WO2007069337A1 - 不正通信プログラムの規制システム及びそのプログラム - Google Patents
不正通信プログラムの規制システム及びそのプログラム Download PDFInfo
- Publication number
- WO2007069337A1 WO2007069337A1 PCT/JP2005/023437 JP2005023437W WO2007069337A1 WO 2007069337 A1 WO2007069337 A1 WO 2007069337A1 JP 2005023437 W JP2005023437 W JP 2005023437W WO 2007069337 A1 WO2007069337 A1 WO 2007069337A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- communication
- program
- unauthorized
- module
- restriction
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Definitions
- the present invention relates to a computer system that regulates unauthorized communications, and in particular, monitors communications modules (various communications programs) that run on its own computer and conducts unauthorized communications before accessing an external computer from its own computer.
- the present invention relates to a computer system and its program that automatically regulate Background art
- Non-Patent Document 2 There is a known (software tool) with a function (see Non-Patent Document 2).
- Non-Patent Document 2 Products of Websense, Inc. (Web page introducing the product name "Product Websense Enterprise Client Policy Manager (CPM)"), [2 0 0 5 years 1 0 20 20 search], Nyuichi Net ⁇ Mtp: ⁇ www.atmarkit.co.jp/news/200405/20/websense.html) Disclosure of Invention
- Non-Patent Document 2 have the advantage that communication can be restricted even if the computer is taken out of the LAN because it is restricted by its own computer.
- the method described in Non-Patent Document 2 it is possible to prevent the application from being executed, but it is not possible to block only the communication by the application. For this reason, there is a drawback that it cannot be used for applications that are allowed to be used offline.
- the present invention is made up of the circumstances as described above, and an object of the present invention is to perform monitoring and restriction settings for all computers under management using a server installed in a campus network. It is another object of the present invention to provide a fraudulent communication program regulation system and method capable of monitoring and regulating fraudulent communication programs regardless of the network environment of the computer under management. (Means for solving problems)
- the present invention relates to an unauthorized communication program regulation system and program in a client server system having a centralized management server for managing client computers in a local network, and the above object of the present invention relates to the system.
- the central management server includes distribution means for distributing a file pattern for identifying various unauthorized communication programs to each client computer under management via the local network, and the client computer is generated from the computer.
- a filtering module that performs communication monitoring and regulation processing, the filtering module including a database that stores the file pattern acquired from the central management server, and the client composition
- a communication detection means for monitoring a communication event generated from the received communication module and detecting occurrence of a communication start request to another computer; a file pattern of the communication module requesting the communication start request; and the database
- the communication module to check whether the communication module is an unauthorized communication program, and when the inspection means determines that the communication module is an unauthorized communication program, This is achieved by providing communication restriction means for restricting before executing the start request.
- the central management server further includes setting means for setting a restriction rule including information regarding presence / absence of restriction of each communication module, and the communication restriction means is a communication module designated as restricted by the setting means.
- the setting means displays a list of the unauthorized communication programs in which the file pattern is registered on the display unit of the management terminal as a setting screen, and selects from the list By having the function of setting what has been regulated as the subject of regulation, each can be achieved more effectively.
- the communication start request is a connection request to another computer or a data transmission request, and includes a data center for centrally managing the file pattern
- the distribution means includes the latest received from the data center.
- a file distribution module to each client computer in a timely manner, and the filtering module starts monitoring the unauthorized communication program. Even in a situation where Puyu cannot communicate with the central management server, the monitoring process and the regulation processing of the unauthorized communication program are continued, and the file pattern held by the central management server is a normal application that is not an unauthorized communication program.
- Each of which includes a file pattern for specifying a file, and the communication restriction means has a function of permitting only communication of an application designated as unregulated by the setting means. .
- the client computer receives a file pattern for specifying various unauthorized communication programs and stores them in a database, and a communication module started by the client computer.
- the client computer further receives a restriction rule setting information including information on the presence / absence of restriction of each communication module registered on the central management server side, and is designated as restricted by the setting means.
- This function can be achieved more effectively by using a function that performs the above-mentioned communication restriction process for a communication module and a program that realizes the above.
- a communication event generated from a communication module is monitored, a file pattern of a communication start request generated from a communication module (various communication programs) and a file acquired in advance from a central management server.
- a communication start request generated from a communication module variant communication programs
- a file acquired in advance from a central management server.
- the load on the CPU is less than that of the method of analyzing and determining the communication content.
- FIG. 1 is a schematic diagram showing an example of the overall configuration of the unauthorized communication program regulation system according to the present invention.
- FIG. 2 is a schematic block diagram showing a configuration example of the unauthorized communication program monitoring system 10 in FIG.
- FIG. 3 is a flowchart showing a basic operation example of the unauthorized communication program monitoring system according to the present invention.
- FIG. 4 is a flowchart showing an overview of the unauthorized communication program monitoring and restriction process according to the present invention.
- FIG. 5 is a flowchart showing an example of operation when acquiring the regulation rule and file pattern according to the present invention.
- FIG. 6 is a flowchart showing an operation example when monitoring an unauthorized communication program according to the present invention.
- the present invention is preferably applied to a computer network system installed in a company, public organization, school or the like.
- a case where the present invention is applied to a client-server type combination system will be described as an example. To do.
- FIG. 1 is a schematic diagram showing an example of the overall configuration of an unauthorized communication program restriction system according to the present invention (hereinafter referred to as “illegal communication restriction system”).
- each client computer 3 is normally connected to a local network 2 (hereinafter referred to as “LAN”), and is connected to the Internet 1 via the LAN 2.
- LAN local network 2
- central management servers 20 for managing each user terminal 3.
- the central management server 20 has, as functions according to the present invention, a function 2 la for distributing file pattern information (hereinafter referred to as “file pattern”) for identifying various unauthorized communication programs, and processing at the time of regulation.
- file pattern file pattern information
- regulation rule setting function 2 1 b regulation rule setting function 2 1 b.
- the means for realizing these functions 2 la and 2 lb in the computer is a computer program in the present embodiment.
- the program By installing and operating the program on a predetermined management computer, the program is operated as a centralized management server 20 having a file pattern distribution function 21a and a regulation rule setting function 21b.
- the above distribution function 2 1 a is a function for distributing (distributing) the file pattern via the local network 1 in each client contributor — evening 3 under management.
- a distribution function 2 1 a a function for distributing (distributing) the regulation rules to each client computer 3 via the local network 1 is also provided.
- the file pattern is centrally managed by a data center (not shown). If a new type of unauthorized communication program that cannot be detected by the previous file pattern is found in the data center, the program Pattern data that can be detected is registered and the file pattern is updated sequentially, and the latest file pattern is sent in response to a request from the central management server 20, or it is sent to the central management server 20 in a timely manner. I have to.
- the “regulatory rule” set in a is a rule related to the regulation of unauthorized communications programs, such as what types of communication modules are subject to regulation or non-regulation, and what kind of regulation processing is performed. It is defined and consists of information on the presence or absence of regulations and setting information such as the processing mode at the time of regulation.
- This regulation rule is information that can be set for each user, each group, or each system. Specific examples will be described later.
- the number of central management servers 20 is arbitrary, and existing management computers existing in LAN 2 can be used. For example, in a company, an administrator's interview or a predetermined server may be used, and in a school, each teacher's computer or a predetermined server may be the central management server 20.
- the client computer 3 (hereinafter referred to as “user terminal”) is a portable or stationary general-purpose computer such as a PC (Personal Computer) or WS (Work Station), or a mobile phone or PDA (Personal Digital). Any information processing device capable of data communication with websites (including mobile sites) on the Internet 1 and capable of executing applications, such as portable information communication devices such as Assistants).
- the unauthorized communication program monitoring system 10 running on the user terminal 3 is a system that constitutes the main part of the unauthorized communication control system. In this embodiment, under the control of the OS (operating system). It is a client module that runs and is installed in each user terminal 3.
- FIG. 2 is a schematic block diagram showing an example of the configuration of the unauthorized communication program monitoring system 10 in FIG. 1.
- the unauthorized communication program monitoring system 10 is composed of a communication module 1 1 and a filtering module 1 2. Composed.
- the communication module 1 1 is various communication programs that communicate with other computers, such as web browsers such as Internet Explorer (registered trademark) and P 2 P (peer-to-peer) programs.
- the filtering module 12 is a client module having a function of monitoring and regulating communication processing in the communication module 11.
- the fill-up module 12 monitors the communication event generated from the communication module 11 1 started on the client computer 3 and detects the occurrence of a communication start request to another combo.
- Means is compared with the file pattern stored in the file pattern data base 1 3 of the request source communication module of the communication start request, and whether the communication module 1 1 1 is an unauthorized communication program.
- the fill ring module 12 is configured by a computer program, and a program for processing each step described below of the fill ring module 12 is installed in the user terminal 3 to operate.
- the computer is operated as the user terminal 3 having the self-monitoring function and the self-regulatory function of the illegal communication program.
- the monitored communication modules 1 1 are, for example, “things that carry out illegal communications (those that are suspected of copyright infringement)”, “things that carry out highly confidential communications”, “unnecessary for business, etc.” Communication modules that have the potential to perform unauthorized communications, such as those that perform malicious communications, and those that perform malicious communications, such as communications modules (eg, “Winny”) that are preset in the regulation rules. P2P program).
- the filtering module 1 2 When the filtering module 1 2 starts monitoring the unauthorized communication program, the unauthorized communication program monitoring process and regulation process continue even if the user terminal 3 is taken out to a network environment where it cannot communicate with the centralized management server 20. .
- the user terminal 3 on which the filtering module 1 2 operates is present in the LAN 2, that is, while connected to the LAN 2, the file pattern of the unauthorized communication program in a timely manner (at regular intervals in this example). (And regulation rules) are acquired from the central management server 20.
- the Phil Ring module 1 2 monitors communication events generated from the communication module 1 1 activated on the user terminal 3, and detects the occurrence of a connection request with another computer or a data transmission request to another computer.
- the file pattern database 1 3 is used to search for a match between the file pattern of the request source communication module 1 1 and the file pattern of the unauthorized communication program, and the request source communication module 1 1 is invalid. It is determined whether it is a communication program.
- the communication module 11 is an unauthorized communication program
- the corresponding regulation process is activated according to the processing form defined by the regulation rule. Then, for example, the communication is interrupted, a warning window is displayed on the screen of the user terminal, and notification information is transmitted to notify the administrator via the central management server 20. Run the process.
- the central management server 20 Upon receiving a notification from the filtering module 12, the central management server 20 stores, for example, notification information (source terminal ID or user ID, illegal communication program ID, communication destination information, etc.) and manages it. You can send emails to 0 A message is displayed when an administrator logs in to the central management server 20.
- notification information source terminal ID or user ID, illegal communication program ID, communication destination information, etc.
- the unauthorized communication program monitoring system is composed of “Communication Module 1 1” and “Filling Module 12”, and the file pattern of Communication Module 1 1 (each communication program) is changed.
- the “File Pattern Database 13” is provided to store the file patterns (pattern information group of each communication program) acquired from the central management server 20 so that they can be searched with the pattern information of each communication program. .
- the filtering module 12 is a client module that operates in a pair with the communication module 11, and the filtering module 12, which is a form of LSP (Layered Service Providers), relates to communication control such as TCPZIP socket interface.
- LSP Layerered Service Providers
- the monitoring process and the regulation process of the unauthorized communication program according to the present invention are executed using the application program interface (API).
- the LSP is a system driver that can perform unique application processing in the transport data processing of the transport layer of the OS I (Open Systems Interconnection) reference model.
- APIs such as the TCP / IP socket-in-the-night interface have been provided by most general-purpose conversation-evening operating systems.
- the operating system is Windows (registered trademark)
- Windsock Communication control software that has an API such as a socket interface called "" is prepared.
- application-specific processing can be executed before communication starts.
- such an API is used to detect communication at the stage of preparation processing for communication, and execute monitoring processing and regulation processing of unauthorized communication programs.
- FIG. 3 is a flowchart showing a basic operation example of the unauthorized communication program monitoring system according to the present invention. It shows the state of working with a pair. As shown in the flowchart of FIG. 3, when the communication module 11 is activated by the user, the filtering module 12 in the form of LSP is loaded (step S 11).
- the filtering module 1 2 detects the connection request generated from the communication module 1 1 (step S 1 2), and makes its own as necessary. After performing the above process (step S 1 3), the connection process is executed to connect to the communication partner (steps S 14 and S 15). After that, as shown in steps S16 to S31, at the time of data transmission, data reception, and connection disconnection, the filtering module 12 detects these request messages and uses them independently. After the above processes (steps S 19, S 25, S 29) are performed as necessary, the corresponding process is executed.
- the filtering module 12 requests a connection request or a transmission request (hereinafter referred to as a “communication start request”) when a connection request or a transmission request is detected (a point before performing communication processing).
- the file pattern of the original communication module 1 1 is checked against the file pattern of the file pattern database 1 3 to check whether the communication module 1 1 is an unauthorized communication program and to detect an unauthorized communication program.
- the regulation process is performed in accordance with the “regulation rules” described above.
- the filtering module 12 is implemented as a part of the communication control software that operates in cooperation with the OS (for example, LSP of Winsock). A filling module that does not depend on the communication module can be provided.
- step S 1 When the communication module 1 1 of each user terminal 3 tries to start connection or data transmission with another computer (step S 1), the filtering module 1 2 sends a communication start request ( The occurrence of a connection request or transmission request) is detected, and the file path of the communication module (communication program requesting the communication start request) 11 is acquired (step S 2), and the communication module 11 is executed.
- the file pattern of the file and the file pattern database 1 3 A match search with the file pattern (pattern information of each communication program) is performed (step S 3).
- step S 4 it is determined whether or not the communication module 11 is regulated (regulated communications program specified in the regulation rule) (step S 4) If it is determined that it is subject to restriction, connection to another computer or overnight transmission / reception is restricted (communication is blocked) according to the processing mode at the time of restriction set in the restriction rule. At the same time, warning processing (for example, notification processing by screen display) for the user or the administrator or both is activated in real time (step S5).
- warning processing for example, notification processing by screen display
- step S6 if no matching pattern is detected in step S3, or if it is determined that it is not subject to regulation in step S4, a communication start request is permitted to connect to other computers or data
- the transmission / reception process is executed (step S 6). Thereafter, while the communication module 11 is operating, the processes of steps S1 to S6 are repeated.
- the filtering module 1 2 detects the login and connects to the central management server 20. Execute the process (step S 4 2).
- the fill ring module 1 2 determines whether or not the connection with the central management server 20 is successful (step S 4 3), and if the connection is successful, the user receives a restriction rule acquisition request message.
- Information is transmitted to the central management server 20 (step S 4 4).
- the central management server 20 that has received the user information identifies the regulation rule from the user information (step S 4 5), and sends the latest regulation rule at the present time to the user terminal 3 (step S 4 6). .
- the filtering module 12 of the user terminal 3 acquires the restriction rule, it stores the restriction rule in a storage medium such as a memory (step S 47).
- the file pattern acquisition request message The data is transmitted to the central management server 20 (step S 48).
