[특허]Fuzzy hash of behavioral results

[미국특허] Fuzzy hash of behavioral results 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	G06F-011/00 G06F-012/14 G06F-012/16 G08B-023/00 H04L-029/06 G06F-021/56
출원번호	US-0042454 (2013-09-30)
등록번호	US-9294501 (2016-03-22)
발명자 / 주소	Mesdaq, Ali Westin, III, Paul L.
출원인 / 주소	FireEye, Inc.
대리인 / 주소	Rutan & Tucker, LLP
인용정보	피인용 횟수 : 52 인용 특허 : 199

초록 ▼

A computerized method is described in which a received object is analyzed by a malicious content detection (MCD) system to determine whether the object is malware or non-malware. The analysis may include the generation of a fuzzy hash based on a collection of behaviors for the received object. The fuzzy hash may be used by the MCD system to determine the similarity of the received object with one or more objects in previously classified/analyzed clusters. Upon detection of a “similar” object, the suspect object may be associated with the cluster and classified based on information attached to the cluster. This similarity matching provides 1) greater flexibility in analyzing potential malware objects, which may share multiple characteristics and behaviors but are also slightly different from previously classified objects and 2) a more efficient technique for classifying/assigning attributes to objects.

대표청구항 ▼

1. A computerized method for classifying objects in a malware system, comprising: receiving, by a malicious content detection (MCD) system from a client device, an object to be classified;detecting behaviors of the received object, wherein the behaviors are detected after processing the received object;generating a fuzzy hash for the received object based on the detected behaviors, the generating of the fuzzy hash comprises (i) obtaining a reduced amount of data associated with the detected behaviors by retaining a portion of the data associated with the detected behaviors that corresponds to one or more operations conducted during processing of the received object, and removing metadata associated with the one or more operations conducted during the processing of the received object, the metadata including at least one or more identifiers of processes called during the processing of the received object, and (ii) performing a hash operation on the reduced amount of data associated with the detected behaviors;comparing the fuzzy hash for the received object with a fuzzy hash of an object in a preexisting cluster to generate a similarity measure;associating the received object with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value;creating a new cluster for the received object in response to determining that the similarity measure is below the predefined threshold value; andreporting, by the MCD system, results of either (i) the associating of the received object with the preexisting cluster or (ii) the creating of the new cluster. 2. The computerized method of claim 1, wherein the received object is at least one of a file, a uniform resource locator, a web object, a capture of network traffic for a user over time, and an email message. 3. The computerized method of claim 1, wherein the removed metadata associated with the corresponding operations includes metadata associated with one or more of (1) network calls, (2) modifications to a registry, (3) modifications to a file system, or (4) an application program interface call. 4. The computerized method of claim 1, further comprising: generating a preliminary malware score for the received object based on a comparison of the reduced amount of data associated with the detected behaviors with data associated with known malware behaviors, wherein the preliminary malware score indicates the probability the received object is malware; andgenerating a final malware score for the received object based on the cluster the received object is associated,wherein the final malware score is greater than the preliminary malware score when the received object is associated with a cluster of objects classified as malware and the final malware score is less than the preliminary malware score when the received object is associated with a cluster of objects classified as non-malware. 5. The computerized method of claim 1, wherein the removing of the metadata associated with the one or more operations comprises removing data that does not identify the received object. 6. The computerized method of claim 5, wherein the removing of the metadata further comprises removing at least a portion of values written to a registry by the received object. 7. The computerized method of claim 1, further comprising: transmitting, by the MCD system, the new cluster or the preexisting cluster with the newly associated received object to another MCD system. 8. The computerized method of claim 1, further comprising: classifying the received object as malware, non-malware, or with an unknown status to match a classification of the preexisting cluster, when the received object is assigned to the preexisting cluster. 9. The computerized method of claim 1, further comprising: assigning a malware family name to the received object to match a malware family name of the preexisting cluster, when the received object is assigned to the preexisting cluster. 10. The computerized method of claim 1, wherein the generating of the fuzzy hash further comprises at least one of (a) retaining one or more image paths in an associated file system corresponding to a location of a file that is generated or modified during the processing of the received object or (b) removing a file name prior to performing the hash operation on the data associated with the detected behaviors. 11. The computerized method of claim 1, wherein the generating of the fuzzy hash comprises retaining only the one or more image paths corresponding to operations conducted during processing of the received object as part of the data associated with the detected behaviors. 12. A non-transitory storage medium including instructions that, when executed by one or more hardware processors, performs a plurality of operations, comprising: detecting behaviors of a received object, wherein the behaviors are detected after processing the received object;generating a fuzzy hash for the received object based on the detected behaviors, the generating of the fuzzy hash comprises (i) obtaining a reduced amount of data associated with the detected behaviors by retaining a portion of the data associated with the detected behaviors that corresponds to one or more operations conducted during processing of the received object, and removing metadata associated with the one or more operations conducted during the processing of the received object, the metadata including at least one or more identifiers of processes called during the processing of the received object metadata, and (ii) performing a hash operation on the reduced amount of data associated with the detected behaviors;comparing the fuzzy hash for the received object with a fuzzy hash of an object in a preexisting cluster to generate a similarity measure;associating the received object with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value;creating a new cluster for the received object in response to determining that the similarity measure is below the predefined threshold value; andreporting results of either (i) the associating of the received object with the preexisting cluster or (ii) the creating of the new cluster. 