Patent
1993-01-19
1995-08-08
Beausoliel, Jr., Robert W.
395700, 39518309, 39518314, G06F 1100
Patent
active
054407230
ABSTRACT:
A method includes the following component steps, or some functional subset of these steps: (A) periodic monitoring of a data processing system (10) for anomalous behavior that may indicate the presence of an undesirable software entity such as a computer virus, worm, or Trojan Horse; (B) automatic scanning for occurrences of known types of undesirable software entities and taking remedial action if they are discovered; (C) deploying decoy programs to capture samples of unknown types of computer viruses; (D) identifying machine code portions of the captured samples which are unlikely to vary from one instance of the virus to another; (E) extracting an identifying signature from the executable code portion and adding the signature to a signature database; (F) informing neighboring data processing systems on a network of an occurrence of the undesirable software entity; and (G) generating a distress signal, if appropriate, so as to call upon an expert to resolve difficult cases. A feature of this invention is the automatic execution of the foregoing steps in response to a detection of an undesired software entity, such as a virus or a worm, within a data processing system. The automatic extraction of the identifying signature, the addition of the signature to a signature data base, and the immediate use of the signature by a scanner provides protection from subsequent infections of the system, and also a network of systems, by the same or an altered form of the undesirable software entity.
REFERENCES:
patent: 5062045 (1991-10-01), Janis et al.
patent: 5084816 (1992-01-01), Boese et al.
patent: 5121345 (1992-01-01), Lentz
patent: 5200958 (1993-04-01), Hamilton et al.
patent: 5218605 (1993-01-01), Low et al.
patent: 5255208 (1993-10-01), Thakore et al.
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5291590 (1994-03-01), Ohnishi et al.
patent: 5297150 (1994-03-01), Clark
patent: 5319776 (1994-06-01), Hile et al.
patent: 5359659 (1994-10-01), Rosenthal
patent: 5361359 (1994-11-01), Tajallie et al.
Qasem et al. "AI Trends in Virus Control" 1991 IEEE Proc. of Southeaston pp. 99-103 vol. 1.
Crocker et al. "A Proposal for a Verification-Based Virus Filler" 1989 IEEE Symposium on Security & Privacy pp. 319-324.
Kephort et al. "Directed Graph Epidemiological Module of Computer Viruses" 1991 IEEE Computer Society Symposium on Research in Security & Privacy pp. 343-359.
Kumor et al. "A Generic Virus Scanner in C++" 1992 8th Ann. Computer Security Applications Proceedings pp. 210-219.
Shoutkov et al. "Computer Viruses: Ways of Reproduction in MS DOS" 25th Ann. 1991 IEEE International Carnahan Conf. on Security Tech. pp. 168-176.
S. W. Shieh et al. "A Pattern-Oriented Intrusion-Detection Model and its Applications", Proceedings of the 1991 IEEE Computer Society Symposium on Reserach and Privacy, pp. 327-342.
H. S. Javitz et al. "The SRI IDES Statistical Anomaly Detector", Proceedings of the 1991 IEEE Computer Symposium on Research in Security and Privacy, pp. 316-326.
W. Arnold et al. "System for Detecting Undesired Alteration of Software", IBM TDB, vol. 32, No. 11, Apr. 1990, pp. 48-50.
S. M. Katz, "Estimation of Probabilities from Sparse Data for the Language Model Component of a Speech Recognizer", IEEE Trans. ASSP-35, No. 3, Mar. 1987, pp. 400-401.
F. Cohen, A Short Course on Computer Viruses, ASP Press, Pittsburg, 1990, pp. 9-15.
Arnold William C.
Chess David M.
Kephart Jeffrey O.
White Steven R.
Beausoliel, Jr. Robert W.
International Business Machines - Corporation
Palys Joseph E.
LandOfFree
Automatic immune system for computers and computer networks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Automatic immune system for computers and computer networks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Automatic immune system for computers and computer networks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-978450