on multiple protocols |
US10509911B2 (en) | 2008-10-21 | 2019-12-17 | Lookout, Inc. | Methods and systems for conditionally granting access to services based on the security state of the device requesting access |
US9407640B2 (en) | 2008-10-21 | 2016-08-02 | Lookout, Inc. | Assessing a security state of a mobile communications device to determine access to specific tasks |
US20110047620A1 (en) * | 2008-10-21 | 2011-02-24 | Lookout, Inc., A California Corporation | System and method for server-coupled malware prevention |
US9367680B2 (en) | 2008-10-21 | 2016-06-14 | Lookout, Inc. | System and method for mobile communication device application advisement |
US20110047597A1 (en) * | 2008-10-21 | 2011-02-24 | Lookout, Inc., A California Corporation | System and method for security data collection and analysis |
US9344431B2 (en) * | 2008-10-21 | 2016-05-17 | Lookout, Inc. | System and method for assessing an application based on data from multiple devices |
US11080407B2 (en) | 2008-10-21 | 2021-08-03 | Lookout, Inc. | Methods and systems for analyzing data after initial analyses by known good and known bad security components |
US9294500B2 (en) | 2008-10-21 | 2016-03-22 | Lookout, Inc. | System and method for creating and applying categorization-based policy to secure a mobile communications device from access to certain data objects |
US20110145920A1 (en) * | 2008-10-21 | 2011-06-16 | Lookout, Inc | System and method for adverse mobile application identification |
US8683593B2 (en) * | 2008-10-21 | 2014-03-25 | Lookout, Inc. | Server-assisted analysis of data for a mobile device |
US10417432B2 (en) | 2008-10-21 | 2019-09-17 | Lookout, Inc. | Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device |
US9245119B2 (en) | 2008-10-21 | 2016-01-26 | Lookout, Inc. | Security status assessment using mobile device security information database |
US9235704B2 (en) | 2008-10-21 | 2016-01-12 | Lookout, Inc. | System and method for a scanning API |
US9223973B2 (en) * | 2008-10-21 | 2015-12-29 | Lookout, Inc. | System and method for attack and malware prevention |
US9996697B2 (en) | 2008-10-21 | 2018-06-12 | Lookout, Inc. | Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device |
US8051480B2 (en) * | 2008-10-21 | 2011-11-01 | Lookout, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
US8060936B2 (en) | 2008-10-21 | 2011-11-15 | Lookout, Inc. | Security status and information display system |
US8745739B2 (en) * | 2008-10-21 | 2014-06-03 | Lookout, Inc. | System and method for server-coupled application re-analysis to obtain characterization assessment |
US8752176B2 (en) * | 2008-10-21 | 2014-06-10 | Lookout, Inc. | System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment |
US8087067B2 (en) | 2008-10-21 | 2011-12-27 | Lookout, Inc. | Secure mobile platform system |
US8099472B2 (en) | 2008-10-21 | 2012-01-17 | Lookout, Inc. | System and method for a mobile cross-platform software system |
US8108933B2 (en) * | 2008-10-21 | 2012-01-31 | Lookout, Inc. | System and method for attack and malware prevention |
US20120042382A1 (en) * | 2008-10-21 | 2012-02-16 | Lookout, Inc. | System and method for monitoring and analyzing multiple interfaces and multiple protocols |
US20150222636A1 (en) * | 2008-10-21 | 2015-08-06 | Lookout, Inc. | System and method for assessing an application based on data from multiple devices |
US8365252B2 (en) | 2008-10-21 | 2013-01-29 | Lookout, Inc. | Providing access levels to services based on mobile device security state |
US8347386B2 (en) * | 2008-10-21 | 2013-01-01 | Lookout, Inc. | System and method for server-coupled malware prevention |
US9100389B2 (en) * | 2008-10-21 | 2015-08-04 | Lookout, Inc. | Assessing an application based on application data associated with the application |
US8826441B2 (en) | 2008-10-21 | 2014-09-02 | Lookout, Inc. | Event-based security state assessment and display for mobile devices |
US20120096555A1 (en) * | 2008-10-21 | 2012-04-19 | Lookout, Inc. | System and method for attack and malware prevention |
US9065846B2 (en) * | 2008-10-21 | 2015-06-23 | Lookout, Inc. | Analyzing data gathered through different protocols |
US9043919B2 (en) | 2008-10-21 | 2015-05-26 | Lookout, Inc. | Crawling multiple markets and correlating |
US20150106929A1 (en) * | 2008-10-21 | 2015-04-16 | Lookout, Inc. | System and method for attack and malware prevention |
US20120290640A1 (en) * | 2008-10-21 | 2012-11-15 | Lookout, Inc., A California Corporation | System and method for server-coupled application re-analysis |
US20120233695A1 (en) * | 2008-10-21 | 2012-09-13 | Lookout, Inc., A California Corporation | System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment |
US8997181B2 (en) | 2008-10-21 | 2015-03-31 | Lookout, Inc. | Assessing the security state of a mobile communications device |
US8271608B2 (en) | 2008-10-21 | 2012-09-18 | Lookout, Inc. | System and method for a mobile cross-platform software system |
US8984628B2 (en) | 2008-10-21 | 2015-03-17 | Lookout, Inc. | System and method for adverse mobile application identification |
US8875289B2 (en) * | 2008-10-21 | 2014-10-28 | Lookout, Inc. | System and method for preventing malware on a mobile communication device |
US8327443B2 (en) * | 2008-10-29 | 2012-12-04 | Lockheed Martin Corporation | MDL compress system and method for signature inference and masquerade intrusion detection |
US8312542B2 (en) * | 2008-10-29 | 2012-11-13 | Lockheed Martin Corporation | Network intrusion detection using MDL compress for deep packet inspection |
US20100107255A1 (en) * | 2008-10-29 | 2010-04-29 | Eiland Edward E | Intrusion Detection Using MDL Compression |
US20100107253A1 (en) * | 2008-10-29 | 2010-04-29 | Eiland Edward E | Mdl compress system and method for signature inference and masquerade intrusion detection |
US8375446B2 (en) * | 2008-10-29 | 2013-02-12 | Lockheed Martin Corporation | Intrusion detection using MDL compression |
US20100107254A1 (en) * | 2008-10-29 | 2010-04-29 | Eiland Edward E | Network intrusion detection using mdl compress for deep packet inspection |
US9954890B1 (en) | 2008-11-03 | 2018-04-24 | Fireeye, Inc. | Systems and methods for analyzing PDF documents |
US8850571B2 (en) * | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US9118715B2 (en) | 2008-11-03 | 2015-08-25 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US9438622B1 (en) | 2008-11-03 | 2016-09-06 | Fireeye, Inc. | Systems and methods for analyzing malicious PDF network content |
US8990939B2 (en) | 2008-11-03 | 2015-03-24 | Fireeye, Inc. | Systems and methods for scheduling analysis of network content for malware |
US20100162400A1 (en) * | 2008-12-11 | 2010-06-24 | Scansafe Limited | Malware detection |
US8689331B2 (en) * | 2008-12-11 | 2014-04-01 | Scansafe Limited | Malware detection |
US20100162350A1 (en) * | 2008-12-24 | 2010-06-24 | Korea Information Security Agency | Security system of managing irc and http botnets, and method therefor |
US20100195493A1 (en) * | 2009-02-02 | 2010-08-05 | Peter Hedman | Controlling a packet flow from a user equipment |
US9974110B2 (en) | 2009-02-02 | 2018-05-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Controlling a packet flow from a user equipment |
US8289848B2 (en) * | 2009-02-02 | 2012-10-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Controlling a packet flow from a user equipment |
US9467391B2 (en) | 2009-02-02 | 2016-10-11 | Telefonaktiebolaget Lm Ericsson (Publ) | Controlling a packet flow from a user equipment |
US9179434B2 (en) | 2009-02-17 | 2015-11-03 | Lookout, Inc. | Systems and methods for locking and disabling a device in response to a request |