13. The non-transitory storage medium of claim 12, wherein the received object is one of a file, a uniform resource locator, a web object, a capture of network traffic for a user over time, and an email message. 14. The non-transitory storage medium of claim 12, wherein the removed metadata associated with the one or more operations includes metadata associated with one or more of (1) network calls, (2) modifications to a registry, (3) modifications to a file system, or (4) an application program interface call. 15. The non-transitory storage medium of claim 12 further includes instructions that, when executed by the one or more hardware processors, perform a plurality of operations comprising: generating a preliminary malware score for the received object based on a comparison of the reduced amount of data associated with the detected behaviors with data associated with known malware behaviors, wherein the preliminary malware score indicates the probability the received object is malware; andgenerating a final malware score for the received object based on the cluster the received object is associated,wherein the final malware score is greater than the preliminary malware score when the received object is associated with a cluster of objects classified as malware and the final malware score is less than the preliminary malware score when the received object is associated with a cluster of objects classified as non-malware. 16. The non-transitory storage medium of claim 12, wherein the removing of the metadata associated with the one or more operations comprises removing metadata that does not identify the received object. 17. The non-transitory storage medium of claim 12, wherein the removing of the metadata associated with the one or more operations further comprises removing at least a portion of values written to a registry by the received object. 18. The non-transitory storage medium of claim 12 further includes instructions that, when executed by the one or more hardware processors, perform operations comprising: classifying the received object as malware, non-malware, or with an unknown status to match a classification of the preexisting cluster, when the received object is assigned to the preexisting cluster. 19. The non-transitory storage medium of claim 12 further includes instructions that, when executed by the one or more hardware processors, perform operations comprising: assigning a malware family name to the received object to match a malware family name of the preexisting cluster, when the received object is assigned to the preexisting cluster. 20. The non-transitory storage medium of claim 12 including instructions that, when executed by one or more hardware processors, perform an operation of generating of the fuzzy hash that includes one or more operations comprising at least retaining one or more image paths in an associated file system corresponding to a location of a file that is generated or modified during the processing of the received object, or removing the file name prior to performing the hash operation on the data associated with the detected behaviors. 21. The non-transitory storage medium of claim 12 including instructions that, when executed by one or more hardware processors, perform an operation of generating of the fuzzy hash that includes one or more operations comprising retaining one or more image paths corresponding to operations conducted during processing of the received object as part of the data associated with the detected behaviors. 22. A system comprising: one or more hardware processors;a memory including one or more software modules that, when executed by the one or more hardware processors: detect behaviors of a received object, wherein the behaviors are detected after processing the received object;generate a fuzzy hash for the received object based on a portion of the detected behaviors, the generating of the fuzzy hash comprises (i) obtaining a reduced amount of data associated with the detected behaviors by retaining a portion of the data associated with the detected behaviors that corresponds to one or more operations conducted during processing of the received object, and removing metadata associated with the one or more operations conducted during the processing of the received object, the metadata including at least one or more identifiers of processes called during the processing of the received object, and (ii) performing a hash operation on the reduced amount of data associated with the detected behaviors;compare the fuzzy hash for the received object with a fuzzy hash of an object in a preexisting cluster to generate a similarity measure;associate the received object with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value;create a new cluster for the received object in response to determining that the similarity measure is below the predefined threshold value; andreport results of either (i) an association of the received object with the preexisting cluster or (ii) a creation of the new cluster. 23. The system of claim 22, wherein the one or more hardware processors, when executing the software modules, further: classify the received object as malware, non-malware, or with an unknown status to match a classification of the preexisting cluster, when the received object is assigned to the preexisting cluster. 24. The system of claim 22, wherein the one or more hardware processors, when executing the software modules, further: assign a malware family name to the received object to match a malware family name of the preexisting cluster, when the received object is assigned to the preexisting cluster. 25. The system of claim 22, wherein the memory including the one or more software modules that, when executed by the one or more hardware processors, generate the fuzzy hash for the received object based on the portion of the detected behaviors by retaining one or more image paths in an associated file system corresponding to a location of a file that is generated or modified during the processing of the received object or removing a file name prior to conducting the hash operation on the data associated with the detected behaviors. 26. The system of claim 22, wherein the memory including the one or more software modules that, when executed by the one or more hardware processors, generate the fuzzy hash for the received object based on the portion of the detected behaviors that comprises only the one or more image paths corresponding to operations conducted during processing of the received object.

