[go: up one dir, main page]

WO2024163492A3 - Web analyzer engine for identifying security-related threats - Google Patents

Web analyzer engine for identifying security-related threats Download PDF

Info

Publication number
WO2024163492A3
WO2024163492A3 PCT/US2024/013577 US2024013577W WO2024163492A3 WO 2024163492 A3 WO2024163492 A3 WO 2024163492A3 US 2024013577 W US2024013577 W US 2024013577W WO 2024163492 A3 WO2024163492 A3 WO 2024163492A3
Authority
WO
WIPO (PCT)
Prior art keywords
analysis
objects
analysis platform
security
threat analysis
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2024/013577
Other languages
French (fr)
Other versions
WO2024163492A2 (en
Inventor
Bryan Burns
Michael Horn
Steven Thomas JACKSON
William Metcalf
Jason Williams
Gregory Lee Wittel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Splunk Inc
Original Assignee
Splunk Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US18/162,640 external-priority patent/US12483588B2/en
Priority claimed from US18/162,645 external-priority patent/US12393688B2/en
Priority claimed from US18/162,649 external-priority patent/US12417286B2/en
Application filed by Splunk Inc filed Critical Splunk Inc
Publication of WO2024163492A2 publication Critical patent/WO2024163492A2/en
Publication of WO2024163492A3 publication Critical patent/WO2024163492A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Techniques are described for providing a threat analysis platform capable of automating actions performed to analyze security-related threats affecting IT environments. Users or applications can submit objects (e.g., URLs, files, etc.) for analysis by the threat analysis platform. Once submitted, the threat analysis platform routes the objects to dedicated engines that can perform static and dynamic analysis processes to determine a likelihood that an object is associated with malicious activity such as phishing attacks, malware, or other types of security threats. The automated actions performed by the threat analysis platform can include, for example, navigating to submitted URLs and recording activity related to accessing the corresponding resource, analyzing files and documents by extracting text and metadata, extracting and emulating execution of embedded macro source code, performing optical character recognition (OCR) and other types of image analysis, submitting objects to third-party security services for analysis, among many other possible actions.
PCT/US2024/013577 2023-01-31 2024-01-30 Web analyzer engine for identifying security-related threats Ceased WO2024163492A2 (en)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US18/162,640 US12483588B2 (en) 2023-01-31 2023-01-31 Web analyzer engine for identifying security-related threats
US18/162,645 2023-01-31
US18/162,649 2023-01-31
US18/162,640 2023-01-31
US18/162,645 US12393688B2 (en) 2023-01-31 2023-01-31 File analysis engines for identifying security-related threats
US18/162,649 US12417286B2 (en) 2023-01-31 2023-01-31 Automated attack chain following by a threat analysis platform

Publications (2)

Publication Number Publication Date
WO2024163492A2 WO2024163492A2 (en) 2024-08-08
WO2024163492A3 true WO2024163492A3 (en) 2024-09-19

Family

ID=90364026

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2024/013577 Ceased WO2024163492A2 (en) 2023-01-31 2024-01-30 Web analyzer engine for identifying security-related threats

Country Status (1)

Country Link
WO (1) WO2024163492A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119106158A (en) * 2024-08-29 2024-12-10 北京长擎软件有限公司 A document compliance detection tool, method of use, device, medium and product

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369280A (en) * 2008-10-10 2009-02-18 深圳市茁壮网络技术有限公司 Method and device for web page browsing in digital television terminal
US9501643B1 (en) * 2015-09-30 2016-11-22 AO Kaspersky Lab Systems and methods for detecting malicious executable files containing an interpreter by combining emulators
RU2622870C2 (en) * 2015-11-17 2017-06-20 Общество с ограниченной ответственностью "САЙТСЕКЬЮР" System and method for evaluating malicious websites
US20200252428A1 (en) * 2018-12-21 2020-08-06 Fireeye, Inc. System and method for detecting cyberattacks impersonating legitimate sources
US10904286B1 (en) * 2017-03-24 2021-01-26 Fireeye, Inc. Detection of phishing attacks using similarity analysis
US20210203692A1 (en) * 2019-12-27 2021-07-01 Paypal, Inc. Phishing detection using uniform resource locators
US11222112B1 (en) * 2021-02-24 2022-01-11 Netskope, Inc. Signatureless detection of malicious MS office documents containing advanced threats in macros

