Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-06-28
2009-08-04
Zand, Kambiz (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C726S025000, C713S188000, C709S201000, C709S202000, C709S217000, C709S218000
Reexamination Certificate
active
07571482
ABSTRACT:
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.
REFERENCES:
patent: 5386522 (1995-01-01), Evans
patent: 5889988 (1999-03-01), Held
patent: 6463583 (2002-10-01), Hammond
patent: 6754851 (2004-06-01), Yoshimura
patent: 6769117 (2004-07-01), Moore
patent: 6874149 (2005-03-01), Bermudez et al.
patent: 2002/0046364 (2002-04-01), Yoshimura
patent: 2003/0009548 (2003-01-01), Poyner
patent: 2003/0056197 (2003-03-01), Dennis et al.
patent: 2004/0098639 (2004-05-01), Liu
patent: 2004/0168161 (2004-08-01), Hargreaves
patent: 2004/0221269 (2004-11-01), Ray et al.
patent: 2004/0221271 (2004-11-01), Zeman et al.
patent: 2005/0204205 (2005-09-01), Ring et al.
Levine, J.G., ‘A Methodology for Detecting and Classifying Rootkit Exploits’, Georgia Institute of Technology, Feb. 2004,entire document, http://etd.gatech.edu/theses/available/etd-03172004-115855/unrestricted/john—g—levine—200405—phd.pdf.
Wang, Z., et al, ‘Countering Persistent Kernel Rootkits Through Systematic Hook Discovery’, Proceedings of the Recent Advances in Intrusion Detection (RAID), 2008, entire document, http://www.csc.ncsu.edu/faculty/jiang/pubs/RAID08—HookMap.pdf.
Garfinkel, T., and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection,”Proceedings of the Internet Society's 2003 Symposium on Network and Distributed System Security, San Diego, Calif., Feb. 6-7, 2003, pp. 191-206.
“Know Your Enemy: Sebek,” Honeynet.org, Nov. 17, 2003, <http://www.honeynet.org/papers/sebek.pdf> [retrieved Dec. 14, 2004].
Litty, L., “Hypervisor-Based Intrusion Detection,” master's thesis, University of Toronto, Toronto, Canada, © 2005.
Costea Mihai
Field Scott A.
Hensing, Jr. Robert J.
Lin Yun
Loihle Gretchen L.
Baum Ronald
Microsoft Corporation
Workman Nydegger
Zand Kambiz
LandOfFree
Automated rootkit detector does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automated rootkit detector, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated rootkit detector will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4126872