WO2006115935A2 - Protecting a computer that provides a web service from malware - Google Patents
Protecting a computer that provides a web service from malware Download PDFInfo
- Publication number
- WO2006115935A2 WO2006115935A2 PCT/US2006/014743 US2006014743W WO2006115935A2 WO 2006115935 A2 WO2006115935 A2 WO 2006115935A2 US 2006014743 W US2006014743 W US 2006014743W WO 2006115935 A2 WO2006115935 A2 WO 2006115935A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- malware
- binary code
- computer
- request
- web service
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- the present invention relates to computers and, more particularly, to protecting a computer that provides a Web service from malware.
- human interaction was typically required to complete transactions, such as purchasing software or providing data in an informational database.
- distribution of some products required a system for packaging and distributing the products to buyers.
- creating a system of distributing software and similar products was typically expensive for providers.
- exchanging large quantities of information through non-computerized means required at least some human involvement and, as a result, was time-consuming and expensive.
- Web service refers to a software system with a network accessible interface that performs actions on behalf of other software systems.
- a Web service is typically accessed using standard protocols such as the Simple Object Access Protocol ("SOAP")-
- SOAP Simple Object Access Protocol
- a software system located on a remote computer may interact with a Web service in a manner prescribed by definitions that are provided in a service description which defines the methods for communicating with the Web service.
- interactions between software systems typically occur using Extensible Markup Language (“XML”) based messages exchanged via Internet-based protocols, such as the HyperText Transfer Protocol (“HTTP").
- XML Extensible Markup Language
- HTTP HyperText Transfer Protocol
- WSDL Web Services Description Language
- XML-based language that is used to describe a Web service as a set of endpoints.
- a Web service may expose processes to remote software systems for accessing data or executing operations on a computer, or a cluster of computers, that provides the Web service.
- a Web service supports interactions with other software systems at a specified location on a network that may be identified using a Uniform Resource Indicator ("URI").
- URI Uniform Resource Indicator
- a Web service allows developers to use different operating systems and programming languages for communicating between software systems.
- processes provided by a Web service are accessible, for example, by exchanging XML data through a Web interface.
- a service requestor or a "requestor computer”
- computers that provide a Web service are susceptible to malware generated by services requestors.
- a malware author may pass a validly formed request to a Web service that causes a denial of service attack, due to the computational complexity of parsing the XML grammar in the request on a server computer.
- this type of misuse/abuse of legitimate computer system features that causes a negative effect on the computer receiving the transmission is categorized as malware in the present application.
- a denial of service attack a request is made to a Web service that is designed to consume and overwhelm scarce resources on the computer that provides the Web service. As a result, other service requestors are denied, or have limited access to, the Web service that is being attacked.
- a denial of service attack is just one example of a way in which computers that provide a Web service may be attacked by malware generated in a request to the Web service.
- One aspect of the present invention is a method for protecting a computer in a networking environment that provides a Web service from malware generated by a requestor computer. More specifically, the method comprises receiving a request at the computer that provides the Web service, causing high-level code associated with the request to be compiled into binary code that may be executed, and scanning the binary code for malware. If the method identifies malware in the request, then code associated with the request is not executed. Conversely, if malware is not identified, then the request is satisfied.
- the software system includes a network accessible interface capable of accepting a request.
- an on-demand compilation system may compile high-level code associated with the request into binary code that is capable of being executed.
- antivirus software scans the binary code for malware.
- the antivirus software includes a scan engine that compares the binary code to malware signatures generated from known malware.
- a computer-readable medium is provided with contents, i.e., a program that causes a computer to operate in accordance with the method described herein.
- FIGURE 1 is a pictorial depiction of a networking environment that includes a requestor computer and Web service provider computer suitable to illustrate aspects of the prior art
- FIGURE 2 is a block diagram that illustrates components of a Web service provider computer capable of satisfying Web service requests, in accordance with the prior art
- FIGURE 3 is a block diagram that illustrates components of a Web service provider computer capable of satisfying Web service requests without being infected with malware, in accordance with one embodiment of the present invention
- FIGURE 4 is a block diagram that illustrates components of a Web service provider computer capable of satisfying Web service requests without being infected with malware, in accordance with another embodiment of the present invention.
- FIGURE 5 is a flow diagram illustrating one exemplary embodiment of a software implemented method for identifying malware in a request made to a Web service, in accordance with the present invention.
- a system, method, and computer- readable medium for identifying malware in a request to a Web service are provided.
- One aspect of the present invention is a computer-implemented method that protects a computer that provides a Web service from malware implemented in a Web request.
- an on-demand compilation system compiles high-level code associated with the request into binary code that may be executed.