US20110047033A1 (en) * | 2009-02-17 | 2011-02-24 | Lookout, Inc. | System and method for mobile device replacement |
US8855601B2 (en) | 2009-02-17 | 2014-10-07 | Lookout, Inc. | System and method for remotely-initiated audio communication |
US9569643B2 (en) | 2009-02-17 | 2017-02-14 | Lookout, Inc. | Method for detecting a security event on a portable electronic device and establishing audio transmission with a client computer |
US8538815B2 (en) | 2009-02-17 | 2013-09-17 | Lookout, Inc. | System and method for mobile device replacement |
US10623960B2 (en) | 2009-02-17 | 2020-04-14 | Lookout, Inc. | Methods and systems for enhancing electronic device security by causing the device to go into a mode for lost or stolen devices |
US8682400B2 (en) | 2009-02-17 | 2014-03-25 | Lookout, Inc. | Systems and methods for device broadcast of location information when battery is low |
US10419936B2 (en) | 2009-02-17 | 2019-09-17 | Lookout, Inc. | Methods and systems for causing mobile communications devices to emit sounds with encoded information |
US8635109B2 (en) | 2009-02-17 | 2014-01-21 | Lookout, Inc. | System and method for providing offers for mobile devices |
US9042876B2 (en) | 2009-02-17 | 2015-05-26 | Lookout, Inc. | System and method for uploading location information based on device movement |
US8929874B2 (en) | 2009-02-17 | 2015-01-06 | Lookout, Inc. | Systems and methods for remotely controlling a lost mobile communications device |
US9232491B2 (en) | 2009-02-17 | 2016-01-05 | Lookout, Inc. | Mobile device geolocation |
US9167550B2 (en) | 2009-02-17 | 2015-10-20 | Lookout, Inc. | Systems and methods for applying a security policy to a device based on location |
US8825007B2 (en) | 2009-02-17 | 2014-09-02 | Lookout, Inc. | Systems and methods for applying a security policy to a device based on a comparison of locations |
US9100925B2 (en) | 2009-02-17 | 2015-08-04 | Lookout, Inc. | Systems and methods for displaying location information of a device |
US8467768B2 (en) | 2009-02-17 | 2013-06-18 | Lookout, Inc. | System and method for remotely securing or recovering a mobile device |
US9955352B2 (en) | 2009-02-17 | 2018-04-24 | Lookout, Inc. | Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such |
US8774788B2 (en) | 2009-02-17 | 2014-07-08 | Lookout, Inc. | Systems and methods for transmitting a communication based on a device leaving or entering an area |
US20100210240A1 (en) * | 2009-02-17 | 2010-08-19 | Flexilis, Inc. | System and method for remotely securing or recovering a mobile device |
US9246931B1 (en) | 2009-03-19 | 2016-01-26 | Symantec Corporation | Communication-based reputation system |
US8904520B1 (en) | 2009-03-19 | 2014-12-02 | Symantec Corporation | Communication-based reputation system |
US8881287B1 (en) | 2009-03-20 | 2014-11-04 | Symantec Corporation | Systems and methods for library function identification in automatic malware signature generation |
US8291497B1 (en) * | 2009-03-20 | 2012-10-16 | Symantec Corporation | Systems and methods for byte-level context diversity-based automatic malware signature generation |
US8484625B2 (en) | 2009-04-01 | 2013-07-09 | Motorola Mobility Llc | Method and apparatus to vet an executable program using a model |
US20100257253A1 (en) * | 2009-04-01 | 2010-10-07 | Motorola, Inc. | Method and Apparatus to Vet an Executable Program Using a Model |
US8490176B2 (en) | 2009-04-07 | 2013-07-16 | Juniper Networks, Inc. | System and method for controlling a mobile device |
US20110065419A1 (en) * | 2009-04-07 | 2011-03-17 | Juniper Networks | System and Method for Controlling a Mobile |
US11489857B2 (en) | 2009-04-21 | 2022-11-01 | Webroot Inc. | System and method for developing a risk profile for an internet resource |
US8621626B2 (en) * | 2009-05-01 | 2013-12-31 | Mcafee, Inc. | Detection of code execution exploits |
US20100281540A1 (en) * | 2009-05-01 | 2010-11-04 | Mcafee, Inc. | Detection of code execution exploits |
US9832651B2 (en) * | 2009-05-08 | 2017-11-28 | Samsung Electronics Co., Ltd | System and method for verifying integrity of software package in mobile terminal |
US20100287547A1 (en) * | 2009-05-08 | 2010-11-11 | Samsung Electronics Co., Ltd. | System and method for verifying integrity of software package in mobile terminal |
US8769678B2 (en) * | 2009-06-30 | 2014-07-01 | Sonicwall, Inc. | Cloud-based gateway security scanning |
US11070571B2 (en) | 2009-06-30 | 2021-07-20 | Sonicwall Inc. | Cloud-based gateway security scanning |
US10326781B2 (en) | 2009-06-30 | 2019-06-18 | Sonicwall Inc. | Cloud-based gateway security scanning |
US9203853B2 (en) | 2009-06-30 | 2015-12-01 | Dell Software Inc. | Cloud-based gateway security scanning |
US8276202B1 (en) * | 2009-06-30 | 2012-09-25 | Aleksandr Dubrovsky | Cloud-based gateway security scanning |
US9560056B2 (en) | 2009-06-30 | 2017-01-31 | Dell Software Inc. | Cloud-based gateway security scanning |
US9607148B1 (en) * | 2009-06-30 | 2017-03-28 | Symantec Corporation | Method and apparatus for detecting malware on a computer system |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US11381578B1 (en) | 2009-09-30 | 2022-07-05 | Fireeye Security Holdings Us Llc | Network-based binary file extraction and analysis for malware detection |
US8935779B2 (en) | 2009-09-30 | 2015-01-13 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US7743419B1 (en) * | 2009-10-01 | 2010-06-22 | Kaspersky Lab, Zao | Method and system for detection and prediction of computer virus-related epidemics |
USRE48669E1 (en) | 2009-11-18 | 2021-08-03 | Lookout, Inc. | System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device |
US8397301B2 (en) | 2009-11-18 | 2013-03-12 | Lookout, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
USRE46768E1 (en) | 2009-11-18 | 2018-03-27 | Lookout, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communications device |
US20110119765A1 (en) * | 2009-11-18 | 2011-05-19 | Flexilis, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
USRE47757E1 (en) | 2009-11-18 | 2019-12-03 | Lookout, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communications device |
USRE49634E1 (en) | 2009-11-18 | 2023-08-29 | Lookout, Inc. | System and method for determining the risk of vulnerabilities on a mobile communications device |
US8555393B2 (en) * | 2009-12-03 | 2013-10-08 | Verizon Patent And Licensing Inc. | Automated testing for security vulnerabilities of devices |
US20110138470A1 (en) * | 2009-12-03 | 2011-06-09 | Verizon Patent And Licensing, Inc. | Automated testing for security vulnerabilities of devices |
US8966511B2 (en) * | 2010-01-18 | 2015-02-24 | Samsung Electronics Co., Ltd. | Computer system and method for preventing dynamic-link library injection attack |
US20110179430A1 (en) * | 2010-01-18 | 2011-07-21 | Samsung Electronics Co., Ltd. | Computer System and Method for Preventing Dynamic-Link Library Injection Attack |
US8788623B2 (en) | 2010-02-19 | 2014-07-22 | Mcafee Inc. | System, method, and computer program product for receiving security content utilizing a serial over LAN connection |
US8301727B1 (en) * | 2010-02-19 | 2012-10-30 | Mcafee, Inc. | System, method, and computer program product for receiving security content utilizing a serial over LAN connection |
US8701190B1 (en) * | 2010-02-22 | 2014-04-15 | Symantec Corporation | Inferring file and website reputations by belief propagation leveraging machine reputation |
US9479357B1 (en) * | 2010-03-05 | 2016-10-25 | Symantec Corporation | Detecting malware on mobile devices based on mobile behavior analysis |
US8949797B2 (en) | 2010-04-16 | 2015-02-03 | International Business Machines Corporation | Optimizing performance of integrity monitoring |
