Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-03-30
2010-12-14
Dada, Beemnet W (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
07854004
ABSTRACT:
An automated analysis system detects malicious code within a computer system by generating and subsequently analyzing a behavior pattern for each computer program introduced to the computer system. Generation of the behavior pattern is accomplished by a virtual machine invoked within the computer system. An initial analysis may be performed on the behavior pattern to identify infected programs on initial presentation of the program to the computer system. The analysis system also stores behavior patterns and sequences with their corresponding analysis results in a database. Newly infected programs can be detected by analyzing a newly generated behavior pattern for the program with reference to a stored behavior pattern to identify presence of an infection or payload pattern.
REFERENCES:
patent: 4400769 (1983-08-01), Kaneda et al.
patent: 4819234 (1989-04-01), Huber
patent: 4975950 (1990-12-01), Lentz
patent: 5121345 (1992-06-01), Lentz
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5345595 (1994-09-01), Johnson et al.
patent: 5398196 (1995-03-01), Chambers
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5475839 (1995-12-01), Watson et al.
patent: 5586260 (1996-12-01), Hu
patent: 5590331 (1996-12-01), Lewis et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5623600 (1997-04-01), Ji et al.
patent: 5623601 (1997-04-01), Vu
patent: 5630061 (1997-05-01), Richter et al.
patent: 5649095 (1997-07-01), Cozza
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5696822 (1997-12-01), Nachenberg
patent: 5761504 (1998-06-01), Corrigan et al.
patent: 5764887 (1998-06-01), Kells et al.
patent: 5764890 (1998-06-01), Glasser et al.
patent: 5765030 (1998-06-01), Nachenberg et al.
patent: 5774727 (1998-06-01), Walsh et al.
patent: 5787177 (1998-07-01), Leppek
patent: 5796942 (1998-08-01), Esbensen
patent: 5798706 (1998-08-01), Kraemer et al.
patent: 5815574 (1998-09-01), Fortinsky
patent: 5826013 (1998-10-01), Nachenberg
patent: 5828833 (1998-10-01), Belville et al.
patent: 5832208 (1998-11-01), Chen et al.
patent: 5832211 (1998-11-01), Blakley, III et al.
patent: 5835726 (1998-11-01), Shwed et al.
patent: 5838903 (1998-11-01), Blakely, III et al.
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5854916 (1998-12-01), Nachenberg
patent: 5857191 (1999-01-01), Blackwell, Jr. et al.
patent: 5864665 (1999-01-01), Tran
patent: 5864803 (1999-01-01), Nussbaum
patent: 5872978 (1999-02-01), Hoskins
patent: 5875296 (1999-02-01), Shi et al.
patent: 5881236 (1999-03-01), Dickey
patent: 5884033 (1999-03-01), Duvall et al.
patent: 5907834 (1999-05-01), Kephart et al.
patent: 5950012 (1999-09-01), Shiell et al.
patent: 5964839 (1999-10-01), Johnson et al.
patent: 5964889 (1999-10-01), Nachenberg
patent: 5978917 (1999-11-01), Chi
patent: 5983270 (1999-11-01), Abraham et al.
patent: 5983348 (1999-11-01), Ji
patent: 5987606 (1999-11-01), Cirasole et al.
patent: 5987610 (1999-11-01), Franczek et al.
patent: 5987611 (1999-11-01), Freund
patent: 5999723 (1999-12-01), Nachenberg
patent: 6003132 (1999-12-01), Mann
patent: 6014645 (2000-01-01), Cunningham
patent: 6016553 (2000-01-01), Schneider et al.
patent: 6021510 (2000-02-01), Nachenberg
patent: 6026442 (2000-02-01), Lewis et al.
patent: 6029256 (2000-02-01), Kouznetsov
patent: 6035423 (2000-03-01), Hodges et al.
patent: 6041347 (2000-03-01), Harsham et al.
patent: 6061795 (2000-05-01), Dircks et al.
patent: 6067410 (2000-05-01), Nachenberg
patent: 6081894 (2000-06-01), Mann
patent: 6085224 (2000-07-01), Wagner
patent: 6088803 (2000-07-01), Tso et al.
patent: 6092194 (2000-07-01), Touboul
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6098173 (2000-08-01), Elgressy et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6118940 (2000-09-01), Alexander, III et al.
patent: 6119165 (2000-09-01), Li et al.
patent: 6119234 (2000-09-01), Aziz et al.
patent: 6122738 (2000-09-01), Millard
patent: 6154844 (2000-11-01), Touboul et al.
patent: 6167520 (2000-12-01), Touboul
patent: 6192512 (2001-02-01), Chess
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6266774 (2001-07-01), Sampath et al.
patent: 6272641 (2001-08-01), Ji
patent: 6275938 (2001-08-01), Bond et al.