이 특허에 인용된 특허 (199)

Villa, Emilio; Zidaritz, Adrian; Varga, Michael David; Eschelbeck, Gerhard; Jones, Michael Kevin; McArdle, Mark James, Active firewall system and methodology.
상세보기
Thomlinson,Matthew W., Adapting input to find integer overflows.
상세보기
Spertus, Michael P., Adaptive instrumentation through dynamic recompilation.
상세보기
Demir, Tufan; Ranadive, Ameet; Rizvi, Shariq; Daswani, Neilkumar Murli, Adaptive scanning.
상세보기
Satish, Sourabh; Gardner, Patrick, Altering application behavior based on content provider reputation.
상세보기
van der Made, Peter A. J., Analytical virtual machine.
상세보기
Anderson,Todd A.; Putzolu,David M., Apparatus and method for secure, automated response to distributed denial of service attacks.
상세보기
Ben Nun, Michael; Ravid, Sagi; Weil, Ofer, Apparatus and method for wire-speed classification and pre-processing of data packets in a full duplex network.
상세보기
Stolfo, Salvatore J.; Wang, Ke, Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data.
상세보기
Danford, Robert William; Farmer, Kenneth M.; Jeffries, Clark Debs; Sisk, Robert B.; Walter, Michael A., Applying blocking measures progressively to malicious network traffic.
상세보기
Danford,Robert William; Farmer,Kenneth M.; Jeffries,Clark Debs; Sisk,Robert B.; Walter,Michael A., Applying blocking measures progressively to malicious network traffic.
상세보기
Nakae,Masayuki; Yamagata,Masaya, Attack defending system and attack defending method.
상세보기
Deninger, William; de la Iglesia, Erik, Attributes of captured objects in a capture system.
상세보기
Deninger, William; de la Iglesia, Erik, Attributes of captured objects in a capture system.
상세보기
Gryaznov,Dmitry, Automated Internet Relay Chat malware monitoring and interception.
상세보기
Enstone, Mark Richard; Cureington, James Anthony, Automated immune response for a computer.
상세보기
Boulay Jean-Michel Yann,FRX ; Petrillo August T. ; Swimmer Morton Gregory, Automated sample creation of polymorphic and non-polymorphic marcro viruses.
상세보기
Miller Christopher M. (Saratoga CA), Automated testing system.
상세보기
Arnold William C. (Mahopac NY) Chess David M. (Mohegan Lake NY) Kephart Jeffrey O. (Yorktown Heights NY) White Steven R. (New York NY), Automatic immune system for computers and computer networks.
상세보기
Liang, Yung Chang; Chen, Yi Fen, Automatic registration of a virus/worm monitor in a distributed network.
상세보기
Zhang, Liang, Automatic signature generation for malicious PDF files.
상세보기
Teragawa, Daisuke, Backlight device, display device, and television receiver.
상세보기
Kennedy, Mark K., Behavior blocking utilizing positive behavior system and method.
상세보기
Daswani, Neilkumar; Ranadive, Ameet; Rizvi, Shariq; Gagnon, Michael; Demir, Tufan; Eisenhaur, Gerry, Behavioral scanning of mobile applications.
상세보기
Ott Gnther (Erlangen DEX) Kaufhold Wolfgang (Erlangen DEX), Circuit arrangement for attenuation of power oscillations in networks.
상세보기
Shelest, Art; Yariv, Eran; Abzarian, David, Communications traffic segregation for security purposes.
상세보기
Fitzgerald, Joseph; Barenboim, Oleg, Compliance-based adaptations in managed virtual systems.
상세보기
van der Made,Peter A. J, Computer immune system and method for detecting unwanted code in a computer system.
상세보기
Ji Shuang, Computer network malicious code scanner method and apparatus.
상세보기
Shostack Adam ; Allouch David,ILX, Computer security.
상세보기
Schnurer John ; Klemmer Timothy J., Computer virus trap.
상세보기
Aziz, Ashar, Computer worm defense system and method.
상세보기
Kanchirayappa, Virupaksha N.; Chandramouli, Natarajan, Computer-implemented PDF document management.
상세보기
Costa, Manuel; Castro, Miguel; Rowstron, Antony; Crowcroft, Jon, Containment of worms.
상세보기
Chess, Brian V; Fay, Sean Patrick, Context-sensitive taint analysis.
상세보기
Sprosts, Craig; Kennedy, Scot; Quinlan, Daniel; Rosenstein, Larry; Slater, Charles, Controlling a message quarantine.
상세보기
Pak,Michael C.; Kouznetsov,Victor, Delayed-delivery quarantining of network communications having suspicious contents.
상세보기
Ranjan, Supranamaya, Detecting DNS fast-flux anomalies.
상세보기
Muttik, Igor; Long, Duncan V., Detecting computer viruses or malicious software by patching instructions into an emulator.
상세보기
Ismael, Osman Abdoul; Yie, Samuel; Manni, Jayaraman; Amin, Muhammad; Mahbod, Bahman, Detecting malicious network content using virtual environment components.
상세보기
Szor, Peter; Ferrie, Peter, Detecting malicious software through process dump scanning.
상세보기
Nachenberg, Carey; Wilhelm, Jeffrey, Detecting polymorphic threats.
상세보기
