A monitor device for, a monitor method and a computer program product thereof for hardware are disclosed. The hardware comprises a central processing unit (CPU) and a storage module. The monitor device comprises a retrieve module and an analysis module. The retrieve module is configured to retrieve entry point information of a process comprising at least one instruction from the hardware before the process executed. The analysis module is configured to retrieve an address corresponding to the process according to the entry point information. When the CPU executes the at least one instruction, the storage module records the at least one instruction according to the address.
A monitor device for, a monitor method and a computer program product thereof for hardware are disclosed. The hardware comprises a central processing unit (CPU) and a storage module. The monitor device comprises a retrieve module and an analysis module. The retrieve module is configured to retrieve entry point information of a process comprising at least one instruction from the hardware before the process executed. The analysis module is configured to retrieve an address corresponding to the process according to the entry point information. When the CPU executes the at least one instruction, the storage module records the at least one instruction according to the address.
This technology focuses on security threat confronted by cloud environment to innovatively deploy monitoring module in Hypervisor. By means of Virtual Relay Information Analysis, required virtual system information for IT security protection can be associated and screened. Through in-depth system and Network Behavior Association Analysis Technology, corresponding detection and protection countermeasures can be proactively analyzed to provide integrated cloud system security protection and effectively achieve defense against emerging threats of cloud so as to mitigate loading of virtual system and provide enterprise with real-time detection and mitigation of damages caused by new-type attacks on IT security.
技術現況敘述-英文: This technology focuses on security threat confronted by cloud environment to innovatively deploy monitoring module in Hypervisor. By means of Virtual Relay Information Analysis, required virtual system information for IT security protection can be associated and screened. Through in-depth system and Network Behavior Association Analysis Technology, corresponding detection and protection countermeasures can be proactively analyzed to provide integrated cloud system security protection and effectively achieve defense against emerging threats of cloud so as to mitigate loading of virtual system and provide enterprise with real-time detection and mitigation of damages caused by new-type attacks on IT security.
Cloud Virtual IT Security Protection Technology (CAFÉ-CSG) is the R&D of key technologies such as 2-tier Dynamic & Static Collaboration Analysis, Virtual Interlayer IT Security Sandbox, Trigger of Isolated Network Behavior, and Proactive Analysis on Rule of Joint Defense. Unusual behavior of e-mail attachment can be deeply analyzed and proceed with joint defense with existing IT security equipment to help enterprise with real-time detection on threats of emerging attacks on IT security.
技術現況敘述-英文: Cloud Virtual IT Security Protection Technology (CAFÉ-CSG) is the R&D of key technologies such as 2-tier Dynamic & Static Collaboration Analysis, Virtual Interlayer IT Security Sandbox, Trigger of Isolated Network Behavior, and Proactive Analysis on Rule of Joint Defense. Unusual behavior of e-mail attachment can be deeply analyzed and proceed with joint defense with existing IT security equipment to help enterprise with real-time detection on threats of emerging attacks on IT security.
This technology is about the data mining of sensitive and confidential data over dynamic webpages, the automatic analysis of the driver mechanism of dynamic websites such as the tracking of the embedded program codes (e.g. JavaScript) on dynamic webpages and the analysis on the interactive menu and selection of webpages. In conjunction with automatic generation and injections of mining ques, it is possible to control the embedded programs, menus and selections on dynamic websites. This approach is able to effectively geneate the hidden webpages and dynamic webpages. After completion, it is possible to automate the prevention of leakage risks concerning sensitive and confidential data, and augments the technical vulnerability of a static data security inspection tool.
技術規格
1.隱匿網頁探勘引擎 2.線索推演產生技術 3.內容感知探測技術
技術成熟度
雛型
可應用範圍
?資安服務業者提供資料搜尋應用 ?針對企業或個人執行個資盤點應用
潛力預估
完成資料安全分析平台技術,建立「資料外洩防護解決方案」關鍵技術,技術移轉業者發展DLP(Data Loss Prevention) Appliance相關產品/服務,爭取個資法帶來之商機。
技術現況敘述-英文: This technology is about the data mining of sensitive and confidential data over dynamic webpages, the automatic analysis of the driver mechanism of dynamic websites such as the tracking of the embedded program codes (e.g. JavaScript) on dynamic webpages and the analysis on the interactive menu and selection of webpages. In conjunction with automatic generation and injections of mining ques, it is possible to control the embedded programs, menus and selections on dynamic websites. This approach is able to effectively geneate the hidden webpages and dynamic webpages. After completion, it is possible to automate the prevention of leakage risks concerning sensitive and confidential data, and augments the technical vulnerability of a static data security inspection tool.
技術規格: 1.隱匿網頁探勘引擎 2.線索推演產生技術 3.內容感知探測技術
技術成熟度: 雛型
可應用範圍: ?資安服務業者提供資料搜尋應用 ?針對企業或個人執行個資盤點應用
潛力預估: 完成資料安全分析平台技術,建立「資料外洩防護解決方案」關鍵技術,技術移轉業者發展DLP(Data Loss Prevention) Appliance相關產品/服務,爭取個資法帶來之商機。
A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.
技術摘要-英文: A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.
A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.
技術摘要-英文
A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.
技術摘要-中文: A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.
技術摘要-英文: A server, a user device, and a malware detection method thereof are provided. The server connects with the user device via a network, and records execution records of the user device. Based on the history of the execution records of the user device, the server can detect whether the user device has malwares or not accordingly.
A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.
技術摘要-英文: A method and a system for cleaning malicious software (malware), a computer program product, and a storage medium are provided. A relation graph is established to associate processes in an operating system and related elements. A node marking action is performed on the relation graph when a predetermined condition is satisfied. The node corresponding to a malicious process and its related nodes are marked with a first label. The nodes of other normal processes and their related nodes are marked with a second label. Then, those nodes marked with both the first label and the second label are screened, so that each of the nodes is marked with only the first label or the second label. Finally, the processes and elements corresponding to the nodes marked with the first label are removed.
An information security protection host is provided. The information security protection host comprises a network interface and a virtual machine monitor (VMM) device. The network interface is connected to a computer network and is configured to receive a first packet. The VMM device is configured to run a first operating system, wherein the first operating system provides a first network service. The VMM device is further configured to provide a first operating system information of the first operating system and a first network service information of the first network service instantaneously so as to determine the security of the first packet.
技術摘要-英文: An information security protection host is provided. The information security protection host comprises a network interface and a virtual machine monitor (VMM) device. The network interface is connected to a computer network and is configured to receive a first packet. The VMM device is configured to run a first operating system, wherein the first operating system provides a first network service. The VMM device is further configured to provide a first operating system information of the first operating system and a first network service information of the first network service instantaneously so as to determine the security of the first packet.