[go: up one dir, main page]

MX2013000478A - Identificacion de software malicioso polimorfico. - Google Patents

Identificacion de software malicioso polimorfico.

Info

Publication number
MX2013000478A
MX2013000478A MX2013000478A MX2013000478A MX2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A MX 2013000478 A MX2013000478 A MX 2013000478A
Authority
MX
Mexico
Prior art keywords
metadata
electronic file
polymorphic malware
hash value
received
Prior art date
Application number
MX2013000478A
Other languages
English (en)
Inventor
Timo Harmonen
Original Assignee
F Secure Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F Secure Corp filed Critical F Secure Corp
Publication of MX2013000478A publication Critical patent/MX2013000478A/es

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Virology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Stored Programmes (AREA)

Abstract

Se describen un método y aparato para identificar un archivo electrónico como software malicioso polimórfico. Un servidor recibe de un dispositivo de cliente un valor hash y metadatos asociados con un archivo electrónico. El servidor determina que los metadatos recibidos se refieren a metadatos correspondientes almacenados en una base de datos, los metadatos almacenados correspondientes están asociados con un valor hash adicional que difiere del valor hash recibido. Se hace una determinación de que cada uno de los valores hash recibidos ha sido reportado por menos de un número predeterminado de clientes y, como un resultado, se determina que el archivo electrónico probablemente va a ser un software malicioso poli mórfico.
MX2013000478A 2010-07-13 2011-05-13 Identificacion de software malicioso polimorfico. MX2013000478A (es)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US12/804,123 US8683216B2 (en) 2010-07-13 2010-07-13 Identifying polymorphic malware
PCT/EP2011/057805 WO2012007202A1 (en) 2010-07-13 2011-05-13 Identifying polymorphic malware

Publications (1)

Publication Number Publication Date
MX2013000478A true MX2013000478A (es) 2013-05-17

Family

ID=44260777

Family Applications (1)

Application Number Title Priority Date Filing Date
MX2013000478A MX2013000478A (es) 2010-07-13 2011-05-13 Identificacion de software malicioso polimorfico.

Country Status (7)

Country Link
US (1) US8683216B2 (es)
EP (1) EP2593893B1 (es)
CN (1) CN102985928B (es)
BR (1) BR112013000567A2 (es)
CL (1) CL2013000126A1 (es)
MX (1) MX2013000478A (es)
WO (1) WO2012007202A1 (es)