US20110295894A1 (en) * | 2010-05-27 | 2011-12-01 | Samsung Sds Co., Ltd. | System and method for matching pattern |
US9392005B2 (en) * | 2010-05-27 | 2016-07-12 | Samsung Sds Co., Ltd. | System and method for matching pattern |
EP2577546A4 (de) * | 2010-06-03 | 2014-01-01 | Nokia Corp | Verfahren und vorrichtung zur analyse und erkennung bösartiger software |
EP2577546A2 (de) * | 2010-06-03 | 2013-04-10 | Nokia Corp. | Verfahren und vorrichtung zur analyse und erkennung bösartiger software |
US9449175B2 (en) * | 2010-06-03 | 2016-09-20 | Nokia Technologies Oy | Method and apparatus for analyzing and detecting malicious software |
US8365288B2 (en) | 2010-06-21 | 2013-01-29 | Samsung Sds Co., Ltd. | Anti-malware device, server, and method of matching malware patterns |
US9202049B1 (en) | 2010-06-21 | 2015-12-01 | Pulse Secure, Llc | Detecting malware on mobile devices |
US10320835B1 (en) | 2010-06-21 | 2019-06-11 | Pulse Secure, Llc | Detecting malware on mobile devices |
US9576130B1 (en) | 2010-06-21 | 2017-02-21 | Pulse Secure, Llc | Detecting malware on mobile devices |
US8973130B2 (en) | 2010-07-21 | 2015-03-03 | Samsung Sds Co., Ltd. | Device and method for providing SOC-based anti-malware service, and interface method |
US8683452B1 (en) * | 2010-12-21 | 2014-03-25 | Emc Corporation | Dynamically obfuscated javascript |
US20120311709A1 (en) * | 2010-12-23 | 2012-12-06 | Korea Internet & Security Agency | Automatic management system for group and mutant information of malicious codes |
US8479296B2 (en) * | 2010-12-30 | 2013-07-02 | Kaspersky Lab Zao | System and method for detecting unknown malware |
US20120185939A1 (en) * | 2011-01-13 | 2012-07-19 | F-Secure Corporation | Malware detection |
US8621634B2 (en) * | 2011-01-13 | 2013-12-31 | F-Secure Oyj | Malware detection based on a predetermined criterion |
US9559852B2 (en) | 2011-02-03 | 2017-01-31 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US10178076B2 (en) | 2011-02-03 | 2019-01-08 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US9294448B2 (en) | 2011-02-03 | 2016-03-22 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US11063920B2 (en) | 2011-02-03 | 2021-07-13 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US9979707B2 (en) | 2011-02-03 | 2018-05-22 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US9722804B2 (en) | 2011-02-03 | 2017-08-01 | mSignia, Inc. | Cryptographic security functions based on anticipated changes in dynamic minutiae |
US10574630B2 (en) | 2011-02-15 | 2020-02-25 | Webroot Inc. | Methods and apparatus for malware threat research |
US9519682B1 (en) | 2011-05-26 | 2016-12-13 | Yahoo! Inc. | User trustworthiness |
US9319292B2 (en) | 2011-06-14 | 2016-04-19 | Lookout, Inc. | Client activity DNS optimization |
US8738765B2 (en) | 2011-06-14 | 2014-05-27 | Lookout, Inc. | Mobile device DNS optimization |
US10181118B2 (en) | 2011-08-17 | 2019-01-15 | Lookout, Inc. | Mobile communications device payment method utilizing location information |
US8788881B2 (en) | 2011-08-17 | 2014-07-22 | Lookout, Inc. | System and method for mobile device push communications |
US9237171B2 (en) | 2011-08-17 | 2016-01-12 | Mcafee, Inc. | System and method for indirect interface monitoring and plumb-lining |
US9442881B1 (en) | 2011-08-31 | 2016-09-13 | Yahoo! Inc. | Anti-spam transient entity classification |
US20130081142A1 (en) * | 2011-09-22 | 2013-03-28 | Raytheon Company | System, Method, and Logic for Classifying Communications |
US8875293B2 (en) * | 2011-09-22 | 2014-10-28 | Raytheon Company | System, method, and logic for classifying communications |
US20130152201A1 (en) * | 2011-12-12 | 2013-06-13 | Microsoft Corporation | Adjunct Computing Machine for Remediating Malware on Compromised Computing Machine |
US8365297B1 (en) | 2011-12-28 | 2013-01-29 | Kaspersky Lab Zao | System and method for detecting malware targeting the boot process of a computer using boot process emulation |
US8726338B2 (en) | 2012-02-02 | 2014-05-13 | Juniper Networks, Inc. | Dynamic threat protection in mobile networks |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US10282548B1 (en) | 2012-02-24 | 2019-05-07 | Fireeye, Inc. | Method for detecting malware within network content |
US8656494B2 (en) * | 2012-02-28 | 2014-02-18 | Kaspersky Lab, Zao | System and method for optimization of antivirus processing of disk files |
WO2013158789A1 (en) | 2012-04-18 | 2013-10-24 | Mcafee, Inc. | Detection and prevention of installation of malicious mobile applications |
US9596257B2 (en) | 2012-04-18 | 2017-03-14 | Mcafee, Inc. | Detection and prevention of installation of malicious mobile applications |
CN104246788A (zh) * | 2012-04-18 | 2014-12-24 | 迈克菲公司 | 检测并防止恶意移动应用程序的安装 |
EP2839406A4 (de) * | 2012-04-18 | 2015-12-23 | Mcafee Inc | Erkennung und verhinderung der installation von mobilen bösartigen anwendungen |
US8948795B2 (en) | 2012-05-08 | 2015-02-03 | Sybase 365, Inc. | System and method for dynamic spam detection |
US9407443B2 (en) | 2012-06-05 | 2016-08-02 | Lookout, Inc. | Component analysis of software applications on computing devices |
US9215074B2 (en) | 2012-06-05 | 2015-12-15 | Lookout, Inc. | Expressing intent to control behavior of application components |
US10256979B2 (en) | 2012-06-05 | 2019-04-09 | Lookout, Inc. | Assessing application authenticity and performing an action in response to an evaluation result |
US10419222B2 (en) | 2012-06-05 | 2019-09-17 | Lookout, Inc. | Monitoring for fraudulent or harmful behavior in applications being installed on user devices |
US9589129B2 (en) | 2012-06-05 | 2017-03-07 | Lookout, Inc. | Determining source of side-loaded software |
US11336458B2 (en) | 2012-06-05 | 2022-05-17 | Lookout, Inc. | Evaluating authenticity of applications based on assessing user device context for increased security |
US9940454B2 (en) | 2012-06-05 | 2018-04-10 | Lookout, Inc. | Determining source of side-loaded software using signature of authorship |
US9992025B2 (en) | 2012-06-05 | 2018-06-05 | Lookout, Inc. | Monitoring installed applications on user devices |
US9053322B2 (en) | 2012-07-12 | 2015-06-09 | Industrial Technology Research Institute | Computing environment security method and electronic computing system |
US9124472B1 (en) | 2012-07-25 | 2015-09-01 | Symantec Corporation | Providing file information to a client responsive to a file download stability prediction |
US20140101748A1 (en) * | 2012-10-10 | 2014-04-10 | Dell Products L.P. | Adaptive System Behavior Change on Malware Trigger |
US8931074B2 (en) * | 2012-10-10 | 2015-01-06 | Dell Products L.P. | Adaptive system behavior change on malware trigger |
US9408143B2 (en) | 2012-10-26 | 2016-08-02 | Lookout, Inc. | System and method for using context models to control operation of a mobile communications device |
US8655307B1 (en) | 2012-10-26 | 2014-02-18 | Lookout, Inc. | System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security |
US9769749B2 (en) | 2012-10-26 | 2017-09-19 | Lookout, Inc. | Modifying mobile device settings for resource conservation |
US20140165190A1 (en) * | 2012-12-10 | 2014-06-12 | Lookout Inc. | Method and apparatus for enhanced file system monitoring on mobile communications devices |
US9298916B2 (en) * | 2012-12-10 | 2016-03-29 | Lookout, Inc. | Method and apparatus for enhanced file system monitoring on mobile communications devices |
EP2924943A4 (de) * | 2012-12-21 | 2015-12-16 | Huawei Tech Co Ltd | Virusdetektionsverfahren und -vorrichtung |
US9723021B2 (en) | 2012-12-21 | 2017-08-01 | Huawei Technologies Co., Ltd. | Virus detecting method and device |