- antivirus software designed to identify malware associated with a request scans the binary code for malware. If malware is identified, the antivirus software prevents the binary code from being executed.
- FIGURE 1 and the following discussion is intended to provide a brief, general description of a Web service implemented in a networking environment 100 that is formed in accordance with the prior art.
- the networking environment 100 is comprised of a requestor computer 102 and a Web service provider computer 104.
- the requestor computer 102 and the Web service provider computer 104 are communicatively connected via the network 106.
- the network 106 may be implemented as a local area network ("LAN”), wide area network (“WAN”), cellular network, IEEE 802.i l, Bluetooth wireless networks, and the like.
- LAN local area network
- WAN wide area network
- IEEE 802.i l IEEE 802.i l
- Bluetooth wireless networks and the like.
- the network 106 will be the global network commonly known as the Internet or World Wide Web.
- the requestor computer 102 maintains an exemplary flow 108 of program execution.
- the Web service provider computer 104 provides a network 106 accessible Web service.
- the Web service provides "black-box functionality" that may be accessed from a remote computer using standard network protocols.
- an application executing on one computer such as the requestor computer 102, may invoke a function on a computer that provides the Web service at event 110, by issuing a request.
- the flow 108 of program execution is transferred from the requestor computer 102 to the Web service provider computer 104.
- invoking the function will typically cause program code to be executed on the Web service provider computer 104.
- a request may be constructed in a way that causes malware to be executed on the Web service provider computer 104.
- the flow 108 of program execution is transferred back to the requestor computer 102.
- the Web service will cause data in the form of the response to be transmitted to the requestor computer 102 using standard network protocols.
- the Web service 110 is a type of virtual application that .uses network 106 two-link software components.
- the Web service provider computer 104 includes an interface 200, an execution environment 202, and an on- demand compilation system 204.
- the interface 200 performs actions that include, but are not limited to, parsing the request and passing data associated with the request to the execution environment 202.
- the Web service request 208 is an XML-based message exchanged via Internet-based protocols, such as HTTP.
- the execution environment 202 provides the logic and services for managing the execution of program code when the request 208 is received by the Web service.
- program code that provides and interacts with a Web service may be written in one of a number of different high-level programming languages.
- the execution environment 202 translates program code into an intermediate programming language from which object code 210 is generated in the execution environment 202.
- the unit in which requests are satisfied by a Web service is a page.
- the request 208 may cause an algorithm to be executed by the Web service with the results of the algorithm being transmitted back to the requestor computer 102 in the form of a Web page.
- the on-demand compilation system 204 compiles object code 210 into binary code 214 at various times and in different contexts. Moreover, compilation of object code 210 typically occurs when the code is first required and then cached for future use. In some systems in the prior art, the on-demand compilation system 204 compiles object code 210 into a Dynamically Linked Library (“DLL”) that is cached in memory in order to satisfy subsequent requests. As a result, the number of compilations performed by the on-demand compilation system 204 is minimized, as a binary DLL will only be compiled "on demand.”
- DLL Dynamically Linked Library
- the Web service provider computer 104 includes the interface 200, the execution environment 202, and the on-demand compilation system 204 illustrated in FIGURE 2.
- the Web service request 208 is received at the Web service provider computer 104 from a remote computer.
- the object code 210 is generated by the execution environment 202.
- aspects of the present invention cause the on-demand compilation system 204 to notify the antivirus software 300 when the binary code 214 is scheduled to be executed.
- Components of the antivirus software 300 which include a scan engine 302 and a signature database 304, then determine whether the binary code 214 generated by the on-demand compilation system 204 contains malware.
- the on-demand compilation system 204 is configured to notify the antivirus software 300 when the binary code 214 is scheduled to be executed.
- the antivirus software 300 performs an analysis on the binary code 214 to determine if the code 214 implements the functionality of malware.
- the antivirus software 300 implements a signature-based system for detecting malware.
- One known technique for identifying malware in this type of system includes obtaining a copy of the malware "in the wild.” Then program code that implements the malware is processed with a function that converts the program code into a "signature" that may be used to uniquely identify the malware.
- the scan engine 302 illustrated in FIGURE 3 may employ this known technique to scan the binary code 214 for a malware signature. For example, malware signatures stored in the signature database 304 may be compared to the binary code 214. However, the scan engine 302 may be configured to perform additional types of analysis in order to determine if the binary code 214 is infected with malware. Thus, it should be well understood that other types of malware detection systems not described herein may be implemented in the antivirus software 300.
- the Web service provider computer 104 contains many of the same components as illustrated in FIGURE 3.
- the antivirus software 400 includes a scan engine 402, a signature database 404, and a compiler 406.
- the scan engine 402 and the signature database 404 will typically have similar functions as the similarly-named components described above with reference to FIGURE 3.
