Data processing: software development – installation – and managem – Software program development tool – Testing or debugging
Reexamination Certificate
2006-08-15
2006-08-15
Ingberg, Todd (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Testing or debugging
C713S152000, C714S038110
Reexamination Certificate
active
07093239
ABSTRACT:
An automated analysis system detects malicious code within a computer system by generating and subsequently analyzing a behavior pattern for each computer program introduced to the computer system. Generation of the behavior pattern is accomplished by a virtual machine invoked within the computer system. An initial analysis may be performed on the behavior pattern to identify infected programs on initial presentation of the program to the computer system. The analysis system also stores behavior patterns and sequences with their corresponding analysis results in a database. Newly infected programs can be detected by analyzing a newly generated behavior pattern for the program with reference to a stored behavior pattern to identify presence of an infection or payload pattern.
REFERENCES:
patent: 4400769 (1983-08-01), Kaneda et al.
patent: 4819234 (1989-04-01), Huber
patent: 4975950 (1990-12-01), Lentz
patent: 5121345 (1992-06-01), Lentz
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5345595 (1994-09-01), Johnson et al.
patent: 5359659 (1994-10-01), Rosenthal
patent: 5398196 (1995-03-01), Chambers
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5475839 (1995-12-01), Watson et al.
patent: 5511184 (1996-04-01), Lin
patent: 5586260 (1996-12-01), Hu
patent: 5590331 (1996-12-01), Lewis et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5623600 (1997-04-01), Ji et al.
patent: 5623601 (1997-04-01), Vu
patent: 5630061 (1997-05-01), Richter et al.
patent: 5649095 (1997-07-01), Cozza
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5696822 (1997-12-01), Nachenberg
patent: 5761504 (1998-06-01), Corrigan et al.
patent: 5764887 (1998-06-01), Kells et al.
patent: 5764890 (1998-06-01), Glasser et al.
patent: 5765030 (1998-06-01), Nachenberg et al.
patent: 5774727 (1998-06-01), Walsh et al.
patent: 5787177 (1998-07-01), Leppek
patent: 5796942 (1998-08-01), Esbensen
patent: 5798706 (1998-08-01), Kraemer et al.
patent: 5815574 (1998-09-01), Fortinsky
patent: 5822517 (1998-10-01), Dotan
patent: 5826013 (1998-10-01), Nachenberg
patent: 5828833 (1998-10-01), Belville et al.
patent: 5832208 (1998-11-01), Chen et al.
patent: 5832211 (1998-11-01), Blakley, III et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5838903 (1998-11-01), Blakely, III et al.
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5854916 (1998-12-01), Nachenberg
patent: 5857191 (1999-01-01), Blackwell, Jr. et al.
patent: 5864665 (1999-01-01), Tran
patent: 5864803 (1999-01-01), Nussbaum
patent: 5872978 (1999-02-01), Hoskins
patent: 5875296 (1999-02-01), Shi et al.
patent: 5881236 (1999-03-01), Dickey
patent: 5884033 (1999-03-01), Duvall et al.
patent: 5907834 (1999-05-01), Kephart et al.
patent: 5950012 (1999-09-01), Shiell et al.
patent: 5964839 (1999-10-01), Johnson et al.
patent: 5964889 (1999-10-01), Nachenberg
patent: 5978917 (1999-11-01), Chi
patent: 5983270 (1999-11-01), Abraham et al.
patent: 5983348 (1999-11-01), Ji
patent: 5987606 (1999-11-01), Cirasole et al.
patent: 5987610 (1999-11-01), Franczek et al.
patent: 5987611 (1999-11-01), Freund
patent: 5999723 (1999-12-01), Nachenberg
patent: 6003132 (1999-12-01), Mann
patent: 6014645 (2000-01-01), Cunningham
patent: 6016553 (2000-01-01), Schneider et al.
patent: 6021510 (2000-02-01), Nachenberg
patent: 6026442 (2000-02-01), Lewis et al.
patent: 6029256 (2000-02-01), Kouznetsov
patent: 6035423 (2000-03-01), Hodges et al.
patent: 6041347 (2000-03-01), Harsham et al.
patent: 6061795 (2000-05-01), Dircks et al.
patent: 6067410 (2000-05-01), Nachenberg
patent: 6081894 (2000-06-01), Mann
patent: 6085224 (2000-07-01), Wagner
patent: 6088803 (2000-07-01), Tso et al.
patent: 6092194 (2000-07-01), Touboul
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6098173 (2000-08-01), Elgressy et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6118940 (2000-09-01), Alexander, III et al.
patent: 6119165 (2000-09-01), Li et al.
patent: 6119234 (2000-09-01), Aziz et al.
patent: 6122738 (2000-09-01), Millard
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6167520 (2000-12-01), Touboul
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6266774 (2001-07-01), Sampath et al.
