Abstract: Techniques for intrusion prevention based on infection chains are disclosed. In some embodiments, a system, a process, and/or a computer program product for intrusion prevention based on infection chains includes monitoring network traffic at a security platform; prefiltering the monitored network traffic at the security platform to select a subset of the network traffic to perform further analysis using a plurality of signatures based on infection chains; and determining whether a plurality of sessions in the network traffic is associated with advanced persistent threat (APT) attack traffic activity based on a match with at least one of the plurality of signatures based on the infection chains.

Abstract: Detection of malicious JavaScript based on automated user interaction emulation is disclosed. A malware sample is executed in an instrumented virtual environment. Dynamic behavior is triggered based on emulated user interactions.

Abstract: Various techniques for detecting obfuscated web skimmers based on encoding and hooking are disclosed. In some embodiments, a system/process/computer program product for detecting obfuscated web skimmers based on encoding and hooking includes receiving a sample; performing static analysis on the sample using encoded web skimmer detection rules (e.g., encoded using a plurality of encoding methods); performing dynamic analysis on the sample using hooking; and detecting an obfuscated web skimmer based on results of the static analysis using the encoded web skimmer detection rules and/or the dynamic analysis using hooking.

Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (LPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.

Abstract: A scroll compressor includes a movable scroll and a fixed portion. The fixed portion has a first bearing surface. The movable scroll has a second bearing surface. The scroll compressor includes a back pressure chamber located between the movable scroll and the fixed portion. At least one of the movable scroll and the fixed portion is provided with a groove disposed on a periphery of the back pressure chamber. The scroll compressor further includes a sealing assembly at least partially installed in the groove. One end of the sealing assembly is in contact with a groove bottom surface in the groove, and another end of the sealing assembly is in contact with the first bearing surface or the second bearing surface. The sealing assembly includes a wear-resistant ring and an elastic ring. The elastic ring has at least one recess on a surface thereof.

Abstract: Detection of malicious JavaScript based on automated user interaction emulation is disclosed. A malware sample is executed in an instrumented virtual environment. Dynamic behavior is triggered based on emulated user interactions.

Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (LPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.

Abstract: Detection of malicious JavaScript based on automated user interaction emulation is disclosed. A malware sample is executed in an instrumented virtual environment. Dynamic behavior is triggered based on emulated user interactions.

Abstract: Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (IPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.

Abstract: Detection of malicious JavaScript based on automated user interaction emulation is disclosed. A malware sample is executed in an instrumented virtual environment. Dynamic behavior is triggered based on emulated user interactions.