- the scan engine 402 illustrated in FIGURE 4 may perform additional functions than the scan engine 302 described above with reference to FIGURE 3.
- the scan engine 402 may scan an XML structure in a request for patterns that match signatures of valid but malicious XML constructs.
- the scan engine 402 may search XML source data received from remote computers for a pattern or signature that matches known malware.
- XML requests may contain an embedded Document Type Definition ("DTD") structure.
- DTD structures may be formed in a way that causes an XML parser, on the Web service provider computer 104, to use excessive computer resources in order process the DTD structure.
- raw input into the Web service is scanned for XML syntax that matches recognizable patterns associated with malware.
- XML input such as nested DTD structures that are designed to overwhelm an XML parser may be identified as malware before being processed by the Web service.
- configuration parameters may be established that allow XML constructs which are normally identified as "malware" to be processed by the Web service.
- an administrative entity such as a system administrator may configure the antivirus software 400 to meet the needs of an organization.
- the Web service request 208 when the Web service request 208 is received, it is passed to the antivirus software 400.
- the compiler 406 400 After the XML source data is analyzed by the scan engine 402, the compiler 406 400 generates the binary code that will be executed as a result of the request. Then the scan engine 402 obtains malware signatures from the signature database 404 and compares the signatures to the binary code generated by the compiler 406.
- the embodiment of the present invention illustrated in FIGURE 4 may cause the same high-level code to be compiled twice.
- the compiler 406 may generate binary code for purposes of malware detection.
- the on-demand compilation system 204 may cause the same binary code to be generated if the antivirus software 400 does not detect malware.
- An optimization in this embodiment, caches or stores the binary code generated by the compiler 406 in an area of memory available to demand compilation system 204.
- ISAPI Internet Server Application Program Interface
- ISAPI filter allows software modules to register for events and edit a data stream that is being transmitted to a Web service.
- requests made to a Web service may be intercepted at an ISAPI filter that performs pre-processing of the requests for purposes of malware detection.
- the preprocessing involves generating binary code that will be executed, as a result of a request, and determining whether this binary code implements the functionality of malware.
- the present invention scans binary code for malware before the binary code is executed.
- the present invention may use traditional techniques, such as signature-based techniques of binary code to detect malware.
- a scan for malware may be performed while code associated with a request is in a high-level language.
- requests made to a Web service typically use the XML messaging protocol.
- antivirus software provided by the present invention may scan a request for specific XML-based syntax that is characteristic of malware.
- code associated with a request is translated into an intermediate language before being compiled into binary code.
- a scan for malware may be performed on the code after being translated into the intermediate language.
- the scan method 500 identifies malware in a request to a Web service.
- the scan method 500 is implemented in an existing system designed to receive a Web request and execute code to satisfy the request.
- the scan method 500 identifies instances in which a scan for malware needs to be performed to prevent potentially exposing a computer that provides a Web service to malware.
- the method 500 causes a scan to be performed before any code associated with the request is executed.
- the scan method 500 begins at block 502 when a Web service is made accessible.
- a Web service is an event-driven system in which actions are performed in response to events, such as a Web service request.
- the scan method 500 is capable of scanning code associated with a request whenever the computer that provides the Web service is capable of accepting a request.
- aspects of the present invention may be implemented as a system service that protects a computer whenever the computer is configured to accept a request to a Web service.
- the scan method 500 remains idle until a Web request is received at a computer that implements the present invention.
- Web requests may be generated using a number of different software systems and communication protocols.
- a Web service typically provides a service description or interface which defines the methods for communicating with the Web service including the manner in which the Web service may be accessed.
- a software system on a requestor computer typically identifies the Web service using a Uniform Resource Indicator ("URI") and makes one or more function calls to the interface defined by the Web service.
- URI Uniform Resource Indicator
- data for making the function call is transmitted over a Web-based protocol, such as HTTP or HTTPS.
- the data may be transmitted using other network protocols without departing from the scope of the present invention.
- the request is in a high-level markup language that facilitates the interchange of data between software systems, such as XML.
- markup languages may be used to make Web requests and the example provided herein should be construed as exemplary and not limiting.
- the high-level code that will be executed to satisfy the Web request received at block 504 is compiled into binary code, at block 506.
- binary code may be generated at various times and in different contexts.
- the on-demand compilation system 204 described above with reference to FIGURE 2 compiles high- level code into binary code when the binary code needs to be executed. Then, the binary code is cached or stored in memory for reuse when subsequent Web requests are received. However, since compiling high-level code into binary code may be performed using existing software systems and methods generally known in the art, further description of this aspect of the method 500 will not be described in further detail here.