US9208215B2 (en) | 2012-12-27 | 2015-12-08 | Lookout, Inc. | User classification based on data gathered from a computing device |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9374369B2 (en) | 2012-12-28 | 2016-06-21 | Lookout, Inc. | Multi-factor authentication and comprehensive login system for client-server networks |
US8855599B2 (en) | 2012-12-31 | 2014-10-07 | Lookout, Inc. | Method and apparatus for auxiliary communications with mobile communications device |
US9424409B2 (en) | 2013-01-10 | 2016-08-23 | Lookout, Inc. | Method and system for protecting privacy and enhancing security on an electronic device |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9594905B1 (en) | 2013-02-23 | 2017-03-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using machine learning |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9225740B1 (en) | 2013-02-23 | 2015-12-29 | Fireeye, Inc. | Framework for iterative analysis of mobile software applications |
US10929266B1 (en) | 2013-02-23 | 2021-02-23 | Fireeye, Inc. | Real-time visual playback with synchronous textual analysis log display and event/time indexing |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US10181029B1 (en) | 2013-02-23 | 2019-01-15 | Fireeye, Inc. | Security cloud service framework for hardening in the field code of mobile software applications |
US10019338B1 (en) | 2013-02-23 | 2018-07-10 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9792196B1 (en) | 2013-02-23 | 2017-10-17 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US10296437B2 (en) | 2013-02-23 | 2019-05-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US10025927B1 (en) | 2013-03-13 | 2018-07-17 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US10848521B1 (en) | 2013-03-13 | 2020-11-24 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9912698B1 (en) | 2013-03-13 | 2018-03-06 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9934381B1 (en) | 2013-03-13 | 2018-04-03 | Fireeye, Inc. | System and method for detecting malicious activity based on at least one environmental property |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US11210390B1 (en) | 2013-03-13 | 2021-12-28 | Fireeye Security Holdings Us Llc | Multi-version application support and registration within a single operating system environment |
US10198574B1 (en) | 2013-03-13 | 2019-02-05 | Fireeye, Inc. | System and method for analysis of a memory dump associated with a potentially malicious content suspect |
US10467414B1 (en) | 2013-03-13 | 2019-11-05 | Fireeye, Inc. | System and method for detecting exfiltration content |
US10812513B1 (en) | 2013-03-14 | 2020-10-20 | Fireeye, Inc. | Correlation and consolidation holistic views of analytic data pertaining to a malware attack |
US10122746B1 (en) | 2013-03-14 | 2018-11-06 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US9641546B1 (en) | 2013-03-14 | 2017-05-02 | Fireeye, Inc. | Electronic device for aggregation, correlation and consolidation of analysis attributes |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US10200384B1 (en) | 2013-03-14 | 2019-02-05 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10701091B1 (en) | 2013-03-15 | 2020-06-30 | Fireeye, Inc. | System and method for verifying a cyberthreat |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
WO2014155036A1 (en) | 2013-03-25 | 2014-10-02 | British Telecommunications Plc | Suspicious program detection |
US9747447B2 (en) * | 2013-03-25 | 2017-08-29 | British Telecommunications Public Limited Company | Suspicious program detection |
US20160055337A1 (en) * | 2013-03-25 | 2016-02-25 | British Telecommunications Plc | Suspicious program detection |
EP2784716A1 (de) * | 2013-03-25 | 2014-10-01 | British Telecommunications public limited company | Erkennung verdächtiger Programme |
US9792436B1 (en) * | 2013-04-29 | 2017-10-17 | Symantec Corporation | Techniques for remediating an infected file |
US10469512B1 (en) | 2013-05-10 | 2019-11-05 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US10033753B1 (en) | 2013-05-13 | 2018-07-24 | Fireeye, Inc. | System and method for detecting malicious activity and classifying a network communication based on different indicator types |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US10637880B1 (en) | 2013-05-13 | 2020-04-28 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9361461B2 (en) | 2013-05-21 | 2016-06-07 | Samsung Electronics Co., Ltd. | Method and apparatus for detecting malware and recording medium thereof |
US10083302B1 (en) | 2013-06-24 | 2018-09-25 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10335738B1 (en) | 2013-06-24 | 2019-07-02 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US9888019B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US10505956B1 (en) | 2013-06-28 | 2019-12-10 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9852290B1 (en) | 2013-07-12 | 2017-12-26 | The Boeing Company | Systems and methods of analyzing a software component |
US9396082B2 (en) | 2013-07-12 | 2016-07-19 | The Boeing Company | Systems and methods of analyzing a software component |
US9280369B1 (en) | 2013-07-12 | 2016-03-08 | The Boeing Company | Systems and methods of analyzing a software component |
US9336025B2 (en) | 2013-07-12 | 2016-05-10 | The Boeing Company | Systems and methods of analyzing a software component |
US9843622B2 (en) * | 2013-09-24 | 2017-12-12 | Mcafee, Llc | Adaptive and recursive filtering for sample submission |
EP3049983A4 (de) * | 2013-09-24 | 2017-05-31 | McAfee, Inc. | Adaptive und rekursive filterung für probeneinreichung |
US20150088967A1 (en) * | 2013-09-24 | 2015-03-26 | Igor Muttik | Adaptive and recursive filtering for sample submission |
US9479521B2 (en) | 2013-09-30 | 2016-10-25 | The Boeing Company | Software network behavior analysis and identification system |
US10735458B1 (en) | 2013-09-30 | 2020-08-04 | Fireeye, Inc. | Detection center to detect targeted malware |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US9912691B2 (en) | 2013-09-30 | 2018-03-06 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US10657251B1 (en) | 2013-09-30 | 2020-05-19 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US10218740B1 (en) | 2013-09-30 | 2019-02-26 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US10713362B1 (en) | 2013-09-30 | 2020-07-14 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US11075945B2 (en) | 2013-09-30 | 2021-07-27 | Fireeye, Inc. | System, apparatus and method for reconfiguring virtual machines |
US9910988B1 (en) | 2013-09-30 | 2018-03-06 | Fireeye, Inc. | Malware analysis in accordance with an analysis plan |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US10089459B2 (en) * | 2013-10-03 | 2018-10-02 | Qualcomm Incorporated | Malware detection and prevention by monitoring and modifying a hardware pipeline |
US20160063243A1 (en) * | 2013-10-03 | 2016-03-03 | Qualcomm Incorporated | Malware Detection and Prevention by Monitoring and Modifying a Hardware Pipeline |
US10452862B2 (en) | 2013-10-25 | 2019-10-22 | Lookout, Inc. | System and method for creating a policy for managing personal data on a mobile communications device |
US9642008B2 (en) | 2013-10-25 | 2017-05-02 | Lookout, Inc. | System and method for creating and assigning a policy for a mobile communications device based on personal data |
US10990696B2 (en) | 2013-10-25 | 2021-04-27 | Lookout, Inc. | Methods and systems for detecting attempts to access personal information on mobile communications devices |
US20150121072A1 (en) * | 2013-10-30 | 2015-04-30 | Electronics And Telecommunications Research Institute | Object verification apparatus and its integrity authentication method |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9560059B1 (en) | 2013-11-21 | 2017-01-31 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9753796B2 (en) | 2013-12-06 | 2017-09-05 | Lookout, Inc. | Distributed monitoring, evaluation, and response for multiple devices |