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8176477B2 (en) * 2007-09-14 2012-05-08 International Business Machines Corporation Method, system and program product for optimizing emulation of a suspected malware
US8732473B2 (en) * 2010-06-01 2014-05-20 Microsoft Corporation Claim based content reputation service
KR20120072120A (ko) * 2010-12-23 2012-07-03 한국전자통신연구원 악성 파일 진단 장치 및 방법, 악성 파일 감시 장치 및 방법
US8874579B2 (en) * 2011-08-18 2014-10-28 Verisign, Inc. Systems and methods for identifying associations between malware samples
US8875293B2 (en) * 2011-09-22 2014-10-28 Raytheon Company System, method, and logic for classifying communications
WO2013063474A1 (en) * 2011-10-28 2013-05-02 Scargo, Inc. Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
US8806641B1 (en) * 2011-11-15 2014-08-12 Symantec Corporation Systems and methods for detecting malware variants
RU2487405C1 (ru) * 2011-11-24 2013-07-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ для исправления антивирусных записей
GB2492857B (en) * 2011-11-30 2013-07-17 Avecto Ltd Method and computer device to control software file downloads
US9367687B1 (en) * 2011-12-22 2016-06-14 Emc Corporation Method for malware detection using deep inspection and data discovery agents
US8856930B2 (en) * 2012-03-30 2014-10-07 F-Secure Corporation Download control
CN103532730B (zh) * 2012-07-06 2016-09-07 哈尔滨安天科技股份有限公司 基于自解压技术的黑白名单自动化动态维护的方法及系统
US9262712B2 (en) 2013-03-08 2016-02-16 International Business Machines Corporation Structural descriptions for neurosynaptic networks
CN104253791B (zh) * 2013-06-27 2017-12-15 华为终端(东莞)有限公司 一种网页应用程序的安全访问方法、服务器和客户端
RU2580036C2 (ru) 2013-06-28 2016-04-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ создания гибкой свертки для обнаружения вредоносных программ
US9852290B1 (en) 2013-07-12 2017-12-26 The Boeing Company Systems and methods of analyzing a software component
US9336025B2 (en) 2013-07-12 2016-05-10 The Boeing Company Systems and methods of analyzing a software component
US9280369B1 (en) 2013-07-12 2016-03-08 The Boeing Company Systems and methods of analyzing a software component
US9396082B2 (en) 2013-07-12 2016-07-19 The Boeing Company Systems and methods of analyzing a software component
WO2015026971A2 (en) * 2013-08-20 2015-02-26 Shanklin Steven Dale Application trust-listing security service
US9479521B2 (en) 2013-09-30 2016-10-25 The Boeing Company Software network behavior analysis and identification system
US8863284B1 (en) 2013-10-10 2014-10-14 Kaspersky Lab Zao System and method for determining a security status of potentially malicious files
US8739287B1 (en) * 2013-10-10 2014-05-27 Kaspersky Lab Zao Determining a security status of potentially malicious files
CN105814577B (zh) * 2013-12-27 2020-07-14 迈克菲有限责任公司 隔离表现网络活动的可执行文件
US9832217B2 (en) 2014-03-13 2017-11-28 International Business Machines Corporation Computer implemented techniques for detecting, investigating and remediating security violations to IT infrastructure
CN103955645B (zh) * 2014-04-28 2017-03-08 百度在线网络技术(北京)有限公司 恶意进程行为的检测方法、装置及系统
RU2583712C2 (ru) * 2014-05-26 2016-05-10 Закрытое акционерное общество "Лаборатория Касперского" Система и способ обнаружения вредоносных файлов определенного типа
US9015814B1 (en) * 2014-06-10 2015-04-21 Kaspersky Lab Zao System and methods for detecting harmful files of different formats
CN104077526B (zh) * 2014-06-20 2018-03-06 珠海市君天电子科技有限公司 多态病毒的分析方法和分析装置及病毒处理方法和处理装置
US9361458B1 (en) 2014-10-08 2016-06-07 Trend Micro Incorporated Locality-sensitive hash-based detection of malicious codes
US9852370B2 (en) 2014-10-30 2017-12-26 International Business Machines Corporation Mapping graphs onto core-based neuromorphic architectures
US9971965B2 (en) 2015-03-18 2018-05-15 International Business Machines Corporation Implementing a neural network algorithm on a neurosynaptic substrate based on metadata associated with the neural network algorithm
US10204301B2 (en) 2015-03-18 2019-02-12 International Business Machines Corporation Implementing a neural network algorithm on a neurosynaptic substrate based on criteria related to the neurosynaptic substrate
US9984323B2 (en) 2015-03-26 2018-05-29 International Business Machines Corporation Compositional prototypes for scalable neurosynaptic networks
US10075453B2 (en) * 2015-03-31 2018-09-11 Juniper Networks, Inc. Detecting suspicious files resident on a network
US10621613B2 (en) 2015-05-05 2020-04-14 The Nielsen Company (Us), Llc Systems and methods for monitoring malicious software engaging in online advertising fraud or other form of deceit
US9813248B2 (en) * 2015-05-27 2017-11-07 Quest Software Inc. Content-based encryption keys
US10129291B2 (en) 2015-06-27 2018-11-13 Mcafee, Llc Anomaly detection to identify malware
RU2624552C2 (ru) 2015-06-30 2017-07-04 Закрытое акционерное общество "Лаборатория Касперского" Способ обнаружения вредоносных файлов, исполняемых с помощью стековой виртуальной машины
CN105488361B (zh) * 2015-11-20 2018-09-25 北京奇虎科技有限公司 盗版应用检测方法和装置、系统
US10606844B1 (en) * 2015-12-04 2020-03-31 Ca, Inc. Method and apparatus for identifying legitimate files using partial hash based cloud reputation
US9800588B1 (en) * 2015-12-16 2017-10-24 Symantec Corporation Automated analysis pipeline determination in a malware analysis environment
US9836603B2 (en) * 2015-12-30 2017-12-05 Symantec Corporation Systems and methods for automated generation of generic signatures used to detect polymorphic malware
CN108605039B (zh) * 2016-01-27 2021-04-13 慧与发展有限责任合伙企业 在spdy连接上检测恶意软件
CN107229860A (zh) * 2016-03-24 2017-10-03 中国电子科技集团公司电子科学研究院 在集中环境中安全管理桌面应用的方法及系统
US10505960B2 (en) 2016-06-06 2019-12-10 Samsung Electronics Co., Ltd. Malware detection by exploiting malware re-composition variations using feature evolutions and confusions
US10181035B1 (en) * 2016-06-16 2019-01-15 Symantec Corporation System and method for .Net PE file malware detection
US11522901B2 (en) 2016-09-23 2022-12-06 OPSWAT, Inc. Computer security vulnerability assessment
US9749349B1 (en) * 2016-09-23 2017-08-29 OPSWAT, Inc. Computer security vulnerability assessment
US10440051B2 (en) * 2017-03-03 2019-10-08 Bank Of America Corporation Enhanced detection of polymorphic malicious content within an entity
US10834099B2 (en) * 2017-05-23 2020-11-10 Juniper Networks, Inc. Identifying a file using metadata and determining a security classification of the file before completing receipt of the file
US10594725B2 (en) 2017-07-27 2020-03-17 Cypress Semiconductor Corporation Generating and analyzing network profile data
US10432648B1 (en) 2017-08-28 2019-10-01 Palo Alto Networks, Inc. Automated malware family signature generation
US11308207B2 (en) * 2018-03-30 2022-04-19 Microsoft Technology Licensing, Llc User verification of malware impacted files
US10992703B2 (en) * 2019-03-04 2021-04-27 Malwarebytes Inc. Facet whitelisting in anomaly detection
US11455403B2 (en) * 2020-01-20 2022-09-27 International Business Machines Corporation Privacy-preserving document sharing
US12328324B2 (en) * 2022-10-07 2025-06-10 Microsoft Technology Licensing, Llc System for detecting lateral movement computing attacks