patent: 6272641 (2001-08-01), Ji
patent: 6275938 (2001-08-01), Bond et al.
patent: 6324627 (2001-11-01), Kricheff et al.
patent: 6338141 (2002-01-01), Wells
patent: 6357008 (2002-03-01), Nachenberg
patent: 6397242 (2002-05-01), Devine et al.
patent: 6405318 (2002-06-01), Rowland
patent: 6775780 (2004-08-01), Muttik
patent: 2002/0083334 (2002-06-01), Rogers et al.
patent: 0 636 977 (1995-02-01), None
patent: WO 99/15966 (1999-04-01), None
patent: WO 00/54458 (2000-09-01), None
patent: WO 01/84285 (2001-11-01), None
patent: WO 02/06928 (2002-01-01), None
patent: PCT/US01/26804 (2002-03-01), None
patent: WO 02/056152 (2002-07-01), None
Li Gong, “Java™ Security Architecture (JDK1.2),” Oct. 2, 1998, Sun Microsystems, Inc., Version 1.0, pp. i-iv, 1-62.
“Softworks Limited VBVM Whitepaper,” [online] Nov. 3, 1998 [accessed Mar. 19, 2003], Retrieved from Internet <URL: http://web.archive/org/web/19981203105455/http://softworksltd.com/vbvm.html>, pp. 1-4.
“Advanced Virus Detection Technology for the Next Millennium,” Aug. 1999, Network Associates, A Network Associates Executive White Paper, pp. 1-14.
“Enterprise-Grade Anit-Virus Automation in the 21stCentury,” Jun. 2000, Symantec, Technology Brief, pp. 1-17.
Jeffrey O. Kephart, et al., “Blueprint for a Computer Immune System,” [online] 1997 [accessed Oct. 6, 2003], Retrieved from Internet <URL: http://www.research.ibm.com/antivirus/SciPapers/Kephart/VB97/>, pp. 1-15.
Baudouin Le Charlier, et al., “Dynamic Detection and Classification of Computer Viruses Using General Behavior Patterns,” 1995, Proceedings of the Fifth International Virus Bulletin Conference, Boston, pp. 1-22.
Robert Richardson, “Enterprise Antivirus Software,” [online] Feb. 2000 [accessed Oct. 6, 2003], Retrieved from Internet <URL: http://www.networkmagazine.com/article/NMG20000426S0006>, pp. 1-6.
“Understanding and Managing Polymorphic Viruses,” 1996, Symantec, The Symantec Enterprise Papers, vol. XXX, pp. 1-13.
Efrem G. Mallach, “On the Relationship Between Virtual Machines and Emulators,” 1973, Proceedings of the workshop on virtual computer systems, Cambridge, Massachusetts, pp. 117-126.
“Microsoft® Computer Disctionary,” 2002, Microsoft Corporation, 5thed., pp. i, ii, 567-571.
Paul Sanna, et al., “Special Edition Using Windows NT Workstation 4.0, Second Edition,” 1997, Que Corporation, pp. iii, iv, 280-296;673.
“vnware™ for Linux,” product brief, online [archived May 8, 1999], Retrieved from Internet <URL: http://web.archive.org/web/19990508224129/www3.vmware.com/pdf/vmwareforlinux.pdf>, pp. 1-2.
Frans Veldman, “Heuristic Anti-Virus Technology,” Proceedings, 3rdInternational Virus Bulletin Conference, pp. 67-76, Sep. 1993.
Symantec, Understanding Heuristics: Symantec's Bloodhound Technology, Symantec White Paper Series, vol. XXXIV, pp. 1-14, Sep. 1997.
Carey Stover Nachenberg, “A New Technique for Detecting Polymorphic Computer Viruses,” A thesis submitted in partial satisfaction of the requirements for the degree Master of Science in Computer Science, University of California Los Angeles, pp. I-27, 1995.
Andrew P. Kosoresow, et al., “Intrusion Detection Via System Call Traces,” IEEE Software, pp. 35-42, Sep./Oct. 1997.
“Microsoft P-Code Technology,” http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarvc/html/msdn—c7pcode2.asp, pp. 1-6, Apr. 1992.
“DJGPP COFF Spec,” http://delorie.com/digpp/doc/coff/, pp. 1-15, Oc. 1996.
Natvig, Kurt, “Sandbox Technology Inside AV Scanners,” Virus Bulletin Conference, Sep. 2001, pp. 475-488.
“Norman introduces a new technique for
Ingberg Todd
Internet Security Systems, Inc.
King & Spalding LLP
Kiss Eric B.
LandOfFree
Computer immune system and method for detecting unwanted... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer immune system and method for detecting unwanted..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer immune system and method for detecting unwanted... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3633986