- the mid-management server 20 checks the version on the user terminal 3 side and, if it is not the latest version, transmits the file pattern (step S 49).
- the file sharing module 12 of the user terminal 3 stores the file pattern received from the central management server 20 in the file pattern database 13 (from step S 5 0, S 5 1 onwards, the user
- the filtering module 1 2 of the terminal 3 sends the restriction rule acquisition request message and the file pattern acquisition request message to the central management server 20 at the appropriate time (in this example, at regular intervals).
- step S 4 3 the connection with the central management server 20 fails in step S 4 3, for example, the portable user terminal 3 is taken out and used. If the user terminal 3 does not exist in the LAN 2, such as when the user is on the network, the previously obtained restriction rule and file pattern are used.
- Restriction rules can be set for each user (or for each group or for each system). For example, an administrator can speak from the management terminal (predetermined communication terminal) to the central management server 20 to Information on presence / absence is set as a regulation rule.
- the central management server 20 displays a list of communication modules 1 1 (various communication programs) as a setting screen on the display part of the management terminal (administrator terminal) as a regulation rule setting function. It has a function to set the one selected from the list as the restriction target.
- the communication module 11 displayed as a list is a communication module 11 whose file patterns are registered in the file pattern database 13 in the preferred embodiment.
- a highly anonymous file exchange shared
- P2P programs such as “Winny”, “WinMX”, and “S hareaza”, which are types of software.
- the administrator selects and designates a restriction target from a group of these unauthorized communication program candidates, the information is set as an element of the restriction rule, and the restriction rule of the user (or group or system) is set.
- the communication module 12 of the user terminal blocks communication of all applications other than the permitted application, and only the specified application (for example, a famous browser) can communicate. It can be a processing form to allow.
- the user terminal filtering module 12 can be configured to block (or permit) all communications using ports other than the specified port number.
- HTTP Hypertext Transfer Protocol
- HTTPS Hypertext Transfer Protocol Security
- FTP File Transfer Protocol
- TCP Transmission Control Protocol
- UDP User Datagram Protocol
- connection destination can be limited, so it is possible to specify a specific application and block communication to other than the IP address specified by the administrator.
- alert trap form For example, when communication of an unauthorized communication program is detected, (b 1) A form in which the administrator is notified by e-mail (sends an alert mail to the administrator via the central management server) Form), (b 2) Message display on the management screen to notify the administrator (form displayed on the screen after logging in to the central management server), (b 3) Display the warning screen and notify the user There are several alert forms, such as form (a form in which a warning window is displayed on the display of user terminal 3). When the communication by the unauthorized communication program is detected, the administrator specifies to whom (not only the access source user, the user and the administrator, only the administrator) what notification format is used. This is specified by selecting one or more of the multiple types of alarms such as
- step S 6 1 In the user terminal, after the communication module 1 1 (in this example, the unauthorized communication program) is activated (step S 6 1), when the unauthorized communication program prepares for communication (step S 6 2) ) Before the communication by the unauthorized communication program is executed, the fill ring module 12 is loaded.
- the fill module 12 is loaded (step S 63).
- the filtering module 12 detects the connection request. Note that once the communication module 11 is loaded, if any event occurs in the communication module 11, the event can be detected (step S 65).
- the filtering module 12 that has detected the connection request to the communication partner obtains the file path of the unauthorized communication program of the load source (connection request source) and reads the execution file (step S 66). Then, using the file pattern database 13 in which file patterns acquired in advance from the central management server are stored, the file pattern of the unauthorized communication program of the connection request source and the file pattern database 13 are stored. Searches for matches with the pattern of each illegal communication program.
- the file pattern to be collated is a partial or entire pattern of the binary pattern of the executable file of the unauthorized communication program, and is set according to the type of the unauthorized communication program.