US10742676B2 (en) | 2013-12-06 | 2020-08-11 | Lookout, Inc. | Distributed monitoring and evaluation of multiple devices |
US10122747B2 (en) | 2013-12-06 | 2018-11-06 | Lookout, Inc. | Response generation after distributed monitoring and evaluation of multiple devices |
US11089057B1 (en) | 2013-12-26 | 2021-08-10 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US10476909B1 (en) | 2013-12-26 | 2019-11-12 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US10467411B1 (en) * | 2013-12-26 | 2019-11-05 | Fireeye, Inc. | System and method for generating a malware identifier |
US9306974B1 (en) | 2013-12-26 | 2016-04-05 | Fireeye, Inc. | System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits |
US10740456B1 (en) | 2014-01-16 | 2020-08-11 | Fireeye, Inc. | Threat-aware architecture |
US9916440B1 (en) | 2014-02-05 | 2018-03-13 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10534906B1 (en) | 2014-02-05 | 2020-01-14 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US10419454B2 (en) | 2014-02-28 | 2019-09-17 | British Telecommunications Public Limited Company | Malicious encrypted traffic inhibitor |
US10176428B2 (en) * | 2014-03-13 | 2019-01-08 | Qualcomm Incorporated | Behavioral analysis for securing peripheral devices |
US20150262067A1 (en) * | 2014-03-13 | 2015-09-17 | Qualcomm Incorporated | Behavioral Analysis for Securing Peripheral Devices |
US10432649B1 (en) | 2014-03-20 | 2019-10-01 | Fireeye, Inc. | System and method for classifying an object based on an aggregated behavior results |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US11068587B1 (en) | 2014-03-21 | 2021-07-20 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US11082436B1 (en) | 2014-03-28 | 2021-08-03 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9787700B1 (en) | 2014-03-28 | 2017-10-10 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US10454953B1 (en) | 2014-03-28 | 2019-10-22 | Fireeye, Inc. | System and method for separated packet processing and static analysis |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US10341363B1 (en) | 2014-03-31 | 2019-07-02 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US11297074B1 (en) | 2014-03-31 | 2022-04-05 | FireEye Security Holdings, Inc. | Dynamically remote tuning of a malware content detection system |
US11949698B1 (en) | 2014-03-31 | 2024-04-02 | Musarubra Us Llc | Dynamically remote tuning of a malware content detection system |
US10243985B2 (en) | 2014-06-03 | 2019-03-26 | Hexadite Ltd. | System and methods thereof for monitoring and preventing security incidents in a computerized environment |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10757134B1 (en) | 2014-06-24 | 2020-08-25 | Fireeye, Inc. | System and method for detecting and remediating a cybersecurity attack |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9838408B1 (en) | 2014-06-26 | 2017-12-05 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers |
US9661009B1 (en) | 2014-06-26 | 2017-05-23 | Fireeye, Inc. | Network-based malware detection |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US11244056B1 (en) | 2014-07-01 | 2022-02-08 | Fireeye Security Holdings Us Llc | Verification of trusted threat-aware visualization layer |
US9824356B2 (en) | 2014-08-12 | 2017-11-21 | Bank Of America Corporation | Tool for creating a system hardware signature for payment authentication |
US8943598B1 (en) * | 2014-08-12 | 2015-01-27 | Bank Of America Corporation | Automatic compromise detection for hardware signature for payment authentication |
US9609007B1 (en) | 2014-08-22 | 2017-03-28 | Fireeye, Inc. | System and method of detecting delivery of malware based on indicators of compromise from different sources |
US10404725B1 (en) | 2014-08-22 | 2019-09-03 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10027696B1 (en) | 2014-08-22 | 2018-07-17 | Fireeye, Inc. | System and method for determining a threat based on correlation of indicators of compromise from other sources |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
EP2998902A1 (de) * | 2014-09-16 | 2016-03-23 | Baidu Online Network Technology (Beijing) Co., Ltd | Verfahren und Vorrichtung zur Verarbeitung einer Datei |
US10055583B2 (en) * | 2014-09-16 | 2018-08-21 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for processing file |
US20200042720A1 (en) * | 2014-09-22 | 2020-02-06 | Mcafee, Llc | Pre-launch process vulnerability assessment |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US10868818B1 (en) | 2014-09-29 | 2020-12-15 | Fireeye, Inc. | Systems and methods for generation of signature generation using interactive infection visualizations |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9183383B1 (en) | 2014-12-05 | 2015-11-10 | AO Kaspersky Lab | System and method of limiting the operation of trusted applications in presence of suspicious programs |
EP3029593A1 (de) * | 2014-12-05 | 2016-06-08 | Kaspersky Lab, ZAO | System und verfahren zur begrenzung des betriebs von sicheren anwendungen in gegenwart von verdächtigen programmen |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10902117B1 (en) | 2014-12-22 | 2021-01-26 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10366231B1 (en) | 2014-12-22 | 2019-07-30 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US10528726B1 (en) | 2014-12-29 | 2020-01-07 | Fireeye, Inc. | Microvisor-based malware detection appliance architecture |
WO2016107754A1 (en) * | 2014-12-30 | 2016-07-07 | British Telecommunications Public Limited Company | Malware detection |
WO2016107753A1 (en) * | 2014-12-30 | 2016-07-07 | British Telecommunications Public Limited Company | Malware detection in migrated virtual machines |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US11586733B2 (en) | 2014-12-30 | 2023-02-21 | British Telecommunications Public Limited Company | Malware detection |
US10733295B2 (en) | 2014-12-30 | 2020-08-04 | British Telecommunications Public Limited Company | Malware detection in migrated virtual machines |
US10798121B1 (en) | 2014-12-30 | 2020-10-06 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US10848317B2 (en) | 2015-01-19 | 2020-11-24 | InAuth, Inc. | Systems and methods for trusted path secure communication |
US11171790B2 (en) | 2015-01-19 | 2021-11-09 | Accertify, Inc. | Systems and methods for trusted path secure communication |
US11818274B1 (en) | 2015-01-19 | 2023-11-14 | Accertify, Inc. | Systems and methods for trusted path secure communication |
US10237073B2 (en) | 2015-01-19 | 2019-03-19 | InAuth, Inc. | Systems and methods for trusted path secure communication |
US20160267270A1 (en) * | 2015-03-13 | 2016-09-15 | Electronics And Telecommunications Research Institute | Method and system for fast inspection of android malwares |
US10666686B1 (en) | 2015-03-25 | 2020-05-26 | Fireeye, Inc. | Virtualized exploit detection system |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US11294705B1 (en) | 2015-03-31 | 2022-04-05 | Fireeye Security Holdings Us Llc | Selective virtualization for security threat detection |
US11868795B1 (en) | 2015-03-31 | 2024-01-09 | Musarubra Us Llc | Selective virtualization for security threat detection |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
EP3540625A1 (de) * | 2015-03-31 | 2019-09-18 | Juniper Networks, Inc. | Konfiguration einer sandkastenumgebung zur schadprogrammprüfung |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9846776B1 (en) | 2015-03-31 | 2017-12-19 | Fireeye, Inc. | System and method for detecting file altering behaviors pertaining to a malicious attack |
