WO2011083226A1 - Procédé de détection d'un détournement de ressources informatiques - Google Patents
Procédé de détection d'un détournement de ressources informatiques Download PDFInfo
- Publication number
- WO2011083226A1 WO2011083226A1 PCT/FR2010/052639 FR2010052639W WO2011083226A1 WO 2011083226 A1 WO2011083226 A1 WO 2011083226A1 FR 2010052639 W FR2010052639 W FR 2010052639W WO 2011083226 A1 WO2011083226 A1 WO 2011083226A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- parameter
- resources
- network
- external network
- server
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Definitions
- the present invention relates to a method for detecting a diversion of computer resources.
- An increasing number of users have computing resources, such as personal computers or mobile phones, connected to public networks such as the Internet.
- diversions of computing resources are generally implemented so as not to disrupt the operation of resources, which allows in particular not to arouse the suspicions of the user of said resources as to contamination.
- viruses can nevertheless perform hacking operations that are particularly damaging to the users of the contaminated and diverted resources.
- such known "discrete” viruses can steal confidential data, such as code numbers and bank accounts, to communicate to third parties who will use this confidential data fraudulently.
- discrete viruses that control the sending of abusive mail, or "SPAM” in English, of "Distributed Douai of Services” (DDOS) which generates the sending in big volume (since several hundred or thousands of infected machines ) erroneous network messages, in the direction of an Internet network site, in order to disrupt or stop the service, or even order the hosting of illegal contents relating to, for example, pedophilia.
- DDOS distributed Douai of Services
- anti-virus software In order to detect such diversion of computer resources, it is known to implement anti-virus software whose performance is limited to previously identified viruses, according to a static approach according to which the signatures, or fingerprints, of viruses in the bases antivirus programs are static, even though new viruses are frequently generated with, for some, the property of dynamically modifying their digital footprints. In addition, a limited number of users perform regular updates of their anti-virus.
- the present invention results from the observation that, apart from an internal network formed by IT resources subject to security and confidentiality constraints, it is possible to identify a diversion of said IT resources from the internal network by analyzing their behavior, that is, their connections and / or their communications to an external network without these security and confidentiality constraints, typically a public network such as the Internet.
- the invention also includes the observation that in many cases, for example when the user is a small or medium-sized company, or even an individual, this user does not have the means to analyze the behavior of these resources and to detect a problem. diversion of the latter by such a behavioral analysis.
- the present invention relates to a method for detecting a diversion of computer resources, located in an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network, without such criteria of security and confidentiality, by means of a connection managed by an access provider, characterized in that it comprises the following steps:
- an operator outside the internal network can analyze the behavior of said resources while respecting the confidentiality and security criteria of the internal network.
- a user having limited computer analysis means can call upon an outside operator having the means, and expertise, necessary to detect a diversion of its resources while preserving the confidentiality and security of its connections.
- connection parameter can be a domain name, of the type (google.fr), and / or a name of the outgoing mail server of the type (smtp.neuf.fr) where smtp is the outgoing mail protocol for " Simple Mail Transfer Protocol "in English.
- the method By applying to a plurality of domain names and / or outgoing mail servers the method, the latter can then detect an activity whose intensity and / or diversity makes it possible to suspect a diversion of the analyzed resources.
- the method comprises the step of considering at least one of the following elements as a connection parameter: a content of a header and / or a body of a packet transmitted from the internal network to the external network identifiers included in requests of the DNS type sent by the internal network to the external network, identifiers of e-mail recipients addressed from the internal network to the external network.
- the method includes the step of using a hash function to generate a unique code from said connection parameter such as, in particular, a domain name or mail server address.
- the method comprises the step of performing in the internal network an internal analysis of the connection parameter, prior to its processing, in order to detect a diversion of resources or to generate a new connection parameter.
- the method comprises the additional step of transmitting a report of the internal analysis to the remote server.
- the method includes the step of transmitting uncoded parameters with the generated unique codes transmitted to the remote server.
- the method includes the step of considering information relating to the conditions of use of the user to connect to the external network to detect a diversion of computing resources.
- the method includes the step of considering information relating to the user's access conditions to the external network, which information is transmitted by the access provider, to detect a diversion of resources.
- the invention also relates to computing resources, located in an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network, without such security and confidentiality criteria, by means of a connection managed by an access provider, characterized in that it comprises:
- the invention also relates to a server for detecting a diversion of computer resources, located in an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network, without such criteria. security and confidentiality, by means of a connection managed by an access provider, characterized in that, the server being located in the ex- dull, it comprises means for performing an analysis of computing resources from unique codes generated by these computing resources according to a method according to one of the previous embodiments.
