-
1.发明授权System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system 有权通过内核法务行为监控和后端信誉系统主动检测恶意软件设备驱动程序的系统和方法公开(公告)号:US09147071B2
公开(公告)日:2015-09-29
申请号:US12840032
申请日:2010-07-20
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F21/564 , G06F2221/2115
摘要: A method for detecting malware device drivers includes the steps of identifying one or more device drivers loaded on an electronic device, analyzing the device drivers to determine suspicious device drivers, accessing information about the suspicious device drivers in a reputation system, and evaluating whether the suspicious device driver include malware. The suspicious device drivers are not recognized as not including malware. The reputation system is configured to store information about suspicious device drivers. The evaluation is based upon historical data regarding the suspicious device driver.
摘要翻译: 用于检测恶意软件设备驱动程序的方法包括以下步骤:识别加载在电子设备上的一个或多个设备驱动程序,分析设备驱动程序以确定可疑设备驱动程序,访问信誉系统中的可疑设备驱动程序的信息,以及评估可疑 设备驱动程序包括恶意软件。 可疑设备驱动程序不被识别为不包括恶意软件。 声誉系统配置为存储有关可疑设备驱动程序的信息。 评估是基于有关可疑设备驱动程序的历史数据。
-
2.发明授权System and method for below-operating system trapping of driver loading and unloading 有权用于驾驶员装卸的低于操作系统的系统和方法公开(公告)号:US08966629B2
公开(公告)日:2015-02-24
申请号:US13076512
申请日:2011-03-31
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F21/566
摘要: A system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access of one or more resources of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, operate at a level below all of the operating systems of the electronic device accessing the one or more resources. The attempted access includes an attempted loading or unloading of a driver in the operating system.
摘要翻译: 用于保护电子设备免受恶意软件的系统包括存储器,被配置为在电子设备上执行的操作系统以及操作系统以下的安全代理。 操作系统安全代理被配置为捕获对操作系统的一个或多个资源的尝试访问,访问一个或多个安全规则以确定尝试的访问是否指示恶意软件,在低于所有 电子设备的操作系统访问一个或多个资源。 尝试的访问包括在操作系统中尝试加载或卸载驱动程序。
-
3.发明授权System and method for below-operating system trapping and securing of interdriver communication 有权用于操作系统陷阱和确保交换机通讯的系统和方法公开(公告)号:US08959638B2
公开(公告)日:2015-02-17
申请号:US13075072
申请日:2011-03-29
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F21/566
摘要: In one embodiment, a system for protecting an electronic device against malware includes a memory, an operating system configured to execute on the electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to trap an attempted access by a first driver of the operating system of a second driver of the electronic device, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic device accessing the second driver.
摘要翻译: 在一个实施例中,用于保护电子设备免受恶意软件的系统包括存储器,被配置为在电子设备上执行的操作系统以及操作系统以下的安全代理。 操作系统安全代理被配置为捕获电子设备的第二驱动程序的操作系统的第一驱动程序的尝试访问,访问一个或多个安全规则以确定尝试的访问是否指示恶意软件,以及 操作在低于访问第二驱动器的电子设备的所有操作系统的水平以下。
-
公开(公告)号:US08863283B2
公开(公告)日:2014-10-14
申请号:US13077305
申请日:2011-03-31
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F21/52 , G06F21/554
摘要: In one embodiment, a system for securing access to system calls includes a memory, an operating system configured to execute on an electronic device, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources associated with a system call for which attempted accesses will be trapped, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is authorized, and operate at a level below all of the operating systems of the electronic device accessing the one or more resources associated with a system call.
摘要翻译: 在一个实施例中,用于保护对系统呼叫的访问的系统包括存储器,被配置为在电子设备上执行的操作系统以及操作系统以下的安全代理。 操作系统安全代理被配置为识别与系统呼叫相关联的一个或多个资源,对于尝试的访问将被捕获,捕获来自操作系统的操作级别的一个或多个资源的尝试访问, 访问一个或多个安全规则以确定所尝试的访问是否被授权,并且在低于访问与系统呼叫相关联的一个或多个资源的电子设备的所有操作系统以下的级别操作。
-
5.发明授权Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation 有权用于通过云扫描和网络信誉检测连接到网络目的地的恶意软件的方法和系统公开(公告)号:US08819826B2
公开(公告)日:2014-08-26
申请号:US12694988
申请日:2010-01-27
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: H04L63/145 , G06F21/56 , G06F21/564 , G06F21/566 , G06F2221/2101 , H04L63/126 , H04L63/1416
摘要: A method for detecting malware includes the steps of identifying a one or more open network connections of an electronic device, associating one or more executable objects on the electronic device with the one or more open network connections of the electronic device, determining the address of a first network destination that is connected to the open network connections of the electronic device, receiving an evaluation of the first network destination, and identifying one or more of the executable objects as malware executable objects. The evaluation includes an indication that the first network destination is associated with malware. The malware executable objects includes the executable objects that are associated with the open network connections that are connected to the first network destination.
