Data driven detection of viruses

Electrical computers and digital processing systems: support – Computer virus detection by cryptography

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C713S187000, C713S190000, C726S023000, C726S024000

Reexamination Certificate

active

07925888

ABSTRACT:
A virus detection system (VDS) (400) operates under the control of P-code to detect the presence of a virus in a file (100) having multiple entry points. P-code is an intermediate instruction format that uses primitives to perform certain functions related to the file (100). The VDS (400) executes the P-code, which provides Turing-equivalent capability to the VDS. The VDS (400) has a P-code data file (410) for holding the P-code, a virus definition file (VDF) (412) for holding signatures of known viruses, and an engine (414) for controlling the VDS. The engine (414) contains a P-code interpreter (418) for interpreting the P-code, a scanning module (424) for scanning regions of the file (100) for the virus signatures in the VDF (412), and an emulating module (426) for emulating entry points of the file. When executed, the P-code examines the file (100), posts (514) regions that may be infected by a virus for scanning, and posts (518) entry points that may be infected by a virus for emulating. The P-code can also detect (520) certain viruses algorithmically. Then, the posted regions and entry points of the file (100) are scanned (526) and emulated (534) to determine if the file is infected with a virus. This technique allows the VDS (400) to perform sophisticated analysis of files having multiple entry points in a relatively brief amount of time. In addition, the functionality of the VDS (400) can be changed by changing the P-code, reducing the need for burdensome engine updates.

REFERENCES:
patent: 5386523 (1995-01-01), Crook et al.
patent: 5398196 (1995-03-01), Chambers
patent: 5696822 (1997-12-01), Nachenberg
patent: 5796989 (1998-08-01), Morley et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5854916 (1998-12-01), Nachenberg
patent: 5881151 (1999-03-01), Yamamoto
patent: 5960170 (1999-09-01), Chen et al.
patent: 5964889 (1999-10-01), Nachenberg
patent: 5999723 (1999-12-01), Nachenberg
patent: 6021510 (2000-02-01), Nachenberg
patent: 6067410 (2000-05-01), Nachenberg
patent: 6088803 (2000-07-01), Tso et al.
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6311277 (2001-10-01), Takaragi et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: WO 97/12322 (1997-03-01), None
Padawer, “Microsoft P-Code Technology,” [online]. Apr. 1992 [retrieved on Nov. 13, 2003]. Retrieved from the Internet: <URL: http://msdn.Microsoft.com/archive/en-us/dnarvc/html/msdn—c7pcode2.asp?frame=true.>, 6 pages.
“Frequently Asked Questions on Virus-L/comp.virus,” [online]. Oct. 9, 1995 [retrieved on Nov. 25, 2003]. Retrieved from the Internet: <URL: http://www.claws-and-paws.com/virus/faqs/vlfaq200.shtml>, 53 pages.
LeCharlier et al., “Dynamic Detection and Classification of Computer Viruses Using General Behavior Patterns,” Proceedings of the Fifth International Virus Bulletin Conference, Boston, Mass., Sep. 20-22, 1995, 22 pages.
McCanne et al., “The BSD Packet Filter: A new Architecture for User-level Packet Capture,” Preprint Dec. 19, 1992, 1993 Winter USENIX conference, San Diego, California, Jan. 25-29