- the scan method 500 determines whether the binary code generated at block 506 is scheduled to be executed. Since high-level code may be compiled into binary code at various times and in different contexts, the scan method 500 waits until notice that program execution is scheduled to occur before perfo ⁇ ning a scan for malware.
- the on-demand compilation system 204 may compile a plurality of binary DLLs before program execution is scheduled to occur.
- the on-demand compilation system 204 when binary code associated with a request is scheduled to be executed, notifies antivirus software that implements the present invention.
- the method 500 proceeds to block 510 described in further detail below. If the binary code associated with a request has not been scheduled for execution, the scan method 500 proceeds back to block 506, and blocks 506 through 508 repeat until all of the binary code associated with a request is available and scheduled to be executed.
- the method 500 scans the binary code that is scheduled to be executed for malware.
- software- implemented routines in the scan engine 302 may be used to scan binary code for malware.
- the scan performed at block 510 includes matching patterns of code to a malware "signature.” For example, signatures maintained in the signature database 304 may be compared to the binary code that is generated as a result of the request received at block 504.
- the scan performed a block 510 may include additional malware identification techniques, such as heuristic malware detection techniques described in more detail below. Many existing tools allow developers to perform analysis of binary code that is difficult or impossible on code that is in a high level-language.
- an analysis of binary code may be performed that identifies the function calls made by the binary code to the API of an operating system.
- individual APIs are each assigned a permission level that is indicative of the privileges required to execute the API.
- Requests made to a Web service will not typically require calls to an operating system that requires system or administrative privileges. More generally, Web service requests are expected to access a limited "sandbox" of resources.
- API calls to an operating system that requires an elevated privileged level are "suspicious" and may be characteristic of malware.
- the scan performed at block 510 may include identifying these types of heuristic factors that are "suspicious.”
- existing tools that perform analysis of binary code are used to detect characteristics of the binary code.
- malware author may pass a request to a Web service that causes a denial of service attack.
- software routines on a Web service provider computer accept and interact with the data provided in the request.
- the request is constructed in a way that causes code implemented on the Web service provider computer to consume excessive computer resources.
- otherwise benign code implemented by the Web service provider computer is manipulated to implement the functionality of malware.
- malware may be directly obtained from a remote computer in a request to a Web service.
- some Web services accept code in the Extensible Stylesheet Language ("XSL") that defines how data in the XML format will be displayed.
- XSL Extensible Stylesheet Language
- HTML HyperText Markup Language
- high-level code from a language like XSL is accepted by a Web service, the high-level code is compiled into binary code and eventually executed.
- the malware originates entirely from a remote computer that made a request to the Web service. Since the present invention scans binary code, malware may be detected regardless of where the malware originated.
- the method 500 determines whether malware was identified at block 510. If malware was identified, the method 500 proceeds to block 514, where the receipt of malware at a computer that provides a Web service is handled. Those skilled in the art and others will recognize that the receipt of malware at a Web service may be handled in a number of different ways. For example, the identity of the computer that generated the malware request may be identified and added to a "blacklist" of known malware authors. In this instance, the computer where the request originated may be denied access to the Web service in the future. However, the receipt and identification of malware may be handled using other methods that are generally known in the art. Then, the method 500 proceeds to block 518 where it terminates.
- the scan method 500 proceeds to block 516 where the binary code required to satisfy the Web request received at block 504 is executed. Since systems for executing binary code generated as a result of a Web request are generally known in the art, further descriptions of these systems will not be provided here. Implementations of the present invention are not limited to the exemplary method 500 shown in FIGURE 5. Other methods may include additional actions or eliminate some actions shown. Also, other methods may perform actions in a different order than illustrated in FIGURE 5. For example, the exemplary method 500 shown in FIGURE 5 is described in the context of system where high-level code is compiled into binary code by an on-demand compilation system. Once the binary code is scheduled to be executed, a scan of the binary code by the method 500 is performed.
- the present invention may be implemented as a filter where a data stream directed to a Web service is intercepted.