摘要翻译: 用于检测恶意软件的方法包括以下步骤:识别电子设备的一个或多个开放网络连接,将电子设备上的一个或多个可执行对象与电子设备的一个或多个开放网络连接相关联,确定电子设备的地址 连接到电子设备的开放网络连接的第一网络目的地,接收第一网络目的地的评估,以及将一个或多个可执行对象识别为恶意软件可执行对象。 评估包括第一网络目的地与恶意软件相关联的指示。 恶意软件可执行对象包括与连接到第一网络目的地的开放网络连接相关联的可执行对象。
-
公开(公告)号:US08650641B2
公开(公告)日:2014-02-11
申请号:US13075101
申请日:2011-03-29
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
IPC分类号: G06F21/00
摘要: A system for protecting an electronic system against malware includes an operating system configured to execute on the electronic device, a driver coupled to the operating system, and a below-operating-system security agent. The below-operating-system security agent is configured to identify one or more resources for changing filters of the driver, trap an attempted access of the one or more resources that originates from the operational level of the operating system, access one or more security rules to determine whether the attempted access is indicative of malware, and operate at a level below all of the operating systems of the electronic system accessing the one or more resources for changing filters of the driver.
-
7.发明申请SYSTEM AND METHOD FOR BELOW-OPERATING SYSTEM REPAIR OF RELATED MALWARE-INFECTED THREADS AND RESOURCES 审中-公开相关恶意软件的线程和资源的下列操作系统修复的系统和方法公开(公告)号:US20120255014A1
公开(公告)日:2012-10-04
申请号:US13074947
申请日:2011-03-29
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
IPC分类号: G06F21/00
CPC分类号: G06F21/564 , G06F21/554
摘要: A security agent may be configured to: (i) execute on an electronic device at a level below all of the operating systems of the electronic device accessing a memory or processor resources of the electronic device; (ii) trap attempted accesses to the memory or the processor resources associated with function calls for thread synchronization objects associated with creation, suspension, or termination of one thread by another thread; (iii) in response to trapping each attempted access, record information associated with the attempted access in a history, the information including one or more identities of threads associated with the attempted access; (iv) determine whether a particular thread is affected by malware; and (iv) in response to a determining that the particular thread is affected by malware, analyze information in the history associated with the particular memory location or processor resource to determine one or more threads related to the particular thread.
摘要翻译: 安全代理可以被配置为:(i)在电子设备的低于电子设备的所有操作系统的电平下执行访问电子设备的存储器或处理器资源的级别; (ii)捕获对与由另一个线程创建,暂停或终止一个线程相关联的线程同步对象的与存储器或与功能调用相关联的处理器资源的尝试; (iii)响应于捕获每个尝试的访问,记录与历史中的尝试访问相关联的信息,所述信息包括与所尝试的访问相关联的一个或多个线索身份; (iv)确定某个线程是否受到恶意软件的影响; 以及(iv)响应于确定特定线程受到恶意软件的影响,分析与特定存储器位置或处理器资源相关联的历史中的信息以确定与特定线程相关的一个或多个线程。
-
8.发明申请SYSTEM AND METHOD FOR PROTECTING AND SECURING STORAGE DEVICES USING BELOW-OPERATING SYSTEM TRAPPING 有权使用下面的操作系统进行保护和保护存储设备的系统和方法公开(公告)号:US20120254982A1
公开(公告)日:2012-10-04
申请号:US13075049
申请日:2011-03-29
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
IPC分类号: G06F21/00
CPC分类号: G06F21/564 , G06F21/566
摘要: In one embodiment, a system for securing a storage device includes an electronic device comprising a processor, a storage device communicatively coupled to the processor, and a security agent. The security agent is configured to execute at a level below all of the operating systems of the electronic device, intercept a request to access the storage device, identify a requesting entity responsible for initiating the request, and utilize one or more security rules to determine if the request from the requesting entity is authorized. In some embodiments, the security agent is configured to determine whether the request involves a protected area of the storage device. If the request involves a protected area of the storage device, the security agent may be configured to allow the request if the requesting entity is authorized to access the protected area of the storage device.