Xie, Liang; Zhang, Xinwen; Seifert, Jean-Pierre; Aciicmez, Onur; Latifi, Afshin, Detecting unauthorized use of computing devices based on behavioral patterns.
상세보기
Chi Darren, Detection and elimination of macro viruses.
상세보기
Drew,James Howard; Liu,Hui, Diagnosing fault patterns in telecommunication networks.
상세보기
Bennett, Jeremy, Differential threat detection processing.
상세보기
Carey S. Nachenberg, Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases.
상세보기
Bahl, Pradeep, Dynamic risk management.
상세보기
Aziz, Ashar; Radhakrishnan, Ramesh; Lai, Wei-Lung; Manni, Jayaraman, Dynamic signature creation and enforcement.
상세보기
Vaidya Vimal, Dynamic signature inspection-based network intrusion detection.
상세보기
Dadhia, Rajesh K; Field, Scott A., Dynamically computing reputation scores for objects.
상세보기
Aziz, Ashar; Uyeno, Henry; Manni, Jay; Amin, Muhammad; Staniford, Stuart, Electronic message analysis for malware detection.
상세보기
Guo, Fanglu; Chiueh, Tzi-cker, Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code.
상세보기
Cidon Israel,ILX ; Sidi Moshe,ILX, Fault location and performance testing of communication networks.
상세보기
Lowe, Rick; Broeker, Stephen; Liu, Weimin, File system for a capture system.
상세보기
Ramzan, Zulfikar, Filter-based identification of malicious websites.
상세보기
Ismael, Osman Abdoul; Song, Dawn, Framework for efficient security coverage of mobile software applications installed on mobile devices.
상세보기
Ismael, Osman Abdoul; Aziz, Ashar, Framework for multi-phase analysis of mobile applications.
상세보기
Asbj?rn S?rhaug ; Aleksandr L. Kupchik, Full-duplex medium tap apparatus and system.
상세보기
Wolff,Daniel Joseph; Spurlock,Joel Robert; Edwards,Jonathan Lewis, Handling of malware scanning of files stored within a file storage device of a computer network.
상세보기
Aziz, Ashar; Drzewiecki, Adrian; Radhakrishnan, Ramesh; Manni, Jayaraman; Amin, Muhammad, Heuristic based capture with replay to virtual machine.
상세보기
Spiegel,Mark; McCorkendale,Bruce; Sobel,William, Heuristic detection and termination of fast spreading network worm attacks.
상세보기
Szor,Peter, Heuristic detection of malicious computer code by page tracking.
상세보기
Narasimhan, Srinivasan; Hejmadi, Parthiv; Sreenath, Sheshadri, Host state monitoring.
상세보기
Sprosts, Craig; Kennedy, Scot; Quinlan, Daniel; Rosenstein, Larry; Slater, Charles, Identifying threats in electronic messages.
상세보기
Oshima, Akihide, Image forming system, image forming method and information terminal device.
상세보기
Liang,Yung Chang, Innoculation of computing devices against a selected computer virus.
상세보기
Roesch,Martin F.; Gula,Ronald J., Intrusion and misuse deterrence system employing a virtual network.
상세보기
Steven D. Shanklin ; Thomas E. Bernhard ; Gerald S. Lathem, Intrusion detection signature analysis using regular expressions and logical operators.
상세보기
Ranjan, Supranamaya, Machine learning based botnet detection using real-time extracted traffic features.
상세보기
Ranadive, Ameet; Rizvi, Shariq; Daswani, Neilkumar Murli, Malicious advertisement detection and remediation.
상세보기
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Malware containment and security analysis on connection.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Malware containment on connection.
상세보기
Aziz, Ashar, Malware defense system and method.
상세보기
Vaystikh, Alex; Polansky, Robert; Saklikar, Samir Dilipkumar; Liptz, Liron, Malware detection using risk analysis based on file system and network activity.
상세보기
Tuvell, George; Venugopal, Deepak; Hu, Guoning, Malware modeling detection system and method for mobile platforms.
상세보기
Hursey,Nell John; McEwan,William Alexander, Malware scanning of compressed computer files.
상세보기
Xie, Michael, Managing network traffic flow.
상세보기
Chen, Yan; Li, Zhichun; Xia, Gao; Liu, Bin, Matching with a large vulnerability signature ruleset for high performance network defense.
상세보기
O'Toole, Jr.,James W., Method and apparatus for capturing and filtering datagrams for network security monitoring.
상세보기
Killean Reginald (Burntisland GB3) Robb David (Aberdeen GB3) White Norman Jackson (Tayside GB3), Method and apparatus for controlling access to and corruption of information in computer systems.
상세보기
Hendel Ariel (Ronkonkoma NY) Virzi John D. (Bronx NY), Method and apparatus for controlling data communication operations within stations of a local-area network.
상세보기
Wallman, David, Method and apparatus for implementing concurrently running jobs on an extended virtual machine using different heaps managers.
상세보기
