专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20140181971A1 SYSTEM AND METHOD FOR DETECTING MALWARE THAT INTERFERES WITH THE USER INTERFACE 有权
标题翻译：用于检测与用户界面干扰的恶意软件的系统和方法
公开(公告)号：US20140181971A1
公开(公告)日：2014-06-26
申请号：US13853468
申请日：2013-03-29
申请人： KASPERSKY LAB ZAO
发明人： Ivan I. Tatarinov , Vladislav V. Martynenko , Alexey V. Monastyrsky , Mikhail A. Pavlyushchik , Konstantin V. Sapronov , Yuri G. Slobodyanuk
IPC分类号： G06F21/56
CPC分类号： G06F21/566 , G06F21/316
摘要： System and method for detecting ransomware. A current user behavior pattern is monitored based on user input via a user input device. The user behavior is compared against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module. A current status pattern of the operating system is also monitored. The current status pattern is compared against a reference set of operating system status patterns associated with predefined ransomware behavior. In response to indicia of current user frustration with non-responsiveness of the user interface, and further in response to indicia of the current status pattern having a correlation to the predefined ransomware behavior, an indication of a positive detection of ransomware executing on the computer system is provided.
摘要翻译：用于检测赎金的系统和方法基于通过用户输入设备的用户输入来监视当前用户行为模式。将用户行为与与用户接口模块的非响应性的用户沮丧相关联的参考行为模式进行比较。还监视操作系统的当前状态模式。将当前状态模式与与预定义的ransomware行为相关联的一组参考操作系统状态模式进行比较。响应于当前用户对用户界面的不响应的沮丧的标记，并且还响应于与预定义的ransomware行为具有相关性的当前状态模式的标记，在计算机系统上执行的ransomware的正检测的指示被提供。

2. 发明授权

US09081967B2 System and method for protecting computers from software vulnerabilities 有权
标题翻译：保护计算机免受软件漏洞的系统和方法
公开(公告)号：US09081967B2
公开(公告)日：2015-07-14
申请号：US14077104
申请日：2013-11-11
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： H04L29/06 , G06F21/57 , G06F21/52 , G06F21/12
CPC分类号： G06F21/577 , G06F21/121 , G06F21/52 , H04L63/1433
摘要： Disclosed herein are systems, methods and computer program products for protecting computer systems from software vulnerabilities. In one aspect, a system is configured to detect execution of a software application and determine whether the detected application has vulnerabilities. When the application has vulnerabilities, the system may analyze the application to identify typical actions performed by the application. The system may then create one or more restriction rules based on the identified typical actions of the application. The restriction rules allow application to perform typical actions and block atypical actions. The system then controls execution of the application using the created restriction rules.
摘要翻译：本文公开了用于保护计算机系统免受软件漏洞的系统，方法和计算机程序产品。在一个方面，系统被配置为检测软件应用的执行并确定检测到的应用是否具有漏洞。当应用程序存在漏洞时，系统可以分析应用程序以识别应用程序执行的典型操作。然后，系统可以基于所识别的应用程序的典型动作来创建一个或多个限制规则。限制规则允许应用程序执行典型的操作并阻止非典型操作。然后系统使用创建的限制规则控制应用程序的执行。