- high-level code is compiled and scanned for malware before being received by the Web service.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008507840A JP4880674B2 (en) | 2005-04-21 | 2006-04-20 | How to protect computers that provide web services from malware |
EP06750717.8A EP1872232B1 (en) | 2005-04-21 | 2006-04-20 | Protecting a computer that provides a web service from malware |
MX2007011685A MX2007011685A (en) | 2005-04-21 | 2006-04-20 | Protecting a computer that provides a web service from malware. |
BRPI0608845-7A BRPI0608845A2 (en) | 2005-04-21 | 2006-04-20 | computer protection by providing a network service from malicious software |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/112,507 US7603712B2 (en) | 2005-04-21 | 2005-04-21 | Protecting a computer that provides a Web service from malware |
US11/112,507 | 2005-04-21 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2006115935A2 true WO2006115935A2 (en) | 2006-11-02 |
WO2006115935A3 WO2006115935A3 (en) | 2009-04-16 |
Family
ID=37188652
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2006/014743 WO2006115935A2 (en) | 2005-04-21 | 2006-04-20 | Protecting a computer that provides a web service from malware |
Country Status (9)
Country | Link |
---|---|
US (1) | US7603712B2 (en) |
EP (1) | EP1872232B1 (en) |
JP (1) | JP4880674B2 (en) |
KR (1) | KR20080002755A (en) |
CN (1) | CN101542451A (en) |
BR (1) | BRPI0608845A2 (en) |
MX (1) | MX2007011685A (en) |
RU (1) | RU2007138951A (en) |
WO (1) | WO2006115935A2 (en) |
Families Citing this family (214)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US8584239B2 (en) | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US7562293B2 (en) * | 2005-05-27 | 2009-07-14 | International Business Machines Corporation | Method and apparatus for processing a parseable document |
MX2008012891A (en) | 2006-04-06 | 2009-07-22 | Smobile Systems Inc | Malware detection system and method for limited access mobile platforms. |
US8112801B2 (en) * | 2007-01-23 | 2012-02-07 | Alcatel Lucent | Method and apparatus for detecting malware |
US8250540B2 (en) * | 2007-07-16 | 2012-08-21 | Kaspersky Lab Zao | System and method for administration of mobile application |
US9189628B2 (en) * | 2008-04-10 | 2015-11-17 | Adobe Systems Incorporated | Data driven system for responding to security vulnerability |
US8302192B1 (en) * | 2008-04-30 | 2012-10-30 | Netapp, Inc. | Integrating anti-virus in a clustered storage system |
US20100058467A1 (en) * | 2008-08-28 | 2010-03-04 | International Business Machines Corporation | Efficiency of active content filtering using cached ruleset metadata |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
TWI401582B (en) * | 2008-11-17 | 2013-07-11 | Inst Information Industry | Monitor device, monitor method and computer program product thereof for hardware |
US9348977B1 (en) * | 2009-05-26 | 2016-05-24 | Amazon Technologies, Inc. | Detecting malware in content items |
US8621613B1 (en) * | 2009-05-26 | 2013-12-31 | Amazon Technologies, Inc. | Detecting malware in content items |
US8832829B2 (en) * | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
CN101710375B (en) * | 2009-12-16 | 2013-01-23 | 珠海市君天电子科技有限公司 | Anti-viral device in anti-viral software and anti-viral method thereof |
KR101122646B1 (en) * | 2010-04-28 | 2012-03-09 | 한국전자통신연구원 | Method and device against intelligent bots by masquerading virtual machine information |
US9202049B1 (en) | 2010-06-21 | 2015-12-01 | Pulse Secure, Llc | Detecting malware on mobile devices |
KR101251002B1 (en) * | 2010-12-20 | 2013-04-04 | 한국인터넷진흥원 | System for analysing automatic of malicious code and method therefor |
US8726338B2 (en) | 2012-02-02 | 2014-05-13 | Juniper Networks, Inc. | Dynamic threat protection in mobile networks |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US8826240B1 (en) | 2012-09-29 | 2014-09-02 | Appurify, Inc. | Application validation through object level hierarchy analysis |
US9015832B1 (en) | 2012-10-19 | 2015-04-21 | Google Inc. | Application auditing through object level code inspection |
US9113358B1 (en) | 2012-11-19 | 2015-08-18 | Google Inc. | Configurable network virtualization |
US9268668B1 (en) | 2012-12-20 | 2016-02-23 | Google Inc. | System for testing markup language applications |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
US9274935B1 (en) | 2013-01-15 | 2016-03-01 | Google Inc. | Application testing system with application programming interface |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
WO2014145805A1 (en) | 2013-03-15 | 2014-09-18 | Mandiant, Llc | System and method employing structured intelligence to verify and contain threats at endpoints |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9021443B1 (en) | 2013-04-12 | 2015-04-28 | Google Inc. | Test automation API for host devices |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9491193B2 (en) * | 2013-06-27 | 2016-11-08 | Secureage Technology, Inc. | System and method for antivirus protection |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US20150011186A1 (en) * | 2013-07-05 | 2015-01-08 | Electronics And Telecommunications Research Institute | Method and apparatus for detecting sms-based malware |