- the pattern of the first bit string in the executable file If both the second bit string pattern and the second bit string pattern match, if you want to consider it as an illegal communication program (for example, Win MX) even if the other contents do not match, place other than the first and second bit strings. (Information that does not perform a match search) is intentionally left empty and pattern matching processing is performed (step S 67).
- step S 68 it is determined whether or not there is a file pattern matching by the search processing in step S 67 (step S 68). If there is a match, an unauthorized communication program for the file pattern is determined. Is determined as a restriction object in the regulation rule, and if it is a restriction object, the corresponding restriction processing is performed according to the regulation rule. In this example, the connection request is not accepted and the connection process with the communication partner is not executed (step S 69). Then, the communication start request process is terminated, and the communication monitoring process is continued. On the other hand, if it is determined in step S 68 that there is no file pattern match and it is not an unauthorized communication program, the communication start request (connection request in this example) is executed (step S 7 0) The communication monitoring process is continued. In step S69, a restriction process is performed, and it is determined whether or not an alert form has been set for the regulation rule. If so, it is used according to the alert form. Notification processing is performed for the administrator, administrator, or both.
- the case where the central management server is provided in the local network has been described as an example.
- the central management server may be provided on the Internet.
- the case where the fill-up module is configured by a computer program has been described as an example, a part of means for processing each step of the fill-up module may be configured by hardware.
- the present invention can be suitably applied to a computer network system installed in a company, public organization, school, or the like. It can also be used effectively in ordinary households where the parent's eyes are not at home. Furthermore, for example, using a website that provides content such as music and movies, the content downloaded by the user to a computer storage medium is transferred to another computer. Therefore, the present invention can be applied to a system, an information processing apparatus, or a program that prevents malicious acts and crimes.
Abstract
Description
Claims
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020087017218A KR101190564B1 (ko) | 2005-12-15 | 2005-12-15 | 부정 통신 프로그램의 규제 시스템 및 컴퓨터 기록 매체 |
JP2007550065A JP4855420B2 (ja) | 2005-12-15 | 2005-12-15 | 不正通信プログラムの規制システム及びそのプログラム |
US12/086,497 US20100169484A1 (en) | 2005-12-15 | 2005-12-15 | Unauthorized Communication Program Regulation System and Associated Program |
CN2005800522975A CN101326529B (zh) | 2005-12-15 | 2005-12-15 | 对不当通信程序进行限制的限制系统及其限制方法 |
PCT/JP2005/023437 WO2007069337A1 (ja) | 2005-12-15 | 2005-12-15 | 不正通信プログラムの規制システム及びそのプログラム |
EP05819901A EP1970833A4 (en) | 2005-12-15 | 2005-12-15 | SYSTEM AND PROGRAM FOR PROGRAM RESTRICTION IN PROPERLY DISTINCT COMMUNICATION |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2005/023437 WO2007069337A1 (ja) | 2005-12-15 | 2005-12-15 | 不正通信プログラムの規制システム及びそのプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007069337A1 true WO2007069337A1 (ja) | 2007-06-21 |