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101369280A (en) * 2008-10-10 2009-02-18 深圳市茁壮网络技术有限公司 Method and device for web page browsing in digital television terminal
US9501643B1 (en) * 2015-09-30 2016-11-22 AO Kaspersky Lab Systems and methods for detecting malicious executable files containing an interpreter by combining emulators
RU2622870C2 (en) * 2015-11-17 2017-06-20 Общество с ограниченной ответственностью "САЙТСЕКЬЮР" System and method for evaluating malicious websites
US10904286B1 (en) * 2017-03-24 2021-01-26 Fireeye, Inc. Detection of phishing attacks using similarity analysis
US20200252428A1 (en) * 2018-12-21 2020-08-06 Fireeye, Inc. System and method for detecting cyberattacks impersonating legitimate sources
US20210203692A1 (en) * 2019-12-27 2021-07-01 Paypal, Inc. Phishing detection using uniform resource locators
US11222112B1 (en) * 2021-02-24 2022-01-11 Netskope, Inc. Signatureless detection of malicious MS office documents containing advanced threats in macros

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
CAMPOBASSO MICHELE ET AL: "CARONTE: Crawling Adversarial Resources Over Non-Trusted, High-Profile Environments", 2019 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (EUROS&PW), IEEE, 17 June 2019 (2019-06-17), pages 433 - 442, XP033599536, DOI: 10.1109/EUROSPW.2019.00055 *
KHARRAZ AMIN ET AL: "Optical Delusions: A Study of Malicious QR Codes in the Wild", 2014 44TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, IEEE, 23 June 2014 (2014-06-23), pages 192 - 203, XP032646932, DOI: 10.1109/DSN.2014.103 *
SINGH A K ET AL: "MalCrawler: A Crawler for Seeking and Crawling Malicious Websites", 26 November 2016, SAT 2015 18TH INTERNATIONAL CONFERENCE, AUSTIN, TX, USA, SEPTEMBER 24-27, 2015; [LECTURE NOTES IN COMPUTER SCIENCE; LECT.NOTES COMPUTER], SPRINGER, BERLIN, HEIDELBERG, PAGE(S) 210 - 223, ISBN: 978-3-540-74549-5, XP047363431 *

Also Published As

Publication number Publication date
WO2024163492A2 (en) 2024-08-08

Similar Documents

Publication Publication Date Title
Catak et al. A benchmark API call dataset for windows PE malware classification
Talukder et al. A survey on malware detection and analysis tools
Chen et al. Automated behavioral analysis of malware: A case study of wannacry ransomware
Mohaisen et al. Av-meter: An evaluation of antivirus scans and labels
Jang et al. Andro-Dumpsys: Anti-malware system based on the similarity of malware creator and malware centric information
Talukder Tools and techniques for malware detection and analysis
Aslan Performance comparison of static malware analysis tools versus antivirus scanners to detect malware
Ali et al. Agent-based vs agent-less sandbox for dynamic behavioral analysis
Alshamrani Design and analysis of machine learning based technique for malware identification and classification of portable document format files
WO2024163492A3 (en) Web analyzer engine for identifying security-related threats
Han et al. Medusa attack: Exploring security hazards of {In-App}{QR} code scanning
Mehedi et al. DySec: a machine learning-based dynamic analysis for detecting malicious packages in PyPI ecosystem
KR102864824B1 (en) Apparatus for processing cyber threat information, method for processing cyber threat information, and medium for storing a program processing cyber threat information
Gregory Paul et al. A framework for dynamic malware analysis based on behavior artifacts
Canfora et al. Evaluating op-code frequency histograms in malware and third-party mobile applications
Bokolo et al. Hybrid analysis based cross inspection framework for android malware detection
Elrowayati et al. Sast tools and manual testing to improve the methodology of vulnerability detection in web applications
Srivastava et al. Android malware detection amid COVID-19
Adeniran et al. Dissecting the Infrastructure Used in Web-based Cryptojacking: A Measurement Perspective
Qureshi et al. Browser forensics: Extracting evidence from browser using Kali Linux and Parrot OS forensics tools
Rashmitha et al. Malware analysis and detection using reverse Engineering
Lee et al. IoT malware static and dynamic analysis system
Espinosa et al. Methodological proposal for privilege escalation in windows systems
Canfora et al. Malicious javascript detection by features extraction
Indumathi et al. Experimental analysis of malware detection and classification system using intelligent deep learning methodology

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24710921

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE