Countering polymorphic malicious computer code through code...

Information security – Monitoring or scanning of software or data including attack... – Intrusion detection

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000

Reexamination Certificate

active

07624449

ABSTRACT:
Methods, apparati, and computer-readable media for determining whether computer code (30) contains malicious code. In a method embodiment, the computer code (30) is optimized (40) to produce optimized code; and the optimized code is subject to a malicious code detection protocol. In an embodiment, the optimizing (40) comprises at least one of constant folding (53), copy propagation (54), non-obvious dead code elimination (62,63), code motion (49), peephole optimization (52), abstract interpretation (59,68), instruction specialization (55), and control flow graph reduction (44).

REFERENCES:
patent: 5485575 (1996-01-01), Chess et al.
patent: 5659752 (1997-08-01), Heisch et al.
patent: 5734908 (1998-03-01), Chan et al.
patent: 5765030 (1998-06-01), Nachenberg et al.
patent: 5790867 (1998-08-01), Schmidt et al.
patent: 5797013 (1998-08-01), Mahadevan et al.
patent: 5812854 (1998-09-01), Steinmetz et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5881151 (1999-03-01), Yamamoto
patent: 5949973 (1999-09-01), Yarom
patent: 6230288 (2001-05-01), Kuo et al.
patent: 6782487 (2004-08-01), Gotoh et al.
patent: 7266844 (2007-09-01), Teblyashkin et al.
patent: 2002/0131404 (2002-09-01), Mehta et al.
patent: 2003/0135791 (2003-07-01), Natvig
patent: 2003/0149969 (2003-08-01), Ogasawara
patent: 2003/0221121 (2003-11-01), Chow et al.
patent: 2004/0221279 (2004-11-01), Lovett et al.
patent: 2004/0221280 (2004-11-01), Bolton et al.
patent: 2004/0255279 (2004-12-01), Rawsthorne et al.
patent: 2005/0028002 (2005-02-01), Christodorescu et al.
patent: 2005/0204384 (2005-09-01), Yuen et al.
patent: WO 01/37095 (2001-05-01), None
Choi, Yang-Seo, et al., “A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation”, Lecture Notes in Computer Science 2288, 2002, pp. 146-159, Spinger Verlog, Berlin and Heidelsberq, Germany.
Chew, Monica and Dawn Song, “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2000, pp. 1-9, U.C. Berkeley, CA USA.
Randustack web pages [online]. Virtualave.net [first retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virualave.net/docs/randustack.txt>, copy retrieved Mar. 21, 2005 from <http://www.pax.grsecurity.net/docs/randustack.txt>.
Randkstack web pages [online]. Virtualave.net [first retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virualave.net/docs/randkstack.txt>, copy retrieved Mar. 21, 2005 from <http://www.pax.grsecurity.net/docs/randkstack.txt>.
Randmap web pages [online]. Virtualave.net [first retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virualave.net/docs/randmmap.txt>, copy retrieved Mar. 21, 2005 from <http://www.pax.grsecurity.net/docs/randmmap.txt>.
Randexec web pages [online]. Virtualave.net [first retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virualave.net/docs/randexec.txt>, copy retrieved Mar. 21, 2005 from <http://www.pax.grsecurity.net/docs/randexec.txt>.
VMA Mirroring web pages [online]. Virtualave.net [retrieved May 1, 2003]. Retrieved from the Internet: <URL: http://pageexec.virualave.net/docs/vmmirror.txt>, copy retrieved Mar. 21, 2005 from <http://www.pax.grsecurity.net/docs/vmmirror.txt>.
Aho, Alfred V., et al.,Compilers, Addison-Wesley Publishing Company, USA, revised edition 1988.
Szor, Peter, et al., “Hunting for Metamorphic”, Virus Bulletin Conference, Sep. 2001, pp. 123-144, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England.
Perriot, Frederic, “Defeating Polymorphism Through Code Optimization”, paper given at the Virus Bulletin Conference, Sep. 26-26, 2003, pp. 142-159, Toronto, Canada, published by Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Countering polymorphic malicious computer code through code... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Countering polymorphic malicious computer code through code..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Countering polymorphic malicious computer code through code... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4099474

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.