Arnold, William C.; Chess, David M.; Morar, John F.; Segal, Alla; Swimmer, Morton G.; Whalley, Ian N.; White, Steve R., Method and apparatus for replicating and analyzing worm programs.
상세보기
Petersen, Scott E., Method and apparatus for secure execution of code.
상세보기
Arnold,William C.; Chess,David M.; Morar,John F.; Segal,Alla; Whalley,Ian N.; White,Steve R., Method and apparatus for the automatic determination of potentially worm-like behavior of a program.
상세보기
Donaldson,Albert L., Method and system for blocking e-mail having a nonexistent sender address.
상세보기
Poston, Robert J., Method and system for classification of software using characteristics and combinations of such characteristics.
상세보기
Kasper,James W.; Beriswill,Paul A.; Wiley,Kevin L., Method and system for configurable network intrusion detection.
상세보기
Kevin J. Ziese, Method and system for dynamically distributing updates in a network.
상세보기
Xue, Hui; Liu, Yixun; Guetter, Christoph; Jolly, Marie-Pierre; Gühring, Jens, Method and system for propagation of myocardial infarction from delayed enhanced cardiac imaging to cine magnetic resonance imaging using hybrid image registration.
상세보기
Choi, Jong-Deok; Konuru, Ravi; Srinivasan, Harini, Method and system for recording and replaying the execution of distributed java programs.
상세보기
Kuzkin, Maxim A.; Tormasov, Alexander G., Method and system for remote device access in virtual environment.
상세보기
Kejriwal, Nidhi Govindram; Judge, Paul, Method for detecting malicious javascript.
상세보기
Carpenter,Brian Edward; Himberger,Kevin David; Jeffries,Clark Debs; Peyravian,Mohammad, Method of responding to a truncated secure session attack.
상세보기
Chiriac, Mihai, Method, computer program and computer for analyzing an executable computer file.
상세보기
Ivchenko,Olexiy; Kraplin,Denys L., Methods and apparatus for performing data acquisition and control.
상세보기
Zimmer,Vincent J.; Rothman,Michael A., Methods and apparatus to provide network traffic support and physical security support.
상세보기
Schmid, Matthew N.; Weber, Michael; Haddox-Schatz, Michael; Geyer, David, Methods for identifying malicious software.
상세보기
Stolfo, Salvatore J.; Li, Wei-Jen; Keromylis, Angelos D.; Androulaki, Elli, Methods, media, and systems for detecting attack on a digital processing device.
상세보기
Capek Peter G. ; Cuomo Gennaro A. ; Unger Jay H., Methods, systems and computer program products for providing insertions during delays in interactive systems.
상세보기
Daswani, Neilkumar Murli; Ranadive, Ameet; Rizvi, Shariq, Mitigating malware.
상세보기
Tzadikario, Rephael, Mitigating network attacks using automatic signature generation.
상세보기
Miller, Michael D.; Ulaszek, Ryan R., Model-based testing using branches, decisions, and options.
상세보기
Schneider, Scott; Griffin, Kent, Modeling goodware characteristics to reduce false positive malware signatures.
상세보기
Baker, Stephen M., Multilayered intrusion detection system and method.
상세보기
Branscomb,Brian; Black,Darryl; Perry,James R, Network device identity authentication.
상세보기
Sobchuk, Gregory M.; Subramaniam, Shekhar; Zaheer, Khurram; Gelfenshteyn, Alexander; Shetty, Ramesh; Brady, Michael; Donnegan, George; McGuire, Roger, Network intrusion mitigation.
상세보기
Liang,Yung Chang; Chen,Yi Fen, Network isolation techniques suitable for virus protection.
상세보기
Gordy, Stephen C.; Poelstra, Henry D.; Otis, Robert W.; Gallatin, Tom, Network security tap for use with intrusion detection system.
상세보기
Manni, Jayaraman; Aziz, Ashar; Gong, Fengmin; Loganathan, Upendran; Amin, Muhammad, Network-based binary file extraction and analysis for malware detection.
상세보기
Manni, Jayaraman; Aziz, Ashar; Gong, Fengmin; Loganathan, Upendran; Amin, Muhammad, Network-based binary file extraction and analysis for malware detection.
상세보기
Tuvell, George; Venugopal, Deepak; Pfefferle, Matthew, Non-signature malware detection system and method for mobile platforms.
상세보기
Eker, Johan; Johansson, Björn; Von Platen, Carl, Obfuscating computer program code.
상세보기
Zhang, Yufeng; Chen, Xiaoxin; Le, Bich Cau; Krishnan, Jagannath Gopal; Uluski, Derek, On-access anti-virus mechanism for virtual machine architecture.
상세보기
Amit, Yair; Hay, Roee; Saltzman, Roi; Sharabani, Adi, Pinpointing security vulnerabilities in computer software applications.
상세보기
Aziz, Ashar; Drzewiecki, Adrian; Radhakrishnan, Ramesh; Manni, Jayaraman; Amin, Muhammad, Policy based capture with replay to virtual machine.
상세보기
Ball, Thomas J., Predicate-based test coverage and generation.
상세보기
Wu, Handong; Genes, Raimund Alexander, Preventing malicious codes from performing malicious actions in a computer system.
