WO2021015941A1 - Détection de logiciel malveillant en ligne - Google Patents
Détection de logiciel malveillant en ligne Download PDFInfo
- Publication number
- WO2021015941A1 WO2021015941A1 PCT/US2020/040928 US2020040928W WO2021015941A1 WO 2021015941 A1 WO2021015941 A1 WO 2021015941A1 US 2020040928 W US2020040928 W US 2020040928W WO 2021015941 A1 WO2021015941 A1 WO 2021015941A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- gram
- features
- analysis
- model
- Prior art date
Links
- 238000001514 detection method Methods 0.000 title abstract description 9
- 238000004458 analytical method Methods 0.000 claims abstract description 120
- 238000013145 classification model Methods 0.000 claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 8
- 238000000034 method Methods 0.000 claims description 48
- 230000003068 static effect Effects 0.000 claims description 36
- 239000013598 vector Substances 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 23
- 230000009471 action Effects 0.000 description 21
- 238000013459 approach Methods 0.000 description 19
- 238000012545 processing Methods 0.000 description 15
- 230000000875 corresponding effect Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 10
- 238000001914 filtration Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 9
- 238000013515 script Methods 0.000 description 9
- 238000010801 machine learning Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 7
- 238000000605 extraction Methods 0.000 description 7
- 238000012546 transfer Methods 0.000 description 7
- 230000006855 networking Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 4
- 239000008186 active pharmaceutical agent Substances 0.000 description 3
- 238000007792 addition Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 3
- 230000001010 compromised effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000009825 accumulation Methods 0.000 description 1
- 230000002730 additional effect Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000002790 cross-validation Methods 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
- 230000037406 food intake Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000000116 mitigating effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000001303 quality assessment method Methods 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 238000007670 refining Methods 0.000 description 1
- 230000000246 remedial effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000007493 shaping process Methods 0.000 description 1
- 238000012706 support-vector machine Methods 0.000 description 1
- 239000004557 technical material Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/561—Virus type analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Artificial Intelligence (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Mathematical Physics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
L'invention concerne la détection de fichiers malveillants. Un ensemble comprenant un ou plusieurs modèles de classification d'échantillons est stocké sur un dispositif en réseau. Une analyse de n-gramme est effectuée sur une séquence de paquets reçus associés à un fichier reçu. La réalisation de l'analyse de n-gramme comprend l'utilisation d'au moins un modèle de classification d'échantillon stocké. Il est déterminé que le fichier reçu est malveillant sur la base, au moins en partie, de l'analyse de n-gramme de la séquence de paquets reçus. En réponse à la détermination du fait que le fichier est malveillant, la propagation du fichier reçu est empêchée.
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020227001606A KR20220053549A (ko) | 2019-07-19 | 2020-07-06 | 인라인 멀웨어 검출 |
JP2022502913A JP7411775B2 (ja) | 2019-07-19 | 2020-07-06 | インラインマルウェア検出 |
CN202080051255.4A CN114072798A (zh) | 2019-07-19 | 2020-07-06 | 内联恶意软件检测 |
EP20843721.0A EP3999985A4 (fr) | 2019-07-19 | 2020-07-06 | Détection de logiciel malveillant en ligne |
JP2023218442A JP2024023875A (ja) | 2019-07-19 | 2023-12-25 | インラインマルウェア検出 |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/517,465 US11636208B2 (en) | 2019-07-19 | 2019-07-19 | Generating models for performing inline malware detection |
US16/517,463 | 2019-07-19 | ||
US16/517,465 | 2019-07-19 | ||
US16/517,463 US11374946B2 (en) | 2019-07-19 | 2019-07-19 | Inline malware detection |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021015941A1 true WO2021015941A1 (fr) | 2021-01-28 |
Family
ID=74193725
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2020/040928 WO2021015941A1 (fr) | 2019-07-19 | 2020-07-06 | Détection de logiciel malveillant en ligne |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP3999985A4 (fr) |
JP (2) | JP7411775B2 (fr) |
KR (1) | KR20220053549A (fr) |
CN (1) | CN114072798A (fr) |
WO (1) | WO2021015941A1 (fr) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115378747B (zh) * | 2022-10-27 | 2023-01-24 | 北京六方云信息技术有限公司 | 恶意数据检测方法、终端设备以及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170085585A1 (en) * | 2015-09-23 | 2017-03-23 | AVAST Software s.r.o. | Detection of malware in derived pattern space |