- FIG. 1 represents an implementation of the invention schematically
- FIG. 2 is an analysis table implemented by a server according to the invention.
- a method for detecting a diversion of computing resources 101 according to the invention is implemented with respect to an internal network 100 implementing security and confidentiality criteria of its own. to this internal network.
- this internal network 100 is an intranet network of an enterprise comprising a plurality of interconnected terminals, the confidentiality criterion comprising the prohibition to identify the domain names required by a specific terminal while the security criterion comprises the mandatory use of a connection 1 04 broadband type ADSL for Asymmetric Subscriber Line in English, to communicate with an external network 102 formed in this example by the Internet.
- an access provider managing the connection 104 can implement a method for detecting the diversion of the computer resources of the network 100 by virtue of the invention from this network. external 102.
- the internal network 100 performs the step 106 of filtering and storing connection parameters 108 implemented by the computing resources 101 to communicate with the external network 102.
- At least one of the following elements is considered as a connection parameter that can thus be filtered and stored: a content of a header and / or a body of data packets transmitted from the internal network 100 to the external network 102.
- the contents of the body and / or the header of certain packets can be reveal characteristic of a diversion of resources as a suspicious activity such as, for example, a relatively high rate of sending e-mails (several messages per second) and / via several outgoing mail providers (SMTP server), greater than 2.
- identifiers 108 included in requests transmitted to a server of the DNS type of the external network are identifiers 108 included in requests transmitted to a server of the DNS type of the external network.
- a DNS server has the role of resolving a request issued with respect to a domain name, for example www.alcatel-lucent.com.
- the DNS server has databases associating a domain name with at least one IP address, for "Internet Protocol" in English, which is in a form such as 93.178.174.3.
- the queries with the DNS servers make it possible to know the activity of the internal resources 101 in terms, for example, of the diversity of servers with which these resources communicate, it being understood that this diversity is generally abnormally high when a diversion internal resources 101 occurs.
- the invention implements a step 1 12 for processing these parameters 108 stored according to an irreversible function generating a unique code from each stored parameter, so as to block any subsequent identification of the processed parameter from corresponding code.
- a gate function is used to encode a stored parameter into a single code such as, for example, the MD5 or SHA-1 functions.
- connection parameters are preserved but nevertheless allows an analysis of the behavior of the resources 1 1 1, in particular in terms of diversity and quantity of connections made.
- an analysis of the parameters, prior to their processing, can be carried out in order to internally detect a diversion of resources and / or to generate new parameters, for example statistics, subsequently transmitted - stage 1 14 - in a report ensuring the confidentiality of the communications made by the resources 101.
- such a preliminary or internal analysis can implement a summary of the connections made, for example the required DNS names - eg "4thfirework.com” or “fireholiday.com” - with a summary of parameters that allow to suspect or characterize a diversion of resources in so-called “fast flux” networks, diverting the use of the DNS protocol as, for example:
- the addresses associated with domain names related to BotNets are addresses of machines of individuals, located anywhere in the world, without any geography, technical or administrative link, which should be the case for a regular domain name. and / or legal.
- Such a step 1 14 can be implemented from a plurality of reports when, for example, different connections 104 are implemented.
- uncoded data ie unprocessed connection parameters
- step 1 14 with coded data
- step 1 18 when confidentiality constraints allow.
- this set of information is transmitted, during a step 1 16, to said server 1 18 located in the external network 102.
- This server 1 18 can thus perform an external analysis of unique codes, generated in step 1 12, and any connection parameters transmitted in step 1 10, to study the activity of computer resources 1 1 1 and detect - step 120 - a diversion of computing resources.
- fast flux behaviors can be detected by identifying specific DNS behaviors, as already described above, or by recognizing virus-specific domain names when these domain names can be transmitted.
- diversions of resources for spamming can be detected by analyzing the SMTP behavior of the resources 1 1 1, ie relating to the recipients of the mails sent by these resources 1 1 1, or in the content of the transmitted mails identifying a site of the Internet network for which spam or virus of the botnet type is carried out.
- an individual does not generally implement at home an http server so that the receipt by the resources 1 1 1 of a request according to the HTTP protocol can be considered as a hijacking index and trigger a message to the server. address of this user, according to a secure HTTPS page such as:
- the user can help detect abnormal behavior of his resources as, in other examples, by indicating the servers to which he addresses voluntary mail.
- the user may be required to allow complete storage - step 122 - of connections made to perform analyzes over a rolling period of time, data stored from a predetermined time being erased.