US9268670B1 (en) | 2013-08-08 | 2016-02-23 | Google Inc. | System for module selection in software application testing including generating a test executable based on an availability of root access |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9292686B2 (en) | 2014-01-16 | 2016-03-22 | Fireeye, Inc. | Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment |
US9367415B1 (en) | 2014-01-20 | 2016-06-14 | Google Inc. | System for testing markup language applications on a device |
US9491229B1 (en) | 2014-01-24 | 2016-11-08 | Google Inc. | Application experience sharing system |
US9170922B1 (en) | 2014-01-27 | 2015-10-27 | Google Inc. | Remote application debugging |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9146764B1 (en) | 2014-09-30 | 2015-09-29 | Amazon Technologies, Inc. | Processing event messages for user requests to execute program code |
US9678773B1 (en) | 2014-09-30 | 2017-06-13 | Amazon Technologies, Inc. | Low latency computational capacity provisioning |
US9600312B2 (en) | 2014-09-30 | 2017-03-21 | Amazon Technologies, Inc. | Threading as a service |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US9588790B1 (en) | 2015-02-04 | 2017-03-07 | Amazon Technologies, Inc. | Stateful virtual compute system |
US9733967B2 (en) | 2015-02-04 | 2017-08-15 | Amazon Technologies, Inc. | Security protocols for low latency execution of program code |
US9767290B2 (en) * | 2015-03-05 | 2017-09-19 | Fujitsu Limited | Autonomous reasoning system for vulnerability analysis |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
EP3295359B1 (en) * | 2015-05-15 | 2020-08-26 | Virsec Systems, Inc. | Detection of sql injection attacks |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
US9864655B2 (en) | 2015-10-30 | 2018-01-09 | Google Llc | Methods and apparatus for mobile computing device security in testing facilities |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10616266B1 (en) | 2016-03-25 | 2020-04-07 | Fireeye, Inc. | Distributed malware detection system and submission workflow thereof |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10826933B1 (en) | 2016-03-31 | 2020-11-03 | Fireeye, Inc. | Technique for verifying exploit/malware at malware detection appliance through correlation with endpoints |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
US10102040B2 (en) | 2016-06-29 | 2018-10-16 | Amazon Technologies, Inc | Adjusting variable limit on concurrent code executions |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10795989B2 (en) * | 2017-03-05 | 2020-10-06 | Fortinet, Inc. | Secure just-in-time (JIT) code generation |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
KR102020645B1 (en) | 2017-10-13 | 2019-11-04 | 김홍기 | Framed type landfill dryer |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US10853115B2 (en) | 2018-06-25 | 2020-12-01 | Amazon Technologies, Inc. | Execution of auxiliary functions in an on-demand network code execution system |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11146569B1 (en) * | 2018-06-28 | 2021-10-12 | Amazon Technologies, Inc. | Escalation-resistant secure network services using request-scoped authentication information |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
US11036865B2 (en) * | 2018-07-05 | 2021-06-15 | Massachusetts Institute Of Technology | Systems and methods for risk rating of vulnerabilities |
US11099870B1 (en) | 2018-07-25 | 2021-08-24 | Amazon Technologies, Inc. | Reducing execution times in an on-demand network code execution system using saved machine states |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11943093B1 (en) | 2018-11-20 | 2024-03-26 | Amazon Technologies, Inc. | Network connection recovery after virtual machine transition in an on-demand network code execution system |
US10936726B2 (en) * | 2018-11-26 | 2021-03-02 | Blackberry Limited | Determining security risks in software code |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
US11176251B1 (en) | 2018-12-21 | 2021-11-16 | Fireeye, Inc. | Determining malware via symbolic function hash analysis |
US12074887B1 (en) | 2018-12-21 | 2024-08-27 | Musarubra Us Llc | System and method for selectively processing content after identification and removal of malicious content |
US11743290B2 (en) | 2018-12-21 | 2023-08-29 | Fireeye Security Holdings Us Llc | System and method for detecting cyberattacks impersonating legitimate sources |
US11601444B1 (en) | 2018-12-31 | 2023-03-07 | Fireeye Security Holdings Us Llc | Automated system for triage of customer issues |
US11861386B1 (en) | 2019-03-22 | 2024-01-02 | Amazon Technologies, Inc. | Application gateways in an on-demand network code execution system |