상세보기
Green, David E.; Payne, Richard; Wood, Trevor, Preventing propagation of malicious software during execution in a virtual machine.
상세보기
Alperovitch, Dmitri; Greve, Paula; Judge, Paul; Krasser, Sven; Schneck, Phyllis Adele, Prioritizing network traffic.
상세보기
Aziz, Ashar, Prospective client identification using malware attack detection.
상세보기
Zaitsev, Oleg V.; Denisov, Vitaly I., Protection against malware on web resources.
상세보기
Kraemer, Jeffrey A., Protection of computer resources.
상세보기
Kraemer, Jeffrey A., Protection of computer resources.
상세보기
Rogel, Lawrence S., Providing security in mobile devices via a virtualization software layer.
상세보기
Batenin, Vyacheslav A., Rapid analysis of data stream for malware presence.
상세보기
Nachenberg, Carey S.; Griffin, Kent E., Reducing malware signature set size through server-side processing.
상세보기
Hutton, Samuel Harrison; Goddard, Trevor, Resisting the spread of unwanted code and data.
상세보기
Bucher,Tim, Restoration of data corrupted by viruses using pre-infected copy of data.
상세보기
Zhao, Xiaoming; Chen, Gang; Chang, Eric, Scheduled gateway scanning arrangement and methods thereof.
상세보기
Sobel, William E.; Satish, Sourabh, Secure network cache content.
상세보기
Wang, Jiahe Helen; Lorch, Jacob R.; Parno, Bryan Jeffrey, Securing anti-virus software with virtualization.
상세보기
Natvig,Kurt, Simulated computer system for monitoring of software performance.
상세보기
Mann, Uriel; Doshi, Nishant, Software object corruption detection.
상세보기
Viljoen, Petrus Johannes; Meggers, Jens, Streaming malware definition updates.
상세보기
Edwards, Jonathan L.; Teddy, John D., Subsequent processing of scanning task utilizing subset of virtual machines predetermined to have scanner process and adjusting amount of subsequest VMs processing based on load.
상세보기
Dansey, Stephen Thomas; Kuc, Zenon, Switching device, method, and computer program for efficient intrusion detection.
상세보기
Hibbs James D. ; Brodhecker John W., System and method for alerting safety personnel of unsafe air temperature conditions.
상세보기
Aziz, Ashar; Radhakrishnan, Ramesh; Ismael, Osman, System and method for analyzing suspicious network data.
상세보기
Jordan,Myles, System and method for computer virus detection utilizing heuristic analysis.
상세보기
Silberman, Peter J.; Butler, II, James R.; Harbour, Nick J., System and method for detecting executable machine instructions in a data stream.
상세보기
Pavlyushchik, Mikhail A., System and method for detecting malicious code executed by virtual machine.
상세보기
Parshin, Yury G.; Pintiysky, Vladislav V., System and method for detecting malware targeting the boot process of a computer using boot process emulation.
상세보기
McMillan, Chad; Garman, Jason, System and method for determining data entropy to identify malware.
상세보기
Doukhvalov, Andrey P.; Tikhomirov, Anton V., System and method for dynamically allocating computing resources for processing security information.
상세보기
Eric David O'Brien ; James Robert Tryon, Jr., System and method for dynamically sensing an asynchronous network event within a modular framework for network event processing.
상세보기
David Robert Wray GB; David John Blanchfield GB, System and method for extensible positive client identification.
상세보기
Hibbs, James D.; Brodhecker, John W., System and method for identifying unsafe temperature conditions.
상세보기
James D. Hibbs ; John W. Brodhecker, System and method for identifying unsafe temperature conditions.
상세보기
Appelt,Daren R.; Brunson,Kevin K.; Hibbs,James D., System and method for identifying, monitoring and evaluating equipment, environmental and physiological conditions.
상세보기
Hoefelmeyer,Ralph S.; Phillips,Theresa E., System and method for malicious code detection.
상세보기
Green, David E.; Payne, Richard; Kilmer, William, System and method for malicious software detection in multiple protocols.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, System and method for malware containment.
상세보기
Ivancic,Franjo; Ashar,Pranav N.; Ganai,Malay; Gupta,Aarti; Yang,Zijiang, System and method for modeling, abstraction, and analysis of software.
상세보기
Hubbard, Dan; Verenini, Nicholas Joseph; Baddour, Victor Louie, System and method of analyzing web content.
상세보기
Aziz, Ashar, System and method of containing computer worms.
상세보기
Aziz, Ashar, System and method of detecting computer worms.
상세보기
Aziz, Ashar, System and method of detecting malicious traffic while reducing false positives.
상세보기
Aziz, Ashar, System and method of detecting time-delayed malicious traffic.
상세보기