摘要翻译: 在一个实施例中,用于保护存储设备的系统包括电子设备,其包括处理器,通信地耦合到处理器的存储设备和安全代理。 安全代理被配置为在电子设备的所有操作系统以下的级别执行,拦截访问存储设备的请求,识别负责发起请求的请求实体,并利用一个或多个安全规则来确定是否 来自请求实体的请求被授权。 在一些实施例中,安全代理被配置为确定请求是否涉及存储设备的保护区域。 如果请求涉及存储设备的保护区域,则安全代理可以被配置为如果请求实体被授权访问存储设备的保护区域,则允许该请求。
-
9.发明申请SYSTEM AND METHOD FOR PROACTIVE DETECTION OF MALWARE DEVICE DRIVERS VIA KERNEL FORENSIC BEHAVIORAL MONITORING AND A BACK-END REPUTATION SYSTEM 有权通过KERNEL威胁行为监测和后端信号系统对恶意软元件驱动器进行主动检测的系统和方法公开(公告)号:US20120023583A1
公开(公告)日:2012-01-26
申请号:US12840032
申请日:2010-07-20
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F21/564 , G06F2221/2115
摘要: A method for detecting malware device drivers includes the steps of identifying one or more device drivers loaded on an electronic device, analyzing the device drivers to determine suspicious device drivers, accessing information about the suspicious device drivers in a reputation system, and evaluating whether the suspicious device driver include malware. The suspicious device drivers are not recognized as not including malware. The reputation system is configured to store information about suspicious device drivers. The evaluation is based upon historical data regarding the suspicious device driver.
摘要翻译: 用于检测恶意软件设备驱动程序的方法包括以下步骤:识别加载在电子设备上的一个或多个设备驱动程序,分析设备驱动程序以确定可疑设备驱动程序,访问信誉系统中的可疑设备驱动程序的信息,以及评估可疑 设备驱动程序包括恶意软件。 可疑设备驱动程序不被识别为不包括恶意软件。 声誉系统配置为存储有关可疑设备驱动程序的信息。 评估是基于有关可疑设备驱动程序的历史数据。
-
10.发明授权System and method for securing memory and storage of an electronic device with a below-operating system security agent 有权用于利用低于操作系统的安全代理来确保电子设备的存储和存储的系统和方法公开(公告)号:US09262246B2
公开(公告)日:2016-02-16
申请号:US13077270
申请日:2011-03-31
申请人: Ahmed Said Sallam
发明人: Ahmed Said Sallam
CPC分类号: G06F11/00 , G06F12/14 , G06F21/554 , G06F21/566
摘要: A security agent configured to execute on the electronic device at a level below all of the operating systems of the electronic device accessing the memory or a storage of the electronic device may be further configured to: (i) access one or more security rules to determine a criteria by which an attempted access involving a transfer of content between the memory and the storage of an electronic device will be trapped; (ii) if the criteria is met, trap, at a level below all of the operating systems of the electronic device, attempted access of data between memory and storage of an electronic device; and (iii) analyze, at a level below all of the operating systems of the electronic device, information associated with the attempted access to determine if the attempted access was affected by malware
摘要翻译: 配置为在电子设备上执行的安全代理可以在访问存储器的电子设备的所有操作系统或电子设备的存储器以下的级别执行,还可以被配置为:(i)访问一个或多个安全规则以确定 涉及在存储器和电子设备的存储之间的内容传送的尝试访问的标准将被捕获; (ii)如果符合标准,则在电子设备的所有操作系统以下的级别陷阱尝试访问存储器和存储电子设备之间的数据; 和(iii)在低于电子设备的所有操作系统的一级下分析与尝试访问相关联的信息,以确定尝试的访问是否受到恶意软件的影响
-
-
-
-
-
-
-
-
-
搜索结果
64 条记录 (耗时 0.037 秒)
