Some content of this application is unavailable at the moment.
If this situation persists, please contact us atFeedback&Contact
1. (WO2017112202) MONITORING FOR ZERO-DAY ATTACK
Latest bibliographic data on file with the International Bureau

Pub. No.: WO/2017/112202 International Application No.: PCT/US2016/062988
Publication Date: 29.06.2017 International Filing Date: 21.11.2016
IPC:
G06F 21/56 (2013.01) ,G06F 21/53 (2013.01)
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55
Detecting local intrusion or implementing counter-measures
56
Computer malware detection or handling, e.g. anti-virus arrangements
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52
during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
53
by executing in a restricted environment, e.g. sandbox or secure virtual machine
Applicants:
MCAFEE, LLC [US/US]; 2821 Mission College Boulevard Santa Clara, California 95054-1838, US
Inventors:
SAHITA, Ravi; US
LI, Xiaoning; US
LU, Lixin; US
DENG, Lu; US
SHEPSEN, Alexander; US
XU, Xiang; US
HUANG, Liangjun; US
LIU, Hua; US
HUANG, Kai; US
Agent:
GUPTA, Rishi; US
Priority Data:
14/757,97924.12.2015US
Title (EN) MONITORING FOR ZERO-DAY ATTACK
(FR) SURVEILLANCE POUR UNE ATTAQUE DU JOUR ZÉRO
Abstract:
(EN) Embodiments are directed to hooking a call for a malware monitoring logic into a JavaScript API engine interpreter. Upon JavaScript being placed into heap memory, the malware monitoring logic can initiate an evaluation or analysis of the heap spray to determine whether the JavaScript includes malware or other malicious agents prior to execution of the JavaScript shell code. Upon execution of the JavaScript within the sandbox, the malware monitoring logic can initiate monitoring of the JavaScript using malware analysis and/or execution profiling techniques. Inferences can be made of the presence of malware based on a start and end time of the JavaScript execution.
(FR) Des modes de réalisation de l'invention concernent un accrochage d'un appel pour une logique de surveillance de logiciel malveillant dans un interprète de moteur d'API JavaScript. Après le placement de JavaScript dans une mémoire tas, la logique de surveillance de logiciel malveillant peut déclencher une évaluation ou une analyse de la projection de tas pour déterminer si le JavaScript contient un logiciel malveillant ou d'autres agents malveillants avant l'exécution du code d'enveloppe JavaScript. Après l'exécution du JavaScript dans le bac à sable, la logique de surveillance de logiciel malveillant peut déclencher la surveillance du JavaScript en utilisant une analyse de logiciel malveillant et/ou des techniques de profilage d'exécution. Des inférences peuvent être déduites de la présence d'un logiciel malveillant en fonction d'un temps de début et de fin de l'exécution JavaScript.
front page image
Designated States: AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JP, KE, KG, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW
African Regional Intellectual Property Organization (ARIPO) (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Organization (AM, AZ, BY, KG, KZ, RU, TJ, TM)
European Patent Office (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG)
Publication Language: English (EN)
Filing Language: English (EN)