公开(公告)号：EP2446363A1

公开(公告)日：2012-05-02

申请号：EP10792455.7

申请日：2010-06-25

申请人： HBGary, Inc.

发明人： HOGLUND, Michael, Gregory

IPC分类号： G06F12/14

CPC分类号： G06F21/562 ,  G06F21/563 ,  G06F21/564 ,  H04L9/3239 ,  H04L63/123

摘要： An embodiment of the invention provides a method for and an apparatus for classifying a data object by use of a fuzzy hash. The method and apparatus can perform steps including: aligning a window in a target data object; reading content within the window; hashing the content within the window in order to calculate a hash value; splicing a spliced portion from the hashed value; and storing the spliced portion as part of a fuzzy hash.

摘要翻译： 本发明的一个实施例提供了一种通过使用模糊散列对数据对象进行分类的方法和装置。 该方法和装置可以执行包括：对准目标数据对象中的窗口的步骤; 在窗口内阅读内容; 为了计算哈希值，在窗口内散列内容; 从拼接值拼接拼接部分; 并将拼接部分作为模糊散列的一部分进行存储。

公开(公告)号：EP2441025A1

公开(公告)日：2012-04-18

申请号：EP10723580.6

申请日：2010-05-28

申请人： F-Secure Corporation

发明人： NIEMELÄ, Jarno

IPC分类号： G06F21/00

CPC分类号： G06F21/563 ,  G06F2221/2111

摘要： A method of scanning files for malware on a computer system. The method comprises receiving a file to be scanned in the system, and using at least one malware scanning engine to determine whether or not the file possesses properties that are indicative of malware. If it is determined that the file does possess properties that are indicative of malware, then at least one cleanliness scanning engine is used to determine whether or not the file possesses properties that are indicative of a clean file. If it is determined that the file possesses properties that are indicative of a clean file, then a false alarm is signalled.

公开(公告)号：EP2282278A2

公开(公告)日：2011-02-09

申请号：EP10251327.2

申请日：2010-07-26

申请人： Bank of America Corporation

发明人： Andersen, David M ,  Richards, Phillip L ,  Bunton, Brandee Lynn

IPC分类号： G06F21/00

CPC分类号： H04L63/145 ,  G06F17/30905 ,  G06F21/52 ,  G06F21/563 ,  H04L63/1483

摘要： In general, embodiments of the invention relate to systems, methods, and computer program products for previewing, in a safe environment, a given web page that is or may be conducting dangerous or fraudulent activity, including malware distribution and phishing activity. More particularly, embodiments of the invention relate to previewing a given web page in a safe environment by obtaining and breaking down the source code behind the given web page and constructing a preview of the web page without any potentially harmful images, scripts, executables, and/or the like.

摘要翻译： 一般来说，本发明的实施例涉及用于在安全环境中预览正在或可能正在进行危险或欺诈活动（包括恶意软件分发和网络钓鱼活动）的给定网页的系统，方法和计算机程序产品。 更具体地，本发明的实施例涉及通过获得和分解给定网页后面的源代码并构建网页的预览而没有任何可能有害的图像，脚本，可执行文件和 /等等。

公开(公告)号：EP2156283A1

公开(公告)日：2010-02-24

申请号：EP08754955.6

申请日：2008-04-29

申请人： Motorola, Inc.

发明人： GUDETH, Kevin S., ,  UNER, Eric Ridvan

IPC分类号： G06F9/06 ,  G06F9/00

CPC分类号： G06F21/563

摘要： A data-type management unit (120) include a rules module (230) which includes at least one identification standard (240) paired with an associated code type (250), an interface module (210) configured to receive a code signal, and an analysis module (220) coupled to the interface module (210) and to the rules module (230). Each identification standard (240) includes a comparison rule (310) paired with associated rejection criteria (320). The comparison rule (310) of each identification standard (240) includes at least one code pattern (330) representative of the associated code type (250). The rejection criteria (320) of each identification standard (240) includes at least one rejection rule (340). The analysis module (220) is configured to compare the received code signal to each code pattern (330) in each identification standard (240) and to recognize if one or more of the comparison results violates one or more of the rejection rules (340).

公开(公告)号：EP2018610A1

公开(公告)日：2009-01-28

申请号：EP07766022.3

申请日：2007-05-10

申请人： France Telecom

发明人： CREGUT, Pierre ,  ALVARADO, Cuihtlauac ,  JENSEN, Thomas ,  SCHNEIDER, Gerardo ,  PICHARDIE, David ,  CACHERA, David

IPC分类号： G06F9/44 ,  G06F9/45 ,  G06F21/00

CPC分类号： G06F9/44589 ,  G06F8/20 ,  G06F8/433 ,  G06F21/563

摘要： The determination of numbers of critical path method calls in an object language application in order to determine an upper limit of the numbers of calls for a critical path method of an object-oriented language application, between two interactions between the application and a user, the application being executed in a calling environment for executing recall methods in response to an external event or an internal event linked to a action-recording method call, a call graph is constructed such that each arc linking a calling method to a called method of the application, and having an action-recording method as a called method is replaced by a set of arcs linking the calling method to various recall methods capable of being triggered in response to the action-recording method call. The upper limit is determined to be the maximum value for the estimated number of critical path method calls for each recall method identified in the call graph.

公开(公告)号：EP1899933A2

公开(公告)日：2008-03-19

申请号：EP06756193.6

申请日：2006-06-05

申请人： Aladdin Knowledge Systems, Ltd.

发明人： ZAMIR, SHAY ,  MARGALIT, Yanki ,  MARGALIT, Dany

IPC分类号： G08B23/00

CPC分类号： H04L63/145 ,  G06F21/563 ,  H04L63/1416

摘要： The present invention is directed to a method for indicating if an executable file is malicious, the method comprising the steps of: indicating if the executable file is packed; and if the executable file is packed, determining the executable file as malicious if the executable file satisfies a maliciousness criterion, such as a size less than 200 KB. According to a preferred embodiment of the invention, indicating if the executable file is packed is carried out by the steps of: for at least one section of the file which is not a resource section: compressing at least a part of the section; and indicating that the executable is packed if the compression ratio as a result of the compressing is less than a threshold (e.g., about 10 percent).

公开(公告)号：EP1897074A2

公开(公告)日：2008-03-12

申请号：EP06784623.8

申请日：2006-06-06

申请人： QUALCOMM INCORPORATED

发明人： JHA, Sanjay, K. ,  ABDI, Behrooz, L. ,  SCOTT, Clifton, Eugene ,  FOK, Kenny ,  CASSETT, Tia, Manning ,  HWANG, Jihyun

IPC分类号： G07F19/00

CPC分类号： H04L63/145 ,  G06F21/51 ,  G06F21/54 ,  G06F21/552 ,  G06F21/563 ,  G06F21/566 ,  G06F21/568 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04W8/245 ,  H04W12/12

摘要： Detection and management methods and apparatus for wireless devices (102) may include an executable instruction authorization module (114) operable to scan executable instructions on a wireless device, generate a log (120) indicative of a virus or otherwise unauthorized executable instructions based on a received authorization configuration (118), and forward the log to a user manager (108). The user manager may be operable to analyze the log and generate an authorization report (154) which may be viewable by an operator to determine the disposition of unauthorized executable instructions At least one of the executable instruction authorization module, the user manager, and the operator may be operable to generate a control command operable to delete, or otherwise disable, unauthorized executable instructions on the wireless device, or to restore the executable instructions on the wireless device

公开(公告)号：EP1549012A1

公开(公告)日：2005-06-29

申请号：EP03447310.8

申请日：2003-12-24

申请人： DataCenterTechnologies N.V.

发明人： De Spiegeleer, Kristof

IPC分类号： H04L29/06 ,  G06F1/00

CPC分类号： G06F21/6245 ,  G06F21/56 ,  G06F21/562 ,  G06F21/563 ,  G06F21/565 ,  G06F21/57 ,  G06F2221/033 ,  G06F2221/2101 ,  G06F2221/2141 ,  H04L63/102 ,  H04L63/123 ,  H04L63/145

摘要： A method and system for performing securing and controlling of a network using content identification of files in a network having a central infrastructure and local computing devices is presented. The method comprises calculating a hash value of a new file created or received on a local computing device, transmitting the hash value to the central infrastructure, comparing the hash value with a previously determined hash value stored in a database on the central infrastructure to determine whether the file is new to the network and if the file is new to the network, checking the file content with a content identifying engine, installed and updated on the central infrastructure. Content attributes are determined for the files which allow to perform appropriate actions on the local computing devices according to policy rules.

摘要翻译： 提出了一种使用内容识别具有中央基础设施和本地计算设备的网络中的文件进行网络保护和控制的方法和系统。 该方法包括计算在本地计算设备上创建或接收的新文件的哈希值，将哈希值发送到中央基础设施，将哈希值与存储在中央基础设施上的数据库中的先前确定的哈希值进行比较，以确定是否 该文件对于网络来说是新的，如果该文件是新的网络，则使用在中央基础设施上安装和更新的内容识别引擎来检查文件内容。 确定允许根据策略规则对本地计算设备执行适当操作的文件的内容属性。

公开(公告)号：EP4367840A1

公开(公告)日：2024-05-15

申请号：EP22838419.4

申请日：2022-07-07

申请人： Darktrace Holdings Limited

发明人： DUNN, Matthew ,  HEINEMEYER, Maximilian Florian, Thomas ,  LAI, Jake ,  SALJI, Carl, Joseph

IPC分类号： H04L9/40 ,  G06N20/00

CPC分类号： H04L41/16 ,  G06F21/563 ,  G06F21/577 ,  G06F2221/03320130101 ,  H04L63/1408 ,  G06F11/3604

公开(公告)号：EP3379443A1

公开(公告)日：2018-09-26

申请号：EP17162832.4

申请日：2017-03-24

申请人： CSPi GmbH

发明人： Rosenkranz, Sebastian

IPC分类号： G06F21/56

CPC分类号： G06F21/563

摘要： A method to deobfuscate a source code (S1) using a computer device (4), comprises steps of obtaining, based on the source code (S1) to be deobfuscated, a representation of the source code (A), the source code (S1) comprising at least one of static constructs and dynamic constructs, and deobfuscating, by a deobfuscation unit (1) of the computer device (4), the source code (S1) using the representation of the source code (A). Herein, said deobfuscating includes: examining, by the deobfuscation unit (1), in a detection step (10) the representation of the source code (A) to detect at least one static construct within the representation of the source code (A); if at least one static construct is detected in the representation of the source code (A), modifying, by the deobfuscation unit (1), in a modification step (11, 12) the at least one static construct according to a predefined ruleset (110, 120) to obtain a modified representation of the source code (A); and outputting, based on the modified representation of the source code (A), the deobfuscated source code (S2). In this way a method is provided to deobfuscate a source code using a computer device which allows for a reliable and automatic deobfuscation of a sample of a source code.