US10728263B1 (en) | 2015-04-13 | 2020-07-28 | Fireeye, Inc. | Analytic-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10540494B2 (en) | 2015-05-01 | 2020-01-21 | Lookout, Inc. | Determining source of side-loaded software using an administrator server |
US11259183B2 (en) | 2015-05-01 | 2022-02-22 | Lookout, Inc. | Determining a security state designation for a computing device based on a source of software |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10887328B1 (en) | 2015-09-29 | 2021-01-05 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US11244044B1 (en) | 2015-09-30 | 2022-02-08 | Fireeye Security Holdings Us Llc | Method to detect application execution hijacking using memory protection |
US10873597B1 (en) | 2015-09-30 | 2020-12-22 | Fireeye, Inc. | Cyber attack early warning system |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US10567411B2 (en) | 2015-10-01 | 2020-02-18 | Twistlock, Ltd. | Dynamically adapted traffic inspection and filtering in containerized environments |
US10599833B2 (en) | 2015-10-01 | 2020-03-24 | Twistlock, Ltd. | Networking-based profiling of containers and security enforcement |
US10706145B2 (en) | 2015-10-01 | 2020-07-07 | Twistlock, Ltd. | Runtime detection of vulnerabilities in software containers |
US10586042B2 (en) | 2015-10-01 | 2020-03-10 | Twistlock, Ltd. | Profiling of container images and enforcing security policies respective thereof |
US12050697B2 (en) | 2015-10-01 | 2024-07-30 | Twistlock Ltd. | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US10915628B2 (en) | 2015-10-01 | 2021-02-09 | Twistlock, Ltd. | Runtime detection of vulnerabilities in an application layer of software containers |
US10943014B2 (en) | 2015-10-01 | 2021-03-09 | Twistlock, Ltd | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US10922418B2 (en) | 2015-10-01 | 2021-02-16 | Twistlock, Ltd. | Runtime detection and mitigation of vulnerabilities in application software containers |
US11640472B2 (en) | 2015-10-01 | 2023-05-02 | Twistlock, Ltd. | Profiling of spawned processes in container images and enforcing security policies respective thereof |
US10664590B2 (en) | 2015-10-01 | 2020-05-26 | Twistlock, Ltd. | Filesystem action profiling of containers and security enforcement |
US11068585B2 (en) | 2015-10-01 | 2021-07-20 | Twistlock, Ltd. | Filesystem action profiling of containers and security enforcement |
US11625489B2 (en) | 2015-10-01 | 2023-04-11 | Twistlock, Ltd. | Techniques for securing execution environments by quarantining software containers |
US10223534B2 (en) | 2015-10-15 | 2019-03-05 | Twistlock, Ltd. | Static detection of vulnerabilities in base images of software containers |
US10778446B2 (en) | 2015-10-15 | 2020-09-15 | Twistlock, Ltd. | Detection of vulnerable root certificates in software containers |
US10719612B2 (en) | 2015-10-15 | 2020-07-21 | Twistlock, Ltd. | Static detection of vulnerabilities in base images of software containers |
US9787699B2 (en) * | 2015-10-30 | 2017-10-10 | F-Secure Corporation | Malware detection |
US20170126716A1 (en) * | 2015-10-30 | 2017-05-04 | F-Secure Corporation | Malware detection |
US10834107B1 (en) | 2015-11-10 | 2020-11-10 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10826901B2 (en) | 2015-11-25 | 2020-11-03 | InAuth, Inc. | Systems and method for cross-channel device binding |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US11200080B1 (en) | 2015-12-11 | 2021-12-14 | Fireeye Security Holdings Us Llc | Late load technique for deploying a virtualization layer underneath a running operating system |
US10733296B2 (en) | 2015-12-24 | 2020-08-04 | British Telecommunications Public Limited Company | Software security |
US11201876B2 (en) | 2015-12-24 | 2021-12-14 | British Telecommunications Public Limited Company | Malicious software identification |
US10891377B2 (en) | 2015-12-24 | 2021-01-12 | British Telecommunications Public Limited Company | Malicious software identification |
US10931689B2 (en) | 2015-12-24 | 2021-02-23 | British Telecommunications Public Limited Company | Malicious network traffic identification |
US10839077B2 (en) | 2015-12-24 | 2020-11-17 | British Telecommunications Public Limited Company | Detecting malicious software |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10581898B1 (en) | 2015-12-30 | 2020-03-03 | Fireeye, Inc. | Malicious message analysis system |
US10872151B1 (en) | 2015-12-30 | 2020-12-22 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10341365B1 (en) | 2015-12-30 | 2019-07-02 | Fireeye, Inc. | Methods and system for hiding transition events for malware detection |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10445502B1 (en) | 2015-12-31 | 2019-10-15 | Fireeye, Inc. | Susceptible environment detection system |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US10334062B2 (en) | 2016-02-25 | 2019-06-25 | InAuth, Inc. | Systems and methods for recognizing a device |
US11778059B1 (en) | 2016-02-25 | 2023-10-03 | Accertify, Inc. | Systems and methods for recognizing a device |
US11632392B1 (en) | 2016-03-25 | 2023-04-18 | Fireeye Security Holdings Us Llc | Distributed malware detection system and submission workflow thereof |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10032023B1 (en) * | 2016-03-25 | 2018-07-24 | Symantec Corporation | Systems and methods for selectively applying malware signatures |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US11194901B2 (en) | 2016-03-30 | 2021-12-07 | British Telecommunications Public Limited Company | Detecting computer security threats using communication characteristics of communication protocols |
US10705829B2 (en) * | 2016-03-30 | 2020-07-07 | International Business Machines Corporation | Software discovery using exclusion |
US11175909B2 (en) | 2016-03-30 | 2021-11-16 | International Business Machines Corporation | Software discovery using exclusion |
US20170286095A1 (en) * | 2016-03-30 | 2017-10-05 | International Business Machines Corporation | Software discovery using exclusion |
US11159549B2 (en) | 2016-03-30 | 2021-10-26 | British Telecommunications Public Limited Company | Network traffic threat identification |
US10536471B1 (en) * | 2016-03-31 | 2020-01-14 | EMC IP Holding Company LLC | Malware detection in virtual machines |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US11979428B1 (en) | 2016-03-31 | 2024-05-07 | Musarubra Us Llc | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US11936666B1 (en) | 2016-03-31 | 2024-03-19 | Musarubra Us Llc | Risk analyzer for ascertaining a risk of harm to a network and generating alerts regarding the ascertained risk |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US11240262B1 (en) | 2016-06-30 | 2022-02-01 | Fireeye Security Holdings Us Llc | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
CN109414763A (zh) * | 2016-07-26 | 2019-03-01 | 惠普发展公司,有限责任合伙企业 | 三维(3d)印刷 |
US11167374B2 (en) | 2016-07-26 | 2021-11-09 | Hewlett-Packard Development Company, L.P. | Three-dimensional (3D) printing |
US11423144B2 (en) | 2016-08-16 | 2022-08-23 | British Telecommunications Public Limited Company | Mitigating security attacks in virtualized computing environments |
US11562076B2 (en) | 2016-08-16 | 2023-01-24 | British Telecommunications Public Limited Company | Reconfigured virtual machine to mitigate attack |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US11093852B2 (en) | 2016-10-19 | 2021-08-17 | Accertify, Inc. | Systems and methods for recognizing a device and/or an instance of an app invoked on a device |
US11403563B2 (en) | 2016-10-19 | 2022-08-02 | Accertify, Inc. | Systems and methods for facilitating recognition of a device and/or an instance of an app invoked on a device |