US11310238B1 (en) | 2019-03-26 | 2022-04-19 | FireEye Security Holdings, Inc. | System and method for retrieval and analysis of operational data from customer, cloud-hosted virtual resources |
US11677786B1 (en) | 2019-03-29 | 2023-06-13 | Fireeye Security Holdings Us Llc | System and method for detecting and protecting against cybersecurity attacks on servers |
US11636198B1 (en) | 2019-03-30 | 2023-04-25 | Fireeye Security Holdings Us Llc | System and method for cybersecurity analyzer update and concurrent management system |
US11119809B1 (en) | 2019-06-20 | 2021-09-14 | Amazon Technologies, Inc. | Virtualization-based transaction handling in an on-demand network code execution system |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
CN110619215B (en) * | 2019-08-23 | 2021-08-20 | 苏州浪潮智能科技有限公司 | Code security scanning method and system |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
US11838300B1 (en) | 2019-12-24 | 2023-12-05 | Musarubra Us Llc | Run-time configurable cybersecurity system |
US11522884B1 (en) | 2019-12-24 | 2022-12-06 | Fireeye Security Holdings Us Llc | Subscription and key management system |
US11436327B1 (en) | 2019-12-24 | 2022-09-06 | Fireeye Security Holdings Us Llc | System and method for circumventing evasive code for cyberthreat detection |
US11714682B1 (en) | 2020-03-03 | 2023-08-01 | Amazon Technologies, Inc. | Reclaiming computing resources in an on-demand code execution system |
US11593270B1 (en) | 2020-11-25 | 2023-02-28 | Amazon Technologies, Inc. | Fast distributed caching using erasure coded object parts |
US11550713B1 (en) | 2020-11-25 | 2023-01-10 | Amazon Technologies, Inc. | Garbage collection in distributed systems using life cycled storage roots |
US11388210B1 (en) | 2021-06-30 | 2022-07-12 | Amazon Technologies, Inc. | Streaming analytics using a serverless compute system |
US11968280B1 (en) | 2021-11-24 | 2024-04-23 | Amazon Technologies, Inc. | Controlling ingestion of streaming data to serverless function executions |
US12015603B2 (en) | 2021-12-10 | 2024-06-18 | Amazon Technologies, Inc. | Multi-tenant mode for serverless code execution |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5414833A (en) | 1993-10-27 | 1995-05-09 | International Business Machines Corporation | Network security system and method using a parallel finite state machine adaptive active monitor and responder |
US5867651A (en) * | 1996-08-27 | 1999-02-02 | International Business Machines Corporation | System for providing custom functionality to client systems by redirecting of messages through a user configurable filter network having a plurality of partially interconnected filters |
US5951698A (en) * | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
US5960170A (en) * | 1997-03-18 | 1999-09-28 | Trend Micro, Inc. | Event triggered iterative virus detection |
JPH11119927A (en) * | 1997-10-16 | 1999-04-30 | Mitsubishi Electric Corp | Printer system |
US6088803A (en) * | 1997-12-30 | 2000-07-11 | Intel Corporation | System for virus-checking network data during download to a client device |
US6529949B1 (en) * | 2000-02-07 | 2003-03-04 | Interactual Technologies, Inc. | System, method and article of manufacture for remote unlocking of local content located on a client device |
US6851057B1 (en) * | 1999-11-30 | 2005-02-01 | Symantec Corporation | Data driven detection of viruses |
US6728886B1 (en) * | 1999-12-01 | 2004-04-27 | Trend Micro Incorporated | Distributed virus scanning arrangements and methods therefor |
US6772413B2 (en) * | 1999-12-21 | 2004-08-03 | Datapower Technology, Inc. | Method and apparatus of data exchange using runtime code generator and translator |
US7093239B1 (en) * | 2000-07-14 | 2006-08-15 | Internet Security Systems, Inc. | Computer immune system and method for detecting unwanted code in a computer system |
GB2366692B (en) * | 2000-08-31 | 2002-08-14 | F Secure Oyj | Virus protection in an internet environment |
US6785732B1 (en) * | 2000-09-11 | 2004-08-31 | International Business Machines Corporation | Web server apparatus and method for virus checking |
US7284274B1 (en) * | 2001-01-18 | 2007-10-16 | Cigital, Inc. | System and method for identifying and eliminating vulnerabilities in computer software applications |
JP2002342279A (en) * | 2001-03-13 | 2002-11-29 | Fujitsu Ltd | Filtering device, filtering method and program for making computer execute the method |
US7231637B1 (en) * | 2001-07-26 | 2007-06-12 | Mcafee, Inc. | Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server |
US6907430B2 (en) * | 2001-10-04 | 2005-06-14 | Booz-Allen Hamilton, Inc. | Method and system for assessing attacks on computer networks using Bayesian networks |
US7107617B2 (en) * | 2001-10-15 | 2006-09-12 | Mcafee, Inc. | Malware scanning of compressed computer files |
US7359962B2 (en) * | 2002-04-30 | 2008-04-15 | 3Com Corporation | Network security system integration |
US20040260754A1 (en) * | 2003-06-20 | 2004-12-23 | Erik Olson | Systems and methods for mitigating cross-site scripting |