Apap,Frank; Honig,Andrew; Shlomo,Hershkop; Eskin,Eleazar; Stolfo,Salvatore J., System and methods for detecting intrusions in a computer system by monitoring operating system registry accesses.
상세보기
Kirby, Alan J., System and methods for integration of behavioral and signature based security.
상세보기
Tso Michael Man-Hak ; Bakshi Bikram Singh, System for virus-checking network data during download to a client device.
상세보기
Ahn, Tae Jin; Park, Taejoon, System, apparatus and method of malware diagnosis mechanism based on immunization database.
상세보기
Singh, Abhishek; Manni, Jayaraman, Systems and methods for automatically detecting backdoors.
상세보기
McCorkendale, Bruce; Tian, Xue Feng; Gong, Sheng; Zhu, Xiaole; Mao, Jun; Meng, Qingchun; Huang, Ge Hua; Hu, Wei Guo Eric, Systems and methods for combining static and dynamic code analysis.
상세보기
Aziz, Ashar, Systems and methods for computer worm defense.
상세보기
Stolfo, Salvatore J.; Keromytis, Angelos D.; Misra, Vishal; Locasto, Michael E.; Parekh, Janak, Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems.
상세보기
Stolfo, Salvatore J.; Malkin, Tal; Keromytis, Angelos D.; Misra, Vishal; Locasto, Michael; Parekh, Janak, Systems and methods for correlating and distributing intrusion alert information among collaborating computer systems.
상세보기
Sidiroglou, Stylianos; Keromytis, Angelos D.; Anagnostakis, Kostas G., Systems and methods for detecting and inhibiting attacks using honeypots.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Systems and methods for detecting communication channels of bots.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Systems and methods for detecting encrypted bot command and control communication channels.
상세보기
Staniford, Stuart Gresley; Aziz, Ashar, Systems and methods for detecting malicious PDF network content.
상세보기
Staniford, Stuart Gresley; Aziz, Ashar, Systems and methods for detecting malicious PDF network content.
상세보기
Staniford, Stuart Gresley; Aziz, Ashar, Systems and methods for detecting malicious network content.
상세보기
Bodke, Anand, Systems and methods for detecting malware on mobile platforms.
상세보기
Gubin, Maxim; Newstadt, Keith, Systems and methods for emulating the behavior of a user in a computer-human interaction environment.
상세보기
Judge,Paul; Rajan,Guru, Systems and methods for enhancing electronic communication security.
상세보기
Bodke, Anand, Systems and methods for identifying polymorphic malware.
상세보기
Edwards, Sr., Thomas Scott, Systems and methods for improving virtual machine performance.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Systems and methods for malware attack detection and identification.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Systems and methods for malware attack prevention.
상세보기
Petry, Scott M.; Akamine, Shinya; Lund, Peter Kevin; Cox, Fred; Oswall, Michael John, Systems and methods for managing the transmission of electronic messages through active message date updating.
상세보기
Judge,Paul, Systems and methods for message threat management.
상세보기
Staniford, Stuart Gresley; Aziz, Ashar, Systems and methods for scheduling analysis of network content for malware.
상세보기
Merkle, Jr.,James A.; LeVine,Richard B.; Lee,Andrew R.; Howard,Daniel G.; Goldman,Daniel M.; Pagliarulo,Jeffrey A.; Hart, III,John J.; Bouza,Jose L., Systems and methods for the prevention of unauthorized use and manipulation of digital content.
상세보기
Judge,Paul, Systems and methods for upstream threat pushback.
상세보기
Stolfo, Salvatore J; Wang, Ke; Parekh, Janak, Systems, methods, and media for outputting a dataset based upon anomaly detection.
상세보기
Leake, Edward N.; Pike, Geoffrey, Taint tracking mechanism for computer security.
상세보기
Durham,David M.; Sahita,Ravi; Rajagopal,Priya; Kardach,James; Hahn,Scott; Yavatkar,Raj, Techniques for self-isolation of networked devices.
상세보기
Thrower, Woodrow A.; Bhattacharya, Sourav S., Threat analysis.
상세보기
Chen,Eva; Sun,Jimmy; Chou,Terrence; Deutsch,Steven; Havran,Mark, Tracking and reporting of computer virus information.
상세보기
Izatt,David, Undetectable firewall.
상세보기
Reed,Eugene R., Virtual machine use and optimization of hardware configurations.
상세보기
Aziz, Ashar; Radhakrishnan, Ramesh; Ismael, Osman, Virtual machine with dynamic data flow analysis.
상세보기
Zhao,Guangyu; Liu,Meyer; Badrinath,Subramaniam, Virus detection and removal system and method for network-based systems.
상세보기
Marsden, Walter L.; Green, David E., Virus detection by executing e-mail code in a virtual machine.
상세보기
Liang, Yung Chang; Chen, Yi Fen, Virus monitor and methods of use thereof.
상세보기