Family
ID=38162659
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/023437 WO2007069337A1 (ja) | 2005-12-15 | 2005-12-15 | 不正通信プログラムの規制システム及びそのプログラム |
Country Status (6)
Country | Link |
---|---|
US (1) | US20100169484A1 (ja) |
EP (1) | EP1970833A4 (ja) |
JP (1) | JP4855420B2 (ja) |
KR (1) | KR101190564B1 (ja) |
CN (1) | CN101326529B (ja) |
WO (1) | WO2007069337A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010015145A1 (zh) * | 2008-08-05 | 2010-02-11 | 北京金山软件有限公司 | 过滤以及监控程序行为的方法和系统 |
JP2012073674A (ja) * | 2010-09-27 | 2012-04-12 | Nec Personal Computers Ltd | 情報処理装置、通信制御方法及びプログラム |
JP2012118857A (ja) * | 2010-12-02 | 2012-06-21 | Nec System Technologies Ltd | 不正使用ソフトウェア検出システム、不正使用ソフトウェア検出方法及び不正使用ソフトウェア検出プログラム |
JP2014038553A (ja) * | 2012-08-20 | 2014-02-27 | Konica Minolta Inc | 携帯情報装置、画像処理装置、情報保護方法および情報保護プログラム |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8201164B2 (en) * | 2007-07-20 | 2012-06-12 | Microsoft Corporation | Dynamically regulating content downloads |
CN101945084A (zh) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | 客户端网页浏览控管系统及方法 |
US9781019B1 (en) * | 2013-08-15 | 2017-10-03 | Symantec Corporation | Systems and methods for managing network communication |
JP6269313B2 (ja) * | 2014-05-15 | 2018-01-31 | 富士通株式会社 | 基地局装置及び通信システム |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004062416A (ja) * | 2002-07-26 | 2004-02-26 | Nippon Telegr & Teleph Corp <Ntt> | 不正アクセス防止方法、セキュリティポリシーダウンロード方法、pc、およびポリシーサーバ |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5987611A (en) * | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US7159237B2 (en) * | 2000-03-16 | 2007-01-02 | Counterpane Internet Security, Inc. | Method and system for dynamic network intrusion monitoring, detection and response |
JP3639831B2 (ja) * | 2002-02-28 | 2005-04-20 | キヤノン株式会社 | 新規なポリヒドロキシアルカノエート及びその製造方法、それを含有する荷電制御剤、トナーバインダーならびにトナー及び該トナーを用いた画像形成方法および画像形成装置 |
US7376745B2 (en) * | 2002-05-15 | 2008-05-20 | Canon Kabushiki Kaisha | Network address generating system, network address generating apparatus and method, program and storage medium |
US7146638B2 (en) * | 2002-06-27 | 2006-12-05 | International Business Machines Corporation | Firewall protocol providing additional information |
US6850943B2 (en) * | 2002-10-18 | 2005-02-01 | Check Point Software Technologies, Inc. | Security system and methodology for providing indirect access control |
US7827602B2 (en) * | 2003-06-30 | 2010-11-02 | At&T Intellectual Property I, L.P. | Network firewall host application identification and authentication |
JP2005128792A (ja) * | 2003-10-23 | 2005-05-19 | Trend Micro Inc | 通信装置、プログラムおよび記憶媒体 |
JP4172398B2 (ja) * | 2004-02-02 | 2008-10-29 | 日本電気株式会社 | 動画コンテンツ複製防止システム及び動画コンテンツ複製防止方法並びにプログラム |
JP2005260612A (ja) * | 2004-03-12 | 2005-09-22 | Yokogawa Electric Corp | ワーム監視対策システム |
-
2005
- 2005-12-15 KR KR1020087017218A patent/KR101190564B1/ko not_active IP Right Cessation
- 2005-12-15 WO PCT/JP2005/023437 patent/WO2007069337A1/ja active Application Filing
- 2005-12-15 US US12/086,497 patent/US20100169484A1/en not_active Abandoned
- 2005-12-15 EP EP05819901A patent/EP1970833A4/en not_active Withdrawn
- 2005-12-15 CN CN2005800522975A patent/CN101326529B/zh not_active Expired - Fee Related
- 2005-12-15 JP JP2007550065A patent/JP4855420B2/ja active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004062416A (ja) * | 2002-07-26 | 2004-02-26 | Nippon Telegr & Teleph Corp <Ntt> | 不正アクセス防止方法、セキュリティポリシーダウンロード方法、pc、およびポリシーサーバ |