US20180048659A1 (en) * | 2015-09-18 | 2018-02-15 | Palo Alto Networks, Inc. | Automatic repair of corrupt files for a detonation engine |
US20180300482A1 (en) * | 2017-04-18 | 2018-10-18 | Cylance Inc. | Protecting devices from malicious files based on n-gram processing of sequential data |
US20190087574A1 (en) * | 2017-09-15 | 2019-03-21 | Webroot Inc. | Real-time javascript classifier |
US20190096214A1 (en) * | 2017-09-27 | 2019-03-28 | Johnson Controls Technology Company | Building risk analysis system with geofencing for threats and assets |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8844033B2 (en) * | 2008-05-27 | 2014-09-23 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for detecting network anomalies using a trained probabilistic model |
US10817608B2 (en) | 2017-04-07 | 2020-10-27 | Zscaler, Inc. | System and method for malware detection on a per packet basis |
-
2020
- 2020-07-06 EP EP20843721.0A patent/EP3999985A4/fr active Pending
- 2020-07-06 JP JP2022502913A patent/JP7411775B2/ja active Active
- 2020-07-06 CN CN202080051255.4A patent/CN114072798A/zh active Pending
- 2020-07-06 WO PCT/US2020/040928 patent/WO2021015941A1/fr unknown
- 2020-07-06 KR KR1020227001606A patent/KR20220053549A/ko active IP Right Grant
-
2023
- 2023-12-25 JP JP2023218442A patent/JP2024023875A/ja active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180048659A1 (en) * | 2015-09-18 | 2018-02-15 | Palo Alto Networks, Inc. | Automatic repair of corrupt files for a detonation engine |
US20170085585A1 (en) * | 2015-09-23 | 2017-03-23 | AVAST Software s.r.o. | Detection of malware in derived pattern space |
US20180300482A1 (en) * | 2017-04-18 | 2018-10-18 | Cylance Inc. | Protecting devices from malicious files based on n-gram processing of sequential data |
US20190087574A1 (en) * | 2017-09-15 | 2019-03-21 | Webroot Inc. | Real-time javascript classifier |
US20190096214A1 (en) * | 2017-09-27 | 2019-03-28 | Johnson Controls Technology Company | Building risk analysis system with geofencing for threats and assets |
Non-Patent Citations (1)
Title |
---|
See also references of EP3999985A4 * |
Also Published As
Publication number | Publication date |
---|---|
JP2022541250A (ja) | 2022-09-22 |
CN114072798A (zh) | 2022-02-18 |
JP7411775B2 (ja) | 2024-01-11 |
EP3999985A1 (fr) | 2022-05-25 |
KR20220053549A (ko) | 2022-04-29 |
JP2024023875A (ja) | 2024-02-21 |
EP3999985A4 (fr) | 2023-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11783035B2 (en) | Multi-representational learning models for static analysis of source code | |
US20220014500A1 (en) | Identifying security risks and enforcing policies on encrypted/encoded network communications | |
US11816214B2 (en) | Building multi-representational learning models for static analysis of source code | |
US11374946B2 (en) | Inline malware detection | |
US11636208B2 (en) | Generating models for performing inline malware detection | |
JP2024023875A (ja) | インラインマルウェア検出 | |
US20230344861A1 (en) | Combination rule mining for malware signature generation | |
US20240037231A1 (en) | Sample traffic based self-learning malware detection | |
US20230344867A1 (en) | Detecting phishing pdfs with an image-based deep learning approach | |
US20230342461A1 (en) | Malware detection for documents using knowledge distillation assisted learning | |
US20220245249A1 (en) | Specific file detection baked into machine learning pipelines | |
US20230082289A1 (en) | Automated fuzzy hash based signature collecting system for malware detection | |
US20230231857A1 (en) | Deep learning pipeline to detect malicious command and control traffic | |
US20230069731A1 (en) | Automatic network signature generation | |
US11863586B1 (en) | Inline package name based supply chain attack detection and prevention | |
US20230412564A1 (en) | Fast policy matching with runtime signature update | |
US11770361B1 (en) | Cobalt strike beacon HTTP C2 heuristic detection | |
US20240039952A1 (en) | Cobalt strike beacon https c2 heuristic detection | |
US20230244787A1 (en) | System and method for detecting exploit including shellcode | |
US20240039951A1 (en) | Probing for cobalt strike teamserver detection | |
US20230342460A1 (en) | Malware detection for documents with deep mutual learning | |
US20240104210A1 (en) | Malicious js detection based on automated user interaction emulation | |
US20230306114A1 (en) | Method and system for automatically generating malware signature | |
WO2024049702A1 (fr) | Détection et prévention d'attaque de chaîne d'approvisionnement basée sur un nom de paquet en ligne | |
WO2024025705A1 (fr) | Détection heuristique de cobalt strike beacon http c2 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20843721 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2022502913 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2020843721 Country of ref document: EP Effective date: 20220221 |