WO2018081215A1 (en) * | 2016-10-26 | 2018-05-03 | Mcafee, Llc | Automated security policy |
US10721273B2 (en) | 2016-10-26 | 2020-07-21 | Mcafee Llc | Automated security policy |
WO2018077996A1 (en) * | 2016-10-27 | 2018-05-03 | Bitdefender Ipr Management Ltd | Dynamic reputation indicator for optimizing computer security operations |
RU2723665C1 (ru) * | 2016-10-27 | 2020-06-17 | БИТДЕФЕНДЕР АйПиАр МЕНЕДЖМЕНТ ЛТД | Динамический индикатор репутации для оптимизации операций по обеспечению компьютерной безопасности |
KR102116573B1 (ko) * | 2016-10-27 | 2020-06-03 | 비트데펜더 아이피알 매니지먼트 엘티디 | 컴퓨터 보안 작동을 최적화하기 위한 동적 명성 표시자 |
KR20190067820A (ko) * | 2016-10-27 | 2019-06-17 | 비트데펜더 아이피알 매니지먼트 엘티디 | 컴퓨터 보안 작동을 최적화하기 위한 동적 명성 표시자 |
US10237293B2 (en) * | 2016-10-27 | 2019-03-19 | Bitdefender IPR Management Ltd. | Dynamic reputation indicator for optimizing computer security operations |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10771483B2 (en) | 2016-12-30 | 2020-09-08 | British Telecommunications Public Limited Company | Identifying an attacked computing device |
US11170113B2 (en) * | 2017-01-04 | 2021-11-09 | Checkmarx Ltd. | Management of security vulnerabilities |
US20180189492A1 (en) * | 2017-01-05 | 2018-07-05 | Fujitsu Limited | Non-transitory computer-readable storage medium, information processing apparatus and method |
US11036564B2 (en) | 2017-01-05 | 2021-06-15 | Fujitsu Limited | Non-transitory computer-readable storage medium, information processing apparatus and method for detecting malware |
EP3346409A1 (de) * | 2017-01-05 | 2018-07-11 | Fujitsu Limited | Programm, informationsverarbeitungsvorrichtung und -verfahren |
US11048799B2 (en) * | 2017-01-05 | 2021-06-29 | Fujitsu Limited | Dynamic malware analysis based on shared library call information |
EP3370183A1 (de) * | 2017-03-02 | 2018-09-05 | X Development LLC | Kennzeichnen von malwre-dateien zur ähnlichkkeitssuche |
EP3839785A1 (de) * | 2017-03-02 | 2021-06-23 | X Development LLC | Kennzeichnen von malwre-dateien zur ähnlichkeitssuche |
US11570211B1 (en) | 2017-03-24 | 2023-01-31 | Fireeye Security Holdings Us Llc | Detection of phishing attacks using similarity analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US11677757B2 (en) | 2017-03-28 | 2023-06-13 | British Telecommunications Public Limited Company | Initialization vector identification for encrypted malware traffic detection |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US11863581B1 (en) | 2017-03-30 | 2024-01-02 | Musarubra Us Llc | Subscription-based malware detection |
US11997111B1 (en) | 2017-03-30 | 2024-05-28 | Musarubra Us Llc | Attribute-controlled malware detection |
US11399040B1 (en) | 2017-03-30 | 2022-07-26 | Fireeye Security Holdings Us Llc | Subscription-based malware detection |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10848397B1 (en) | 2017-03-30 | 2020-11-24 | Fireeye, Inc. | System and method for enforcing compliance with subscription requirements for cyber-attack detection service |
GB2561177B (en) * | 2017-04-03 | 2021-06-30 | Cyan Forensics Ltd | Method for identification of digital content |
US11762959B2 (en) | 2017-04-03 | 2023-09-19 | Cyacomb Limited | Method for reducing false-positives for identification of digital content |
WO2018185455A1 (en) * | 2017-04-03 | 2018-10-11 | Edinburgh Napier University | Method for reducing false-positives for identification of digital content |
US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
US11038876B2 (en) | 2017-06-09 | 2021-06-15 | Lookout, Inc. | Managing access to services based on fingerprint matching |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10482175B2 (en) * | 2017-07-31 | 2019-11-19 | 51 Degrees Mobile Experts Limited | Identifying properties of a communication device |
US20190034413A1 (en) * | 2017-07-31 | 2019-01-31 | 51 Degrees Mobile Experts Limited | Identifying properties of a communication device |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US20200110877A1 (en) * | 2017-09-29 | 2020-04-09 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
US11620381B2 (en) | 2017-09-29 | 2023-04-04 | Kyndryl, Inc. | Dynamic re-composition of patch groups using stream clustering |
US10977366B2 (en) * | 2017-09-29 | 2021-04-13 | International Business Machines Corporation | Dynamic re-composition of patch groups using stream clustering |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US12069087B2 (en) | 2017-10-27 | 2024-08-20 | Google Llc | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11637859B1 (en) | 2017-10-27 | 2023-04-25 | Mandiant, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11949692B1 (en) | 2017-12-28 | 2024-04-02 | Google Llc | Method and system for efficient cybersecurity analysis of endpoint events |
US20190228151A1 (en) * | 2018-01-25 | 2019-07-25 | Mcafee, Llc | System and method for malware signature generation |
WO2019147384A1 (en) * | 2018-01-25 | 2019-08-01 | Mcafee, Llc | System and method for malware signature generation |
US11580219B2 (en) * | 2018-01-25 | 2023-02-14 | Mcafee, Llc | System and method for malware signature generation |
CN111869176A (zh) * | 2018-01-25 | 2020-10-30 | 迈克菲有限责任公司 | 用于恶意软件签名生成的系统和方法 |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11856011B1 (en) | 2018-03-30 | 2023-12-26 | Musarubra Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11882140B1 (en) | 2018-06-27 | 2024-01-23 | Musarubra Us Llc | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11270016B2 (en) | 2018-09-12 | 2022-03-08 | British Telecommunications Public Limited Company | Ransomware encryption algorithm determination |
US11449612B2 (en) | 2018-09-12 | 2022-09-20 | British Telecommunications Public Limited Company | Ransomware remediation |
US12008102B2 (en) | 2018-09-12 | 2024-06-11 | British Telecommunications Public Limited Company | Encryption key seed determination |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US12074887B1 (en) | 2018-12-21 | 2024-08-27 | Musarubra Us Llc | System and method for selectively processing content after identification and removal of malicious content |
US11176251B1 (en) | 2018-12-21 | 2021-11-16 | Fireeye, Inc. | Determining malware via symbolic function hash analysis |
US11743290B2 (en) | 2018-12-21 | 2023-08-29 | Fireeye Security Holdings Us Llc | System and method for detecting cyberattacks impersonating legitimate sources |
US11985149B1 (en) | 2018-12-31 | 2024-05-14 | Musarubra Us Llc | System and method for automated system for triage of cybersecurity threats |
US11601444B1 (en) | 2018-12-31 | 2023-03-07 | Fireeye Security Holdings Us Llc | Automated system for triage of customer issues |
US11310238B1 (en) | 2019-03-26 | 2022-04-19 | FireEye Security Holdings, Inc. | System and method for retrieval and analysis of operational data from customer, cloud-hosted virtual resources |
US11750618B1 (en) | 2019-03-26 | 2023-09-05 | Fireeye Security Holdings Us Llc | System and method for retrieval and analysis of operational data from customer, cloud-hosted virtual resources |
US11677786B1 (en) | 2019-03-29 | 2023-06-13 | Fireeye Security Holdings Us Llc | System and method for detecting and protecting against cybersecurity attacks on servers |
US11636198B1 (en) | 2019-03-30 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for cybersecurity analyzer update and concurrent management system |
US11232206B2 (en) | 2019-04-23 | 2022-01-25 | Microsoft Technology Licensing, Llc | Automated malware remediation and file restoration management |
