Automated rootkit detector

Information security – Monitoring or scanning of software or data including attack... – Intrusion detection

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S025000, C713S188000, C709S201000, C709S202000, C709S217000, C709S218000

Reexamination Certificate

active

07571482

ABSTRACT:
Embodiments of a RootKit detector are directed to identifying a RootKit on a computer that is designed to conceal malware. Aspects of the RootKit detector leverage services provided by kernel debugger facilities to automatically obtain data in specified data structures that are maintained by an operating system. Then the data obtained from the kernel debugger facilities is processed with an integrity checker that determines whether the data contains properties sufficient to declare that a RootKit is resident on the computer.

REFERENCES:
patent: 5386522 (1995-01-01), Evans
patent: 5889988 (1999-03-01), Held
patent: 6463583 (2002-10-01), Hammond
patent: 6754851 (2004-06-01), Yoshimura
patent: 6769117 (2004-07-01), Moore
patent: 6874149 (2005-03-01), Bermudez et al.
patent: 2002/0046364 (2002-04-01), Yoshimura
patent: 2003/0009548 (2003-01-01), Poyner
patent: 2003/0056197 (2003-03-01), Dennis et al.
patent: 2004/0098639 (2004-05-01), Liu
patent: 2004/0168161 (2004-08-01), Hargreaves
patent: 2004/0221269 (2004-11-01), Ray et al.
patent: 2004/0221271 (2004-11-01), Zeman et al.
patent: 2005/0204205 (2005-09-01), Ring et al.
Levine, J.G., ‘A Methodology for Detecting and Classifying Rootkit Exploits’, Georgia Institute of Technology, Feb. 2004,entire document, http://etd.gatech.edu/theses/available/etd-03172004-115855/unrestricted/john—g—levine—200405—phd.pdf.
Wang, Z., et al, ‘Countering Persistent Kernel Rootkits Through Systematic Hook Discovery’, Proceedings of the Recent Advances in Intrusion Detection (RAID), 2008, entire document, http://www.csc.ncsu.edu/faculty/jiang/pubs/RAID08—HookMap.pdf.
Garfinkel, T., and M. Rosenblum, “A Virtual Machine Introspection Based Architecture for Intrusion Detection,”Proceedings of the Internet Society's 2003 Symposium on Network and Distributed System Security, San Diego, Calif., Feb. 6-7, 2003, pp. 191-206.
“Know Your Enemy: Sebek,” Honeynet.org, Nov. 17, 2003, <http://www.honeynet.org/papers/sebek.pdf> [retrieved Dec. 14, 2004].
Litty, L., “Hypervisor-Based Intrusion Detection,” master's thesis, University of Toronto, Toronto, Canada, © 2005.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Automated rootkit detector does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Automated rootkit detector, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automated rootkit detector will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4126872

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.