利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

5 条记录 (耗时 0.014 秒)

    Method and apparatus for modeling computer program behaviour for behavioural detection of malicious program
    1.
    发明授权
    Method and apparatus for modeling computer program behaviour for behavioural detection of malicious program 有权
    用于建模计算机程序行为的方法和装置,用于恶意程序的行为检测

    公开(公告)号:US08713680B2

    公开(公告)日:2014-04-29

    申请号:US12106144

    申请日:2008-04-18

    申请人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    发明人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    IPC分类号: H04L29/06 G06F21/55

    CPC分类号: G06F21/55 G06F21/552 G06F21/57

    摘要: A method and apparatus for modeling a behavior of a computer program that is executed in a computer system is described. The method and apparatus for modeling a behavior of a computer program may be used to detect a malicious program based on the behavior of the computer program. A method includes collecting system use information about resources of the computer system the computer program uses; extracting a behavior signature of the computer program from the collected system use information; and encoding the extracted behavior signature to generate a behavior vector. As a result, behaviors of a particular computer program may be modeled to enable a malicious program detection program and to determine whether the computer program is either normal or malicious.

    摘要翻译: 描述了用于对在计算机系统中执行的计算机程序的行为进行建模的方法和装置。 用于对计算机程序的行为建模的方法和装置可以用于基于计算机程序的行为来检测恶意程序。 一种方法包括收集关于计算机程序使用的计算机系统的资源的系统使用信息; 从收集的系统使用信息中提取计算机程序的行为签名; 并对所提取的行为签名进行编码以生成行为向量。 因此,可以对特定计算机程序的行为进行建模以实现恶意程序检测程序并确定计算机程序是正常还是恶意。

    Apparatus and method for detection of malicious program using program behavior
    2.
    发明授权
    Apparatus and method for detection of malicious program using program behavior 有权
    使用程序行为检测恶意程序的装置和方法

    公开(公告)号:US08245295B2

    公开(公告)日:2012-08-14

    申请号:US12099649

    申请日:2008-04-08

    申请人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    发明人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    IPC分类号: H04L29/06 G06F11/00 G06F12/14 G06F12/16 G06F21/00 G08B23/00 H04L9/32

    CPC分类号: G06F21/552 G06F21/55 G06F21/56

    摘要: An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

    摘要翻译: 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法,更具体地,涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法,以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元,其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元,其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元,其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。

    APPARATUS AND METHOD FOR DETECTION OF MALICIOUS PROGRAM USING PROGRAM BEHAVIOR
    3.
    发明申请
    APPARATUS AND METHOD FOR DETECTION OF MALICIOUS PROGRAM USING PROGRAM BEHAVIOR 有权
    使用程序行为检测恶意程序的装置和方法

    公开(公告)号:US20090049549A1

    公开(公告)日:2009-02-19

    申请号:US12099649

    申请日:2008-04-08

    申请人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    发明人: Taejoon Park Kang Geun Shin Xin Hu Abhijit Bose

    IPC分类号: G06F11/30 G06F7/04

    CPC分类号: G06F21/552 G06F21/55 G06F21/56

    摘要: An apparatus and method of diagnosing whether a computer program executed in a computer system is a malicious program and more particularly, an apparatus and method of diagnosing whether a computer program is a malicious program using a behavior of a computer program, and an apparatus and method of generating malicious code diagnostic data is provided. The apparatus for diagnosing a malicious code may include a behavior vector generation unit which generates a first behavior vector based on a behavior signature extracted from a diagnostic target program; a diagnostic data storage unit which stores a plurality of second behavior vectors for a plurality of sample programs predetermined to be malicious or normal; and a code diagnostic unit which diagnoses whether the diagnostic target program is a malicious code by comparing the first behavior vector with the plurality of second behavior vectors.

    摘要翻译: 一种用于诊断在计算机系统中执行的计算机程序是否是恶意程序的装置和方法,更具体地,涉及使用计算机程序的行为来诊断计算机程序是恶意程序的装置和方法,以及装置和方法 提供了生成恶意代码诊断数据。 用于诊断恶意代码的装置可以包括行为向量生成单元,其基于从诊断目标程序提取的行为签名来生成第一行为向量; 诊断数据存储单元,其存储预定为恶意或正常的多个样本程序的多个第二行为向量; 以及代码诊断单元,其通过将所述第一行为向量与所述多个第二行为向量进行比较来诊断所述诊断对象程序是否是恶意代码。

    APPARATUS AND METHOD FOR REPAIRING COMPUTER SYSTEM INFECTED BY MALWARE
    4.
    发明申请
    APPARATUS AND METHOD FOR REPAIRING COMPUTER SYSTEM INFECTED BY MALWARE 有权
    用于修复恶意软件感染的计算机系统的装置和方法

    公开(公告)号:US20090031162A1

    公开(公告)日:2009-01-29

    申请号:US12056236

    申请日:2008-03-26

    申请人: Abhijit BOSE Taejoon Park Kang Geun Shin Xin Hu

    发明人: Abhijit BOSE Taejoon Park Kang Geun Shin Xin Hu

    IPC分类号: G06F11/00

    CPC分类号: G06F21/568 G06F21/566

    摘要: An apparatus and method of diagnosing whether a program executed in a computer system is malware and repairing the computer system infected by malware. The apparatus includes a receiving unit which receives a first behavior vector for the malware from a malware control server; a determination unit which determines whether a diagnostic target program corresponds to malware based on the received first behavior vector and a second behavior vector for the diagnostic target program; and a repair unit which repairs the computer system based on a result of the determination.A behavior of a computer program executed in the computer system may be modeled in real time.

    摘要翻译: 诊断在计算机系统中执行的程序是否是恶意软件并修复被恶意软件感染的计算机系统的装置和方法。 该装置包括从恶意软件控制服务器接收恶意软件的第一行为向量的接收单元; 确定单元,其基于所接收的第一行为向量和用于诊断目标程序的第二行为向量来确定诊断目标程序是否对应​​于恶意软件; 以及基于确定结果修复计算机系统的修理单元。 计算机系统中执行的计算机程序的行为可以被实时建模。

    Apparatus and method for repairing computer system infected by malware
    5.
    发明授权
    Apparatus and method for repairing computer system infected by malware 有权
    用于修复受恶意软件感染的计算机系统的装置和方法

    公开(公告)号:US08448248B2

    公开(公告)日:2013-05-21

    申请号:US12056236

    申请日:2008-03-26

    申请人: Abhijit Bose Taejoon Park Kang Geun Shin Xin Hu

    发明人: Abhijit Bose Taejoon Park Kang Geun Shin Xin Hu

    IPC分类号: G06F11/00

    CPC分类号: G06F21/568 G06F21/566

    摘要: An apparatus and method of diagnosing whether a program executed in a computer system is malware and repairing the computer system infected by malware. The apparatus includes a receiving unit which receives a first behavior vector for the malware from a malware control server; a determination unit which determines whether a diagnostic target program corresponds to malware based on the received first behavior vector and a second behavior vector for the diagnostic target program; and a repair unit which repairs the computer system based on a result of the determination.A behavior of a computer program executed in the computer system may be modeled in real time.

    摘要翻译: 诊断在计算机系统中执行的程序是否是恶意软件并修复被恶意软件感染的计算机系统的装置和方法。 该装置包括从恶意软件控制服务器接收恶意软件的第一行为向量的接收单元; 确定单元,其基于所接收的第一行为向量和用于诊断目标程序的第二行为向量来确定诊断目标程序是否对应​​于恶意软件; 以及基于确定结果修复计算机系统的修理单元。 计算机系统中执行的计算机程序的行为可以被实时建模。