Non-Patent Citations (3)
Title |
---|
"One Point Wall", 20 October 2005, NETAGENT CO., LTD. |
"Websense Enterprise Client Policy Manager (CPM", 20 October 2005, WEBSENSE, INC |
See also references of EP1970833A4 |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010015145A1 (zh) * | 2008-08-05 | 2010-02-11 | 北京金山软件有限公司 | 过滤以及监控程序行为的方法和系统 |
JP2011530121A (ja) * | 2008-08-05 | 2011-12-15 | 北京金山▲軟▼件有限公司 | プログラム動作をフィルタリング・モニタリングするための方法とシステム |
JP2012073674A (ja) * | 2010-09-27 | 2012-04-12 | Nec Personal Computers Ltd | 情報処理装置、通信制御方法及びプログラム |
JP2012118857A (ja) * | 2010-12-02 | 2012-06-21 | Nec System Technologies Ltd | 不正使用ソフトウェア検出システム、不正使用ソフトウェア検出方法及び不正使用ソフトウェア検出プログラム |
JP2014038553A (ja) * | 2012-08-20 | 2014-02-27 | Konica Minolta Inc | 携帯情報装置、画像処理装置、情報保護方法および情報保護プログラム |
Also Published As
Publication number | Publication date |
---|---|
CN101326529B (zh) | 2012-08-22 |
JPWO2007069337A1 (ja) | 2009-05-21 |
EP1970833A1 (en) | 2008-09-17 |
US20100169484A1 (en) | 2010-07-01 |
EP1970833A4 (en) | 2010-09-08 |
KR20080077019A (ko) | 2008-08-20 |
KR101190564B1 (ko) | 2012-10-16 |
JP4855420B2 (ja) | 2012-01-18 |
CN101326529A (zh) | 2008-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6086968B2 (ja) | 悪意のあるソフトウェアに対するローカル保護をするシステム及び方法 | |
US10574698B1 (en) | Configuration and deployment of decoy content over a network | |
US8239951B2 (en) | System, method and computer readable medium for evaluating a security characteristic | |
US7702772B2 (en) | Discovering and determining characteristics of network proxies | |
CN101802837B (zh) | 通过对设备的动态地址隔离来提供网络和计算机防火墙保护的系统和方法 | |
US8090852B2 (en) | Managing use of proxies to access restricted network locations | |
EP2283611B1 (en) | Distributed security provisioning | |
US9325725B2 (en) | Automated deployment of protection agents to devices connected to a distributed computer network | |
US8914644B2 (en) | System and method of facilitating the identification of a computer on a network | |
US20060037077A1 (en) | Network intrusion detection system having application inspection and anomaly detection characteristics | |
US20070199070A1 (en) | Systems and methods for intelligent monitoring and response to network threats | |
WO2007069337A1 (ja) | 不正通信プログラムの規制システム及びそのプログラム | |
US11729176B2 (en) | Monitoring and preventing outbound network connections in runtime applications | |
US20220103526A1 (en) | Policy integration for cloud-based explicit proxy | |
Arul et al. | Supervised deep learning vector quantization to detect MemCached DDOS malware attack on cloud | |
JP5554766B2 (ja) | P2pネットワーク・ソフトウェア・アプリケーションの存在を識別するシステム | |
JP6286314B2 (ja) | マルウェア通信制御装置 | |
TWI764618B (zh) | 網路資安威脅防護系統及相關的前攝性可疑網域示警系統 | |
JP2024046098A (ja) | 情報管理装置および情報管理プログラム | |
Moorthy et al. | Intrusion detection in cloud computing implementation of (saas & iaas) using grid environment | |
WO2024049702A1 (en) | Inline package name based supply chain attack detection and prevention | |
KR20040042490A (ko) | 네트워크 상의 방화벽 검열 우회 방지 시스템 및 그 방법 | |
CN117857503A (zh) | 一种cdn架构下ipv6外链改写防扩散和盗用的方法及系统 | |
WO2003063449A1 (en) | System and method for monitoring network security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200580052297.5 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2007550065 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005819901 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020087017218 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12086497 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 2005819901 Country of ref document: EP |