-
公开(公告)号:EP3225010B1
公开(公告)日:2018-09-26
申请号:EP15816541.5
申请日:2015-11-24
申请人: Ensilo Ltd.
发明人: KATMOR, Roy , BITTON, Tomer , YAVO, Udi , KELSON, Ido
IPC分类号: H04L29/06
CPC分类号: H04L69/161 , H04L63/0236 , H04L63/0263 , H04L63/0281 , H04L63/1416 , H04L63/1441
摘要: There is provided a method for authenticating an attempt at establishment of a network connection by allowed code, comprising: providing a dataset having previously observed stack trace templates each representing a stack trace pattern prevailing in stack traces recorded by monitoring stacks of clients executing an allowed code during a connection establishment process for establishing network connections related to the allowed code; receiving a new stack trace recorded during a new connection establishment process for a new network connection by a new client; measuring a similarity between the new stack trace and the plurality of stack trace templates to identify a match to a stack trace template; evaluating the matched stack trace template for a predefined rule requirement; and updating a rule-set database with the matched stack trace template to authenticate new network connection establishments associated with stack templates matching the matched stack trace template.
-
公开(公告)号:EP3225009A1
公开(公告)日:2017-10-04
申请号:EP15813926.1
申请日:2015-11-24
申请人: Ensilo Ltd.
发明人: KATMOR, Roy , BITTON, Tomer , YAVO, Udi , KELSON, Ido
IPC分类号: H04L29/06
CPC分类号: H04L69/161 , H04L63/0236 , H04L63/0263 , H04L63/0281 , H04L63/1416 , H04L63/1441
摘要: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.
摘要翻译: 提供了一种用于检测和防止尝试建立恶意通信的网络连接的计算机实现的方法,包括:检测用于建立网络连接的连接建立过程,所述连接建立过程由运行在客户端上的代码发起; 分析在所述客户端处管理的所述发起代码的至少一个堆栈轨迹中的记录,以检测建立恶意通信的尝试,其中所述网络连接用于恶意活动; 以及当分析检测到基于网络连接建立恶意通信的尝试时阻止建立网络连接。
-
3.发明公开
公开(公告)号:EP3225010A1
公开(公告)日:2017-10-04
申请号:EP15816541.5
申请日:2015-11-24
申请人: Ensilo Ltd.
发明人: KATMOR, Roy , BITTON, Tomer , YAVO, Udi , KELSON, Ido
IPC分类号: H04L29/06
CPC分类号: H04L69/161 , H04L63/0236 , H04L63/0263 , H04L63/0281 , H04L63/1416 , H04L63/1441
摘要: There is provided a computer implemented method for detection and prevention of an attempt at establishment of a network connection for malicious communication, comprising: detecting a connection establishment process for establishing a network connection, the connection establishment process initiated by code running on a client terminal; analyzing records in at least one stack trace of the initiating code managed at the client terminal, to detect a trial to establish a malicious communication wherein the network connection is used for malicious activity; and blocking establishment of the network connection when the analysis detects the trial to establish the malicious communication based on the network connection.
摘要翻译: 提供了一种用于检测和防止尝试建立恶意通信的网络连接的计算机实现的方法,包括:检测用于建立网络连接的连接建立过程,所述连接建立过程由运行在客户端上的代码发起; 分析在所述客户端处管理的所述发起代码的至少一个堆栈轨迹中的记录,以检测建立恶意通信的尝试,其中所述网络连接用于恶意活动; 以及当分析检测到基于网络连接建立恶意通信的尝试时阻止建立网络连接。
-
公开(公告)号:EP3552137A1
公开(公告)日:2019-10-16
申请号:EP17879361.8
申请日:2017-12-11
申请人: Ensilo Ltd.
发明人: YAVO, Udi , BITTON, Tomer , KELSON, Ido , MESSERMAN, Gregory
-
公开(公告)号:EP3387579A1
公开(公告)日:2018-10-17
申请号:EP16778462.8
申请日:2016-09-07
申请人: Ensilo Ltd.
发明人: YAVO, Udi
IPC分类号: G06F21/56
CPC分类号: G06F21/566
摘要: According to an aspect of some embodiments of the present invention there is provided a computer-implemented method for detection of malicious code within runtime generated code executing within a computer, comprising executing on a processor of the computer the acts of: receiving an indication of at least one of the creation and the execution of runtime generated code in a memory of a computer; identifying a match between signature data associated with the runtime generated code and a template signature of a plurality of templates representing authorized source creation modules that created the runtime generated code, the templates stored in a repository on a storage device; and triggering a security process to handle malicious code in the runtime generated code when no match is found.
-
公开(公告)号:EP3373133A1
公开(公告)日:2018-09-12
申请号:EP18159497.9
申请日:2018-03-01
申请人: Ensilo Ltd.
发明人: Yavo, Udi
CPC分类号: G06F21/53 , G06F8/41 , G06F9/45516 , G06F9/4552 , G06F21/563 , G06F2221/033
摘要: A method of securely executing a Just-In-Time (JIT) compiled code in a runtime environment, comprising using one or more processors for receiving from a JIT executing process a request to compile in runtime a code segment, initiating a JIT compiling process to compile the code segment in order to generate an executable code segment, storing the executable code segment in a shared memory and providing to the JIT executing process a pointer to the executable code segment in the shared memory. Wherein the JIT executing process having read-execute access rights to the shared memory and the JIT executing process and the JIT compiling process are different processes.
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.009 秒)