US11232205B2 (en) * | 2019-04-23 | 2022-01-25 | Microsoft Technology Licensing, Llc | File storage service initiation of antivirus software locally installed on a user device |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US12063229B1 (en) | 2019-06-24 | 2024-08-13 | Google Llc | System and method for associating cybersecurity intelligence to cyberthreat actors through a similarity matrix |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11750402B2 (en) * | 2019-06-28 | 2023-09-05 | Intel Corporation | Message index aware multi-hash accelerator for post quantum cryptography secure hash-based signing and verification |
US20220086010A1 (en) * | 2019-06-28 | 2022-03-17 | Intel Corporation | Message index aware multi-hash acelerator for post quantum cryptography secure hash-based signing and verification |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11582191B2 (en) | 2019-07-03 | 2023-02-14 | Centripetal Networks, Inc. | Cyber protections of remote networks via selective policy enforcement at a central network |
US11799832B2 (en) | 2019-07-03 | 2023-10-24 | Centripetal Networks, Llc | Cyber protections of remote networks via selective policy enforcement at a central network |
US11374905B2 (en) * | 2019-07-03 | 2022-06-28 | Centripetal Networks, Inc. | Methods and systems for efficient cyber protections of mobile devices |
US11063909B1 (en) * | 2019-07-03 | 2021-07-13 | Centripetal Networks, Inc. | Methods and systems for efficient cyber protections of mobile devices |
US12015590B2 (en) | 2019-07-03 | 2024-06-18 | Centripetal Networks, Llc | Methods and systems for efficient cyber protections of mobile devices |
US11366902B2 (en) * | 2019-07-17 | 2022-06-21 | AO Kaspersky Lab | System and method of detecting malicious files based on file fragments |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11888875B1 (en) | 2019-12-24 | 2024-01-30 | Musarubra Us Llc | Subscription and key management system |
US11436327B1 (en) | 2019-12-24 | 2022-09-06 | Fireeye Security Holdings Us Llc | System and method for circumventing evasive code for cyberthreat detection |
US11838300B1 (en) | 2019-12-24 | 2023-12-05 | Musarubra Us Llc | Run-time configurable cybersecurity system |
US11522884B1 (en) | 2019-12-24 | 2022-12-06 | Fireeye Security Holdings Us Llc | Subscription and key management system |
US11947669B1 (en) | 2019-12-24 | 2024-04-02 | Musarubra Us Llc | System and method for circumventing evasive code for cyberthreat detection |
US20210303676A1 (en) * | 2020-03-31 | 2021-09-30 | Airbus Operations Gmbh | Information processing architecture for implementation in a vehicle |
US12032678B2 (en) * | 2020-03-31 | 2024-07-09 | Airbus Operations Gmbh | Information processing architecture for implementation in a vehicle |
US11546315B2 (en) * | 2020-05-28 | 2023-01-03 | Hewlett Packard Enterprise Development Lp | Authentication key-based DLL service |
US12056239B2 (en) * | 2020-08-18 | 2024-08-06 | Micro Focus Llc | Thread-based malware detection |
US12081540B2 (en) | 2021-05-04 | 2024-09-03 | Lookout, Inc. | Configuring access to a network service based on a security state of a mobile device |
US11941122B2 (en) * | 2021-12-28 | 2024-03-26 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US20230205879A1 (en) * | 2021-12-28 | 2023-06-29 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US20230205844A1 (en) * | 2021-12-28 | 2023-06-29 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US20230205881A1 (en) * | 2021-12-28 | 2023-06-29 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US11941121B2 (en) * | 2021-12-28 | 2024-03-26 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US11941123B2 (en) * | 2021-12-28 | 2024-03-26 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US20230205878A1 (en) * | 2021-12-28 | 2023-06-29 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
US11941124B2 (en) * | 2021-12-28 | 2024-03-26 | Uab 360 It | Systems and methods for detecting malware using static and dynamic malware models |
Also Published As
Publication number | Publication date |
---|---|
US9542555B2 (en) | 2017-01-10 |
WO2007117636A2 (en) | 2007-10-18 |
US20070240221A1 (en) | 2007-10-11 |
WO2007117635A2 (en) | 2007-10-18 |
WO2007117582A2 (en) | 2007-10-18 |
WO2007117585A2 (en) | 2007-10-18 |
US8321941B2 (en) | 2012-11-27 |
US9104871B2 (en) | 2015-08-11 |
EP2011099A2 (de) | 2009-01-07 |
WO2007117567A2 (en) | 2007-10-18 |
US20110179484A1 (en) | 2011-07-21 |
WO2007117574A2 (en) | 2007-10-18 |
US9064115B2 (en) | 2015-06-23 |
EP2011099A4 (de) | 2013-08-21 |
US20070240219A1 (en) | 2007-10-11 |
US20070240217A1 (en) | 2007-10-11 |
WO2007117582A3 (en) | 2008-08-14 |
US9576131B2 (en) | 2017-02-21 |
US8312545B2 (en) | 2012-11-13 |
US20070240220A1 (en) | 2007-10-11 |
WO2007117585A3 (en) | 2008-05-15 |
WO2007117636A3 (en) | 2008-04-24 |
WO2007117574A3 (en) | 2008-08-21 |
US20160012227A1 (en) | 2016-01-14 |
US20150347753A1 (en) | 2015-12-03 |
US20070240218A1 (en) | 2007-10-11 |
US9009818B2 (en) | 2015-04-14 |
WO2007117567A3 (en) | 2008-02-28 |
WO2007117635A3 (en) | 2008-06-26 |
MX2008012891A (es) | 2009-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9576131B2 (en) | Malware detection system and method for mobile platforms | |
US8464340B2 (en) | System, apparatus and method of malware diagnosis mechanism based on immunization database | |
US9639697B2 (en) | Method and apparatus for retroactively detecting malicious or otherwise undesirable software | |
US10430586B1 (en) | Methods of identifying heap spray attacks using memory anomaly detection | |
US7877806B2 (en) | Real time malicious software detection | |
US7640589B1 (en) | Detection and minimization of false positives in anti-malware processing | |
US8613096B2 (en) | Automatic data patch generation for unknown vulnerabilities | |
US8819835B2 (en) | Silent-mode signature testing in anti-malware processing | |
US8239944B1 (en) | Reducing malware signature set size through server-side processing | |
US8196201B2 (en) | Detecting malicious activity | |
US9088601B2 (en) | Method and apparatus for detecting malicious software through contextual convictions, generic signatures and machine learning techniques | |
KR101071597B1 (ko) | 이동 통신 프레임워크에서 스캐닝 서브시스템을업데이트하기 위한 업데이트시스템 및 업데이트 방법 | |
US7540030B1 (en) | Method and system for automatic cure against malware | |
GB2368233A (en) | Maintaining virus detection software in a mobile wireless device | |
Rosenberg et al. | Bypassing system calls–based intrusion detection systems | |
US11372971B2 (en) | Threat control | |
Bose et al. | Behavioral Detection of Malicious Programs on Mobile Handsets | |
AU2007203373A1 (en) | Detecting malicious activity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SMOBILE SYSTEMS, INC., OHIO Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TUVELL, GEORGE;BHARDWAJ, SHANTARU;REEL/FRAME:019203/0613 Effective date: 20070419 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: JUNIPER NETWORKS, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SMOBILE SYSTEMS, INC.;REEL/FRAME:025693/0282 Effective date: 20110120 |
|
AS | Assignment |
Owner name: JUNIPER NETWORKS, INC., CALIFORNIA Free format text: SECURITY INTEREST;ASSIGNORS:PULSE SECURE, LLC;SMOBILE SYSTEMS, INC.;REEL/FRAME:034037/0526 Effective date: 20141001 Owner name: PULSE SECURE, LLC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:JUNIPER NETWORKS, INC.;REEL/FRAME:034036/0904 Effective date: 20141001 |
|
AS | Assignment |
Owner name: SMOBILE SYSTEMS, INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JUNIPER NETWORKS, INC.;REEL/FRAME:053271/0307 Effective date: 20200720 Owner name: PULSE SECURE, LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JUNIPER NETWORKS, INC.;REEL/FRAME:053271/0307 Effective date: 20200720 |