이 특허를 인용한 특허 (52)

Neumann, Justin, Analytic-based security with learning adaptability.
상세보기
Langton, Jacob Asher; Quinlan, Daniel J.; Adams, Kyle, Confirming a malware infection on a client device using a remote access connection tool to identify a malicious file based on fuzzy hashes.
상세보기
Langton, Jacob Asher; Quinlan, Daniel J.; Adams, Kyle, Confirming a malware infection on a client device using a remote access connection tool, to identify a malicious file based on fuzz hashes.
상세보기
Manni, Jayaraman; Eun, Philip; Berrow, Michael M., Correlation and consolidation of analytic data for holistic view of malware attack.
상세보기
Mehra, Divyesh; Singh, Abhishek, Cyber attack early warning system.
상세보기
Aronovich, Lior, Data structures for digests matching in a data deduplication system.
상세보기
Gomez, Joshua Lewis; Singh, Abhishek, Detection and classification of exploit kits.
상세보기
Paithane, Sushant; Vashisht, Sai, Detection efficacy of virtual machine-based analysis with application specific events.
상세보기
Mushtaq, Atif; Rosenberry, Todd; Aziz, Ashar; Islam, Ali, Distributed systems and methods for automatically detecting unknown bots and botnets.
상세보기
Paithane, Sushant; Vashisht, Sai, Dynamic content activation for automated analysis of embedded objects.
상세보기
Goradia, Harnish, Dynamic guest image creation and rollback.
상세보기
Manni, Jayaraman; Eun, Philip; Berrow, Michael M., Electronic device for aggregation, correlation and consolidation of analysis attributes.
상세보기
Aziz, Ashar; Uyeno, Henry; Manni, Jay; Sukhera, Amin; Staniford, Stuart, Electronic message analysis for malware detection.
상세보기
Aziz, Ashar; Uyeno, Henry; Manni, Jay; Sukhera, Amin; Staniford, Stuart, Electronic message analysis for malware detection.
상세보기
Ismael, Osman Abdoul; Song, Dawn; Aziz, Ashar; Johnson, Noah; Mohan, Prshanth; Xue, Hui, Framework for efficient security coverage of mobile software applications.
상세보기
Mesdaq, Ali; Westin, III, Paul L., Fuzzy hash of behavioral results.
상세보기
Mesdaq, Ali; Westin, III, Paul L., Fuzzy hash of behavioral results.
상세보기
Abbasi, Fahim H.; Salam, Abdul; Shahzad, Farrukh, Leveraging behavior-based rules for malware family classification.
상세보기
Thioux, Emmanuel; Amin, Muhammad; Kindlund, Darien; Pilipenko, Alex; Vincent, Michael, Malicious content analysis using simulated user interaction without user involvement.
상세보기
Khalid, Yasir; Amin, Muhammad; Jing, Emily; Rizwan, Muhammad, Malicious content analysis with multi-version application support within single operating environment.
상세보기
Vincent, Michael; Mesdaq, Ali; Thioux, Emmanuel; Singh, Abhishek; Vashisht, Sal, Malware analysis in accordance with an analysis plan.
상세보기
Malik, Amit; Pande, Reghav; Jain, Aakash, Method to detect application execution hijacking using memory protection.
상세보기
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, Network-based malware detection.
상세보기
Aronovich, Lior, Optimizing digest based data matching in similarity based deduplication.
상세보기
Aziz, Ashar, Subscriber based protection system.
상세보기
Khalid, Yasir; Deshpande, Shivani, Susceptible environment detection system.
상세보기
Aziz, Ashar, System and method for detecting anomalous behaviors using a virtual machine environment.
상세보기
Paithane, Sushant; Vashist, Sai; Yang, Raymond; Khalid, Yasir, System and method for detecting file altering behaviors pertaining to a malicious attack.
상세보기
Paithane, Sushant; Vashisht, Sai Omkar, System and method for detecting interpreter-based exploit attacks.
상세보기
Kindlund, Darien; Wolf, Julia; Bennett, James, System and method for detecting malicious activity based on at least one environmental property.
상세보기
Pidathala, Vinay; Uyeno, Henry, System and method for detecting malicious links in electronic messages.
상세보기
Paithane, Sushant; Vincent, Michael; Vashisht, Sai; Kindlund, Darien, System and method for detecting time-bomb malware.
상세보기
Paithane, Sushant; Vincent, Michael; Vashisht, Sai; Kindlund, Darien, System and method for detecting time-bomb malware.
상세보기
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method for determining a threat based on correlation of indicators of compromise from other sources.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, System and method for malware containment.
상세보기
Amin, Muhammad; Mehmood, Masood; Ramaswamy, Ramaswamy; Challa, Madhusudan; Karandikar, Shrikrishna, System and method for offloading packet processing and static analysis operations.
상세보기
Steinberg, Udo, System and method for protecting memory pages associated with a process using a virtualization layer.
상세보기
Kumar, Vineet; Otvagin, Alexander; Borodulin, Nikita, System and method for triggering analysis of an object for malware in response to modification of that object.
상세보기
Rivlin, Alexandr; Mehra, Divyesh; Uyeno, Henry; Pidathala, Vinay, System and method of detecting delivery of malware based on indicators of compromise from different sources.
상세보기
Kabra, Atul; Stecklina, Julian; Rathor, Hirendra; Steinberg, Udo, System and method of threat detection under hypervisor control.
상세보기
Cunningham, Sean, System and method to communicate sensitive information via one or more untrusted intermediate nodes with resilience to disconnected network topology.
상세보기
Thompson, Matthew; Hijazi, Karim, System and method to manage sinkholes.
상세보기
Wilson, Theodore, System and method to visualize user sessions.
상세보기
Pilipenko, Alex; Ha, Phung-Te, System and methods for advanced malware detection through placement of transition events.
상세보기
Islam, Ali, System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection.
상세보기
Karandikar, Shrikrishna; Amin, Muhammad; Deshpande, Shivani; Khalid, Yasir, System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers.
상세보기
Aziz, Ashar, Systems and methods for computer worm defense.
상세보기
Aziz, Ashar; Lai, Wei-Lung; Manni, Jayaraman, Systems and methods for malware attack prevention by intercepting flows of information.
상세보기
Aziz, Ashar, Systems and methods for malware defense.
상세보기
Husain, Syed Mohammad Amir; Abel, Martin Andreas, Systems and methods for using cognitive fingerprints.
상세보기
Bu, Zheng; Lin, Yichong, Zero-day discovery system.
상세보기
Zafar, Asim; Qureshi, Eirij; Kindlund, Darien, Zero-day rotating guest image profile.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

[미국특허] Fuzzy hash of behavioral results 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (199)

이 특허를 인용한 특허 (52)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

이 특허와 함께 이용한 콘텐츠

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

[미국특허] Fuzzy hash of behavioral results 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (199)

이 특허를 인용한 특허 (52)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

이 특허와 함께 이용한 콘텐츠

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트