patent: 6324627 (2001-11-01), Kricheff et al.
patent: 6338141 (2002-01-01), Wells
patent: 6357008 (2002-03-01), Nachenberg
patent: 6397242 (2002-05-01), Devine et al.
patent: 6405318 (2002-06-01), Rowland
patent: 6775780 (2004-08-01), Muttik
patent: 6971019 (2005-11-01), Nachenberg
patent: 6973577 (2005-12-01), Kouznetsov
patent: 7093239 (2006-08-01), van der Made
patent: 7185367 (2007-02-01), Munson
patent: 7370360 (2008-05-01), van der Made
patent: 2002/0083334 (2002-06-01), Rogers et al.
patent: 0 636 977 (1995-02-01), None
patent: WO 00/15966 (1999-04-01), None
patent: WO 00/54458 (2000-09-01), None
patent: WO 01/84285 (2001-11-01), None
patent: WO 02/06928 (2002-01-01), None
patent: PCT/US01/26804 (2002-03-01), None
patent: WO 02/056152 (2002-07-01), None
Jieh-Sheng Lee, “A Generic Virus Detection Agent on the Internet”, IEEE, 1997, pp. 210-219.
Arnold, WC Chess, DM, et al., Automated Program Analysis for Computer Virus Detection, Jul. 1991, IBM Technical Disclosure Bulletin, pp. 415-416. [n2, pp. 415-416 teaches interpreter/simulator that simulates the execution of a given “COM” or “EXE” file].
Arnold, WC Chess, DM, et al., Employment of Virus Detection Procedures at Domain Boundaries, Dec. 1991, IBM Technical Disclosure Bulletin, pp. 199-200. [n7a pp. 199-200 teaches virus detection procedures at domain boundaries].
Arnold, WC Chess, DM, System for Detecting Undesired Alteration of Software, Apr. 1990, IBM Technical Disclosure Bulletin, pp. 48-50. [n11 pp. 48-50 teaches detecting undesired alteration of software].
“Advanced Virus Detection Technology for the Next Millennium,” Aug. 1999, Network Associates, A Network Associates Executive White Paper, pp. 1-14.
“Enterprise-Grade Anti-Virus Automation in the 21stCentury,” Jun. 2000, Symantec, Technology Brief, pp. 1-17.
Jeffrey O. Kephart, et al., “Blueprint for a Computer Immune System,” [online] 1997 [accessed Oct. 6, 2003], Retrieved from Internet <URL: http://www.research.ibm.com/antivirus/SciPapers/Kephart/VB97/>, pp. 1-15.
Baudouin Le Charlier, et al., “Dynamic Detection and Classification of Computer Viruses Using General Behavior Patterns,” 1995, Proceedings of the fifth International Virus Bulletin Conference, Boston, pp. 1-22.
Robert Richardson, “Enterprise Antivirus Software,” [online] Feb. 2000 [accessed Oct. 6, 2003], Retrieved from Internet <URL: http//www.networkmagazine.com/article/NMG20000426S0006>, pp. 1-6.
“Understanding and Managing Polymorphic Viruses,” 1996, Symantec, The Symantec Enterprise Papers, vol. XXX, pp. 1-13.
Andrew P. Kosoresow, et al., “Intrusion Detection Via System Call Traces,” IEEE Software, pp. 35-42, Sep./Oct. 1997.
Frans Veldman, “Heuristic Anti-Virus Technology,” Proceedings, 3rdInternational Virus Bulletin Conference, pp. 67-76, Sep. 1993.
Symantec, Understanding Heuristics: Symatec's Bloodhound Technology, Symantec White Paper Series, vol. XXXIV, pp. 1-14, Sep. 1997.
Carey Stover Nachenberg, “A New Technique for Detecting Polymorphic Computer Viruses,” A thesis submitted in partial satisfaction of the requirements for the degree Master of Science in Computer Science, University of California Los Angeles, pp. I-127, 1995.
“Microsoft P-Code Technology,” http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarvc/html/msdn—c7pcode2.asp, pp. 1-6, Apr. 1992.
“DJGPP COFF Spec,” http://delorie.com/digpp/doc/coff/, pp. 1-15, Oct. 1996.
Natvig, Kurt, “Sandbox Technology Inside AV Scanners,” Virus Bulletin Conference, Sep. 2001, pp. 475-488.
“Norman introduces a new technique for eliminating new computer viruses,” found on Norman's website, file://C:\Documents%20and%20Settings\7489\Local%20Settings\Te
Dada Beemnet W
International Business Machines - Corporation
King & Spalding LLP
LandOfFree
Computer immune system and method for detecting unwanted... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer immune system and method for detecting unwanted..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer immune system and method for detecting unwanted... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4193900