3. 发明授权

US08856542B2 System and method for detecting malware that interferes with the user interface 有权
标题翻译：用于检测干扰用户界面的恶意软件的系统和方法
公开(公告)号：US08856542B2
公开(公告)日：2014-10-07
申请号：US13853468
申请日：2013-03-29
申请人： Kaspersky Lab ZAO
发明人： Ivan I. Tatarinov , Vladislav V. Martynenko , Alexey V. Monastyrsky , Mikhail A. Pavlyushchik , Konstantin V. Sapronov , Yuri G. Slobodyanuk
IPC分类号： G06F21/00 , G06F21/56
CPC分类号： G06F21/566 , G06F21/316
摘要： System and method for detecting ransomware. A current user behavior pattern is monitored based on user input via a user input device. The user behavior is compared against a reference set of behavior patterns associated with user frustration with non-responsiveness of the user interface module. A current status pattern of the operating system is also monitored. The current status pattern is compared against a reference set of operating system status patterns associated with predefined ransomware behavior. In response to indicia of current user frustration with non-responsiveness of the user interface, and further in response to indicia of the current status pattern having a correlation to the predefined ransomware behavior, an indication of a positive detection of ransomware executing on the computer system is provided.
摘要翻译：用于检测赎金的系统和方法基于通过用户输入设备的用户输入来监视当前用户行为模式。将用户行为与与用户接口模块的非响应性的用户沮丧相关联的参考行为模式进行比较。还监视操作系统的当前状态模式。将当前状态模式与与预定义的ransomware行为相关联的一组参考操作系统状态模式进行比较。响应于当前用户对用户界面的不响应的沮丧的标记，并且还响应于与预定义的ransomware行为具有相关性的当前状态模式的标记，在计算机系统上执行的ransomware的正检测的指示被提供。

4. 发明授权

US08650650B1 System and method for selecting synchronous or asynchronous file access method during antivirus analysis 有权
标题翻译：在防病毒分析期间选择同步或异步文件访问方法的系统和方法
公开(公告)号：US08650650B1
公开(公告)日：2014-02-11
申请号：US13841116
申请日：2013-03-15
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F11/00
CPC分类号： G06F21/562
摘要： Disclosed are systems, methods and computer program products for performing antivirus analysis of a file. Particularly, antivirus software detects an attempt to execute a file on a computer and collects information about current file attributes. The software retrieves information about old file attributes. The software then compares current file attributes with the old file attributes to determine whether the file has been modified. When the file is determined to be modified, the software synchronously accesses the file to perform antivirus analysis thereof. During the synchronous access of the file, one or more other programs are prohibited from accessing the analyzed file. When the file is determined to be unmodified, the software asynchronously accesses the file. During the asynchronous access of the file one or more of the other programs are allowed to access the analyzed file.
摘要翻译：公开了用于对文件执行防病毒分析的系统，方法和计算机程序产品。特别地，防病毒软件检测到在计算机上执行文件的尝试并收集关于当前文件属性的信息。软件检索有关旧文件属性的信息。然后，软件将当前文件属性与旧文件属性进行比较，以确定文件是否已被修改。当确定文件被修改时，软件同步地访问文件以对其进行防病毒分析。在文件的同步访问期间，禁止一个或多个其他程序访问分析的文件。当文件被确定为未修改时，软件异步访问该文件。在文件的异步访问期间，允许一个或多个其他程序访问分析的文件。

5. 发明授权

US08990934B2 Automated protection against computer exploits 有权
标题翻译：自动防护计算机漏洞
公开(公告)号：US08990934B2
公开(公告)日：2015-03-24
申请号：US13648863
申请日：2012-10-10
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F11/00 , G06F21/00
CPC分类号： G06F21/00 , G06F21/554 , G06F21/78
摘要： Protection of a computer system against exploits. A computer system has a memory access control arrangement in which at least write and execute privileges are enforced for allocated portions of memory. An association of the process thread and the first portion of memory is recorded. A limited access regime in which one of the write and execute privileges is disabled, is established, and is monitored for any exceptions occurring due to attempted writing or execution in violation thereof. In response to the exception being determined as a write exception, the associated process thread is looked up, and analyzed for a presence of malicious code. In response to the exception type being determined as an execute exception, the first portion of memory is analyzed for a presence of malicious code. In response to detection of a presence of malicious code, execution of the malicious code is prevented.
摘要翻译：保护计算机系统免受攻击。计算机系统具有存储器访问控制装置，其中至少对分配的存储器部分执行写入和执行特权。记录处理线程与存储器的第一部分的关联。写入和执行特权之一被禁用的有限访问机制被建立，并且由于尝试写入或执行违反而发生的任何异常被监视。响应于异常被确定为写入异常，查找关联的进程线程并分析恶意代码的存在。响应于异常类型被确定为执行异常，分析存储器的第一部分是否存在恶意代码。响应于检测到恶意代码的存在，防止了恶意代码的执行。