- the present invention is capable of numerous variants, in particular when it is implemented by means of a subscription when opening an access line to the broadband Internet network.
- Such a subscription can be made by telephone and then configured by the user himself when he installs the means necessary to ensure his link 104 - typically an ADSL box for "Asymmetric Subscriber Line" in English when the computing resources 101 are computers.
- these resources 101 are mobile terminals such as telephones, smartphones, PDAs for "Personal Digital Assistant" in English and / or laptops
- the configuration of the means required to implement the steps 108, 1 10, 1 12 and 1 14 previously mentioned can be configured in the terminal during its manufacture, these resources being limited given the small means required for this implementation.
- the subscription can include three levels of services with increasing assistance in terms of speed, alert, storage preventive data and availability of technicians in charge of assisting the user of resources 101.
- information can be provided by the access provider during different stages:
- step 106 of filtering and storing the connection parameters information relating to one or more e-mail addresses of the user can be transmitted - step 124 - to enable the identification of servers dedicated to the transport and / or storing these mails so that resource connections to these servers are considered predictable.
- step 1 12 of hashing information relating to a possible authorization to store transmitted packets which thus makes it possible to analyze packets for which an infection is suspected.
- an analysis of these packets can be performed, for example on a sliding temporary window such that the packets stored since a predetermined time are erased.
- a step 128 of preventive treatment of a diversion of resources including, for example; a complete storage of the packets transmitted by the resources 1 1 1, a backup of personal data scanned via up-to-date anti-virus software and a proposal for downloading secure software, in particular for browsing the Internet and transmitting e-mails.
- the provider can provide - step 130 - information relating to the subscription of the user of resources 1 1 1 to this preventive treatment service, for example vis-à-vis options acquired or not in his subscription .
- a basic processing step 132 comprising, in this embodiment, the communication to the user of the detection of an activity deviating from his resources 1 1 1, of a warning on the risk of piracy of personal data, a limited diagnosis and a contact address for remote assistance.
- the provider may provide - step 134 - information relating to a subscription to this preventive treatment service or to a remote treatment service 136 - to disinfect the contaminated resources 1 1 1 and to offer a quote for subsequent on-site processing or processing operations to provide a technician at the resource site within a required time frame to identify the contaminated resources, safeguard strategic data and possibly propose a solution to the problem; replacement.
- the steps 132, 136 and 138 can be implemented successively according to the subscription available to the user of the resources 1 1 1 vis-à-vis the operator performing the analysis of the their behaviour.
- the present invention is capable of many variants. In fact, it has been described with reference mainly to domain names and / or outgoing mail server names because, currently, the other network parameters of the connections in the Internet are generally anonymous or provided by the operator internet (IP address) but it is clear that the invention can be implemented with equivalent parameters according to other communications protocols than the Internet protocol.
- IP address operator internet
- connection parameters can be operated by implementing the analysis of several connection parameters as well as combined with different methods of detecting contamination by computer virus.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Quality & Reliability (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/515,316 US9104874B2 (en) | 2009-12-21 | 2010-12-08 | Method for detecting the hijacking of computer resources |
CN201080057935.3A CN102792306B (zh) | 2009-12-21 | 2010-12-08 | 用于检测计算机资源劫持的方法 |
EP10805798A EP2517139A1 (fr) | 2009-12-21 | 2010-12-08 | Procédé de détection d'un détournement de ressources informatiques |
KR1020127016005A KR101443472B1 (ko) | 2009-12-21 | 2010-12-08 | 컴퓨터 리소스의 하이재킹 검출 방법 |
JP2012545374A JP5699162B2 (ja) | 2009-12-21 | 2010-12-08 | コンピュータ資源の乗っ取りを検出する方法 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0959335 | 2009-12-21 | ||
FR0959335A FR2954547B1 (fr) | 2009-12-21 | 2009-12-21 | Procede de detection d?un detournement de ressources informatiques |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011083226A1 true WO2011083226A1 (fr) | 2011-07-14 |
Family
ID=42291509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2010/052639 WO2011083226A1 (fr) | 2009-12-21 | 2010-12-08 | Procédé de détection d'un détournement de ressources informatiques |
Country Status (7)
Country | Link |
---|---|
US (1) | US9104874B2 (fr) |
EP (1) | EP2517139A1 (fr) |
JP (1) | JP5699162B2 (fr) |
KR (1) | KR101443472B1 (fr) |
CN (1) | CN102792306B (fr) |
FR (1) | FR2954547B1 (fr) |
WO (1) | WO2011083226A1 (fr) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9191399B2 (en) * | 2012-09-11 | 2015-11-17 | The Boeing Company | Detection of infected network devices via analysis of responseless outgoing network traffic |
WO2015138516A1 (fr) * | 2014-03-11 | 2015-09-17 | Vectra Networks, Inc. | Procédé et système permettant de détecter une commande externe d'hôtes corrompus |
US9396332B2 (en) | 2014-05-21 | 2016-07-19 | Microsoft Technology Licensing, Llc | Risk assessment modeling |
CN108737327B (zh) * | 2017-04-14 | 2021-11-16 | 阿里巴巴集团控股有限公司 | 拦截恶意网站的方法、装置、系统和存储器 |
US10764309B2 (en) | 2018-01-31 | 2020-09-01 | Palo Alto Networks, Inc. | Context profiling for malware detection |
US11159538B2 (en) * | 2018-01-31 | 2021-10-26 | Palo Alto Networks, Inc. | Context for malware forensics and detection |
US11956212B2 (en) | 2021-03-31 | 2024-04-09 | Palo Alto Networks, Inc. | IoT device application workload capture |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005088938A1 (fr) * | 2004-03-10 | 2005-09-22 | Enterasys Networks, Inc. | Procede de manipulation par symetrie de trafic de reseau avec confidentialite d'information |
WO2005091107A1 (fr) * | 2004-03-16 | 2005-09-29 | Netcraft Limited | Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant |
WO2007081960A2 (fr) * | 2006-01-10 | 2007-07-19 | Advanced Digital Forensic Solutions, Inc. | Systèmes et procédés d'identification, partage et gestion des données à l'échelle de l'entreprise dans un contexte commercial |
US20070300286A1 (en) * | 2002-03-08 | 2007-12-27 | Secure Computing Corporation | Systems and methods for message threat management |
WO2008090531A2 (fr) * | 2007-01-23 | 2008-07-31 | Alcatel Lucent | Mécanisme d'isolement pour systèmes terminaux potentiellement contaminés |
US20080256619A1 (en) * | 2007-04-16 | 2008-10-16 | Microsoft Corporation | Detection of adversaries through collection and correlation of assessments |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100856149B1 (ko) * | 1999-11-26 | 2008-09-03 | 네테카 인코포레이티드 | 전자 메일 서버 및 전자 메일 통신을 용이하게 하기 위한 방법 |
WO2007075813A2 (fr) | 2005-12-23 | 2007-07-05 | Advanced Digital Forensic Solutions, Inc. | Systemes et procedes d'identification, partage, et gestion de donnees a l'echelle d'entreprises et procedes de recherche de donnees legistes |
JP4287456B2 (ja) * | 2006-10-26 | 2009-07-01 | 株式会社東芝 | サービス不能攻撃を防止するサーバ装置、方法およびプログラム |
US8352738B2 (en) * | 2006-12-01 | 2013-01-08 | Carnegie Mellon University | Method and apparatus for secure online transactions |
US8312536B2 (en) * | 2006-12-29 | 2012-11-13 | Symantec Corporation | Hygiene-based computer security |
KR20090037540A (ko) * | 2007-10-12 | 2009-04-16 | 한국정보보호진흥원 | 클라이언트 애플리케이션을 탐지하기 위한 복합형 네트워크탐지 방법 |
US7836142B2 (en) * | 2008-02-22 | 2010-11-16 | Time Warner Cable, Inc. | System and method for updating a dynamic domain name server |
US7921212B2 (en) * | 2008-10-14 | 2011-04-05 | At&T Intellectual Property I, L.P. | Methods and apparatus to allocate bandwidth between video and non-video services in access networks |
-
2009
- 2009-12-21 FR FR0959335A patent/FR2954547B1/fr not_active Expired - Fee Related
-
2010
- 2010-12-08 KR KR1020127016005A patent/KR101443472B1/ko not_active IP Right Cessation
- 2010-12-08 JP JP2012545374A patent/JP5699162B2/ja not_active Expired - Fee Related
- 2010-12-08 EP EP10805798A patent/EP2517139A1/fr not_active Withdrawn
- 2010-12-08 WO PCT/FR2010/052639 patent/WO2011083226A1/fr active Application Filing
- 2010-12-08 CN CN201080057935.3A patent/CN102792306B/zh not_active Expired - Fee Related
- 2010-12-08 US US13/515,316 patent/US9104874B2/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070300286A1 (en) * | 2002-03-08 | 2007-12-27 | Secure Computing Corporation | Systems and methods for message threat management |
WO2005088938A1 (fr) * | 2004-03-10 | 2005-09-22 | Enterasys Networks, Inc. | Procede de manipulation par symetrie de trafic de reseau avec confidentialite d'information |
WO2005091107A1 (fr) * | 2004-03-16 | 2005-09-29 | Netcraft Limited | Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant |
WO2007081960A2 (fr) * | 2006-01-10 | 2007-07-19 | Advanced Digital Forensic Solutions, Inc. | Systèmes et procédés d'identification, partage et gestion des données à l'échelle de l'entreprise dans un contexte commercial |
WO2008090531A2 (fr) * | 2007-01-23 | 2008-07-31 | Alcatel Lucent | Mécanisme d'isolement pour systèmes terminaux potentiellement contaminés |
US20080256619A1 (en) * | 2007-04-16 | 2008-10-16 | Microsoft Corporation | Detection of adversaries through collection and correlation of assessments |
Non-Patent Citations (2)
Title |
---|
JANAK J. PAREKH: "Privacy-Preserving Event Corroboration", 1 May 2007 (2007-05-01), XP002590919, Retrieved from the Internet <URL:http://www1.cs.columbia.edu/~janak/research/thesis-20070501.pdf> [retrieved on 20100707] * |
PATRICK LINCOLN, PHILLIP PORRAS, VITALY SHMATIKOV: "Privacy-preserving sharing and correction of security alerts", PROCEEDINGS OF THE 13TH CONFERENCE ON USENIX SECURITY SYMPOSIUM, vol. 13, 13 August 2004 (2004-08-13), XP002590918, Retrieved from the Internet <URL:http://www.usenix.org/publications/library/proceedings/sec04/tech/full_papers/lincoln/lincoln.pdf> [retrieved on 20100707] * |
Also Published As
Publication number | Publication date |
---|---|
KR20120084806A (ko) | 2012-07-30 |
FR2954547A1 (fr) | 2011-06-24 |
CN102792306A (zh) | 2012-11-21 |
FR2954547B1 (fr) | 2012-10-12 |
JP5699162B2 (ja) | 2015-04-08 |
KR101443472B1 (ko) | 2014-09-22 |
US20120272316A1 (en) | 2012-10-25 |
JP2013515419A (ja) | 2013-05-02 |
US9104874B2 (en) | 2015-08-11 |
CN102792306B (zh) | 2016-05-25 |
EP2517139A1 (fr) | 2012-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Çetin et al. | Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai. | |
JP7250703B2 (ja) | 相関関係駆動型脅威の評価と修復 | |
US10326779B2 (en) | Reputation-based threat protection | |
US8788657B2 (en) | Communication monitoring system and method enabling designating a peer | |
WO2011083226A1 (fr) | Procédé de détection d'un détournement de ressources informatiques | |
US8484733B2 (en) | Messaging security device | |
US20120151046A1 (en) | System and method for monitoring and reporting peer communications | |
EP1931105A1 (fr) | Procédé et système de gestion de sessions multimédia, permettant de contrôler l'établissement de canaux de communication | |
Prowell et al. | Seven deadliest network attacks | |
US10003602B2 (en) | Determining email authenticity | |
Carrillo-Mondéjar et al. | On how VoIP attacks foster the malicious call ecosystem | |
CA2747584A1 (fr) | Systeme et procede de production et de raffinage des donnees sur les cybermenaces | |
EP3087719B1 (fr) | Procédé de ralentissement d'une communication dans un réseau | |
CN108093078B (zh) | 一种文档的安全流转方法 | |
Fukushi et al. | A large-scale analysis of cloud service abuse | |
Safarik et al. | Malicious traffic monitoring and its evaluation in VoIP infrastructure | |
FR3079642A1 (fr) | Capteur d'intrusion informatique et procede de creation d'un capteur d'intrusion | |
FR3103921A1 (fr) | Procédé de coordination de la mitigation d’une attaque informatique, dispositif et système associés. | |
US11916858B1 (en) | Method and system for outbound spam mitigation | |
Wijnberg et al. | Identifying interception possibilities for WhatsApp communication | |
WO2006042973A1 (fr) | Dispositif de securisation d’un autocommutateur | |
De Lutiis et al. | An innovative way to analyze large ISP data for IMS security and monitoring | |
CN117749517A (zh) | 保护个人隐私的垃圾信息处理装置、系统和介质 | |
Valli | Developing voip honeypots: a preliminary investigation into malfeasant activity | |
Van Staden | Investigating and Implementing an Email Forensic Readiness Architecture |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080057935.3 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10805798 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2010805798 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010805798 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20127016005 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012545374 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13515316 Country of ref document: US |