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040073617A1 (en) * 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20030200441A1 (en) * 2002-04-19 2003-10-23 International Business Machines Corporation Detecting randomness in computer network traffic
US7398399B2 (en) * 2003-12-12 2008-07-08 International Business Machines Corporation Apparatus, methods and computer programs for controlling performance of operations within a data processing system or network
US7987160B2 (en) * 2006-01-30 2011-07-26 Microsoft Corporation Status tool to expose metadata read and write queues
US8006306B2 (en) * 2006-03-21 2011-08-23 Riverbed Technology, Inc. Exploit-based worm propagation mitigation
US8255420B2 (en) * 2006-05-23 2012-08-28 Noryan Holding Corporation Distributed storage
US8312536B2 (en) * 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US8732825B2 (en) * 2008-05-28 2014-05-20 Symantec Corporation Intelligent hashes for centralized malware detection
US8931086B2 (en) * 2008-09-26 2015-01-06 Symantec Corporation Method and apparatus for reducing false positive detection of malware
US20100192222A1 (en) * 2009-01-23 2010-07-29 Microsoft Corporation Malware detection using multiple classifiers

Also Published As

Publication number Publication date
US8683216B2 (en) 2014-03-25
EP2593893A1 (en) 2013-05-22
EP2593893B1 (en) 2016-11-16
WO2012007202A1 (en) 2012-01-19
US20120017275A1 (en) 2012-01-19
BR112013000567A2 (pt) 2016-07-05
CL2013000126A1 (es) 2013-09-06
CN102985928B (zh) 2016-09-28
CN102985928A (zh) 2013-03-20

Similar Documents

Publication Publication Date Title
MX2013000478A (es) Identificacion de software malicioso polimorfico.
GB2501203A (en) Detecting a trojan horse
WO2012047593A3 (en) Method and apparatus of ordering search results
EP2557522A3 (en) Software part validation using hash values
WO2014167419A3 (en) Exact match lookup with variable key sizes
HK1213107A1 (zh) 裝置,系統和方法識別和減少惡意網絡威脅
EP4589493A3 (en) Systems and methods for providing cybersecurity analysis based on operational technologies and information technologies
EP2674722A3 (en) Method of determining a deviation from expected jam conditions
MX2016000242A (es) Carga eficiente de datos telematicos.
WO2012033319A3 (ko) 스트리밍 컨텐츠 제공 장치 및 방법
MX2016013106A (es) Aparato de recepcion de transmision y metodo para proporcionar un servicio de contenido de resumen.
WO2013186665A3 (en) Methods and apparatus for storing, suggesting, and/or utilizing lighting settings
GB201203233D0 (en) Method and device for a meta data fragment from a metadata component associated with multimedia data
GB2514963A (en) Document processing
MX2017003416A (es) Evaluacion de reputacion de archivos.
GB201209399D0 (en) A method for identifying pairs of derivative and original images
GB2473775A (en) System and method for providing data from a server to a client
TW201443682A (en) Method and device for preventing from visiting malicious website
MX2015000205A (es) Metodo, dispositivo, servidor y terminal para visitar pagina web.
MY168469A (en) Systems and methods for enhancement of single sign-on protection
WO2014186696A3 (en) Managing communications in a multi-client, multi-server environment
GB2519707A (en) Method and apparatus for identifying a suspect through multiple correlated device identities
WO2014002049A3 (en) Method and apparatus for task based remote services
GB2566886A (en) Automated informix engine install
MY184704A (en) A system and method for authenticating a user based on user behaviour and environmental factors

Legal Events

Date Code Title Description
FG Grant or registration