6. 发明授权

US08713631B1 System and method for detecting malicious code executed by virtual machine 有权
标题翻译：用于检测由虚拟机执行的恶意代码的系统和方法
公开(公告)号：US08713631B1
公开(公告)日：2014-04-29
申请号：US13767391
申请日：2013-02-14
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F21/53 , G06F9/455
CPC分类号： G06F21/566
摘要： Protection against a malicious set of program instructions (e.g., a malicious program) executable by a process virtual machine. The program instructions of process virtual machine are augmented to establish an exception monitoring module within the process virtual machine. When the process virtual machine executes a subject set of program instructions, the exception monitoring module detects a security policy violation exception occurring as a result. In response thereto, the exception monitoring module gathers context information representing circumstances surrounding the occurrence of the exception, and provides the context information for analysis of a presence of malicious code. The exception monitoring module determines, based on a result of the analysis, whether to permit further execution of the subject set of program instructions by the process virtual machine.
摘要翻译：防止可由进程虚拟机执行的恶意程序指令集（例如，恶意程序）。增加了进程虚拟机的程序指令，以在进程虚拟机内建立一个异常监视模块。当进程虚拟机执行主题程序指令集时，异常监视模块检测到结果发生的安全策略违例异常。作为响应，异常监视模块收集表示围绕异常发生的环境的上下文信息，并且提供用于分析恶意代码的存在的上下文信息。异常监视模块基于分析的结果来确定是否允许进程虚拟机进一步执行主题程序指令集。

7. 发明授权

US08646084B1 Securing file launch activity utilizing safety ratings 有权
标题翻译：使用安全评级保护文件启动活动
公开(公告)号：US08646084B1
公开(公告)日：2014-02-04
申请号：US13720311
申请日：2012-12-19
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik , Alexey V. Monastyrsky
IPC分类号： H04L29/06
CPC分类号： H04L63/1441
摘要： System and method for assessing a risk level associated with launching acquired objects on an associated computer system. Events occurring on the computer system are detected, including an event representing launching of a first object. An association of a detected launching of the first object with user input effecting that launching, if any, is stored. In response to a launching of the first object, a determination is made as to whether an association exists between the launching, and any user input initiating that launching. A risk assessment record is updated for the first object such that, in response to the launching of the first object being either associated or not associated with user input initiating that launching, the risk assessment record is updated to reduce an indicated risk level for the first object, or to increase the indicated risk level for the first object, respectively.
摘要翻译：用于评估与在相关联的计算机系统上发射所获取的对象相关联的风险级别的系统和方法。检测到在计算机系统上发生的事件，包括表示启动第一对象的事件。检测到的第一个对象的启动与用户输入的关联，影响存储启动（如果有的话）。响应于第一个对象的启动，确定在启动和启动该启动的任何用户输入之间是否存在关联。对第一对象更新风险评估记录，使得响应于第一对象的启动与启动该启动的用户输入相关联或不相关联，风险评估记录被更新以减少第一对象的指示风险级别对象，或分别增加第一个对象的指示风险水平。