JP4322059B2 (en) * | 2003-08-08 | 2009-08-26 | 富士通株式会社 | Input data restriction program and input data restriction method |
ATE532142T1 (en) * | 2004-03-16 | 2011-11-15 | Microdasys Inc | CONTENT MONITORING FOR XML |
US20050273860A1 (en) * | 2004-06-04 | 2005-12-08 | Brian Chess | Apparatus and method for developing, testing and monitoring secure software |
US20060015940A1 (en) * | 2004-07-14 | 2006-01-19 | Shay Zamir | Method for detecting unwanted executables |
-
2005
- 2005-04-21 US US11/112,507 patent/US7603712B2/en not_active Expired - Fee Related
-
2006
- 2006-04-20 CN CNA2006800094089A patent/CN101542451A/en active Pending
- 2006-04-20 RU RU2007138951/09A patent/RU2007138951A/en not_active Application Discontinuation
- 2006-04-20 KR KR1020077019923A patent/KR20080002755A/en not_active Application Discontinuation
- 2006-04-20 WO PCT/US2006/014743 patent/WO2006115935A2/en active Application Filing
- 2006-04-20 BR BRPI0608845-7A patent/BRPI0608845A2/en not_active IP Right Cessation
- 2006-04-20 EP EP06750717.8A patent/EP1872232B1/en active Active
- 2006-04-20 JP JP2008507840A patent/JP4880674B2/en not_active Expired - Fee Related
- 2006-04-20 MX MX2007011685A patent/MX2007011685A/en not_active Application Discontinuation
Non-Patent Citations (1)
Title |
---|
See references of EP1872232A4 * |
Also Published As
Publication number | Publication date |
---|---|
CN101542451A (en) | 2009-09-23 |
KR20080002755A (en) | 2008-01-04 |
US7603712B2 (en) | 2009-10-13 |
EP1872232A4 (en) | 2011-01-05 |
MX2007011685A (en) | 2007-11-15 |
JP4880674B2 (en) | 2012-02-22 |
EP1872232B1 (en) | 2018-08-15 |
EP1872232A2 (en) | 2008-01-02 |
BRPI0608845A2 (en) | 2010-02-02 |
WO2006115935A3 (en) | 2009-04-16 |
US20060242709A1 (en) | 2006-10-26 |
JP2008538638A (en) | 2008-10-30 |
RU2007138951A (en) | 2009-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7603712B2 (en) | Protecting a computer that provides a Web service from malware | |
JP7460696B2 (en) | Real-time detection and protection from malware and steganography in kernel mode | |
US8561190B2 (en) | System and method of opportunistically protecting a computer from malware | |
US9979726B2 (en) | System and method for web application security | |
US8201245B2 (en) | System, method and program product for detecting computer attacks | |
CN100576135C (en) | The method and system that is used for virus scan | |
US8918881B2 (en) | Off-device anti-malware protection for mobile devices | |
US7757289B2 (en) | System and method for inspecting dynamically generated executable code | |
US20100037317A1 (en) | Mehtod and system for security monitoring of the interface between a browser and an external browser module | |
Fass et al. | Doublex: Statically detecting vulnerable data flows in browser extensions at scale | |
RU2573760C2 (en) | Declaration-based content reputation service | |
US20140090054A1 (en) | System and Method for Detecting Anomalies in Electronic Documents | |
US20130042294A1 (en) | Identifying application reputation based on resource accesses | |
US20220269782A1 (en) | Detection of malicious code that is obfuscated within a document file | |
US20120102541A1 (en) | Method and System for Generating an Enforceable Security Policy Based on Application Sitemap | |
US11706251B2 (en) | Simulating user interactions for malware analysis | |
El-Zawawy et al. | Do not let Next-Intent Vulnerability be your next nightmare: type system-based approach to detect it in Android apps | |
Nirumand et al. | A model‐based framework for inter‐app Vulnerability analysis of Android applications | |
Zhang et al. | Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence | |
US9444831B1 (en) | Malicious script detection using context-dependent script emulation | |
Gupta et al. | Developing a blockchain-based and distributed database-oriented multi-malware detection engine | |
Xiang et al. | Ghost in the binder: Binder transaction redirection attacks in Android system services | |
Chaliasos et al. | Mime artist: Bypassing whitelisting for the web with javascript mimicry attacks | |
US12074887B1 (en) | System and method for selectively processing content after identification and removal of malicious content | |
Niu et al. | Behavior-Based Detection Method for Android Malware |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680009408.9 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 3702/CHENP/2007 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020077019923 Country of ref document: KR |
|
ENP | Entry into the national phase |
Ref document number: 2008507840 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/a/2007/011685 Country of ref document: MX Ref document number: 2006750717 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2007138951 Country of ref document: RU |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: PI0608845 Country of ref document: BR Kind code of ref document: A2 |