8. 发明申请

US20130227680A1 AUTOMATED PROTECTION AGAINST COMPUTER EXPLOITS 有权
标题翻译：自动防护计算机开发
公开(公告)号：US20130227680A1
公开(公告)日：2013-08-29
申请号：US13648863
申请日：2012-10-10
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F21/00
CPC分类号： G06F21/00 , G06F21/554 , G06F21/78
摘要： Protection of a computer system against exploits. A computer system has a memory access control arrangement in which at least write and execute privileges are enforced for allocated portions of memory. An association of the process thread and the first portion of memory is recorded. A limited access regime in which one of the write and execute privileges is disabled, is established, and is monitored for any exceptions occurring due to attempted writing or execution in violation thereof. In response to the exception being determined as a write exception, the associated process thread is looked up, and analyzed for a presence of malicious code. In response to the exception type being determined as an execute exception, the first portion of memory is analyzed for a presence of malicious code. In response to detection of a presence of malicious code, execution of the malicious code is prevented.
摘要翻译：保护计算机系统免受攻击。计算机系统具有存储器访问控制装置，其中至少对分配的存储器部分执行写入和执行特权。记录处理线程与存储器的第一部分的关联。写入和执行特权之一被禁用的有限访问机制被建立，并且由于尝试写入或执行违反而发生的任何异常被监视。响应于异常被确定为写入异常，查找关联的进程线程并分析恶意代码的存在。响应于异常类型被确定为执行异常，分析存储器的第一部分是否存在恶意代码。响应于检测到恶意代码的存在，防止了恶意代码的执行。

9. 发明授权

US09336390B2 Selective assessment of maliciousness of software code executed in the address space of a trusted process 有权
标题翻译：选择性评估在受信任进程的地址空间中执行的软件代码的恶意性
公开(公告)号：US09336390B2
公开(公告)日：2016-05-10
申请号：US13938966
申请日：2013-07-10
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F21/00 , H04L29/06 , G06F21/56
CPC分类号： G06F21/566 , H04L63/1416 , H04L63/1441
摘要： System and method for detection of malicious code injected into processes associated with known programs. Execution of processes in a computer system is monitored. From among the processes being monitored, only certain processes are selected for tracking. For each of the processes selected, function calls made by threads of the process are tracked. From among the tracked function calls, only those function calls which are critical function calls are identified. For each identified critical function call, program instructions that caused the critical function call are subjected to analysis to assess their maliciousness.
摘要翻译：用于检测注入与已知程序相关联的进程的恶意代码的系统和方法。监视计算机系统中的进程的执行。从被监控的进程中，仅选择某些进程进行跟踪。对于所选择的每个进程，跟踪进程的线程进行的函数调用。从跟踪的函数调用中，仅识别那些是关键函数调用的函数调用。对于每个确定的关键功能调用，导致关键功能调用的程序指令进行分析，以评估其恶意性。

10. 发明申请

US20150047046A1 System and Method for Protecting Computers from Software Vulnerabilities 有权
标题翻译：保护计算机免受软件漏洞的系统和方法
公开(公告)号：US20150047046A1
公开(公告)日：2015-02-12
申请号：US14077104
申请日：2013-11-11
申请人： Kaspersky Lab ZAO
发明人： Mikhail A. Pavlyushchik
IPC分类号： G06F21/57 , G06F21/52
CPC分类号： G06F21/577 , G06F21/121 , G06F21/52 , H04L63/1433
摘要： Disclosed herein are systems, methods and computer program products for protecting computer systems from software vulnerabilities. In one aspect, a system is configured to detect execution of a software application and determine whether the detected application has vulnerabilities. When the application has vulnerabilities, the system may analyze the application to identify typical actions performed by the application. The system may then create one or more restriction rules based on the identified typical actions of the application. The restriction rules allow application to perform typical actions and block atypical actions. The system then controls execution of the application using the created restriction rules.
摘要翻译：本文公开了用于保护计算机系统免受软件漏洞的系统，方法和计算机程序产品。在一个方面，系统被配置为检测软件应用的执行并且确定检测到的应用是否具有漏洞。当应用程序存在漏洞时，系统可以分析应用程序以识别应用程序执行的典型操作。然后，系统可以基于所识别的应用程序的典型动作来创建一个或多个限制规则。限制规则允许应用程序执行典型的操作并阻止非典型操作。然后系统使用创建的限制规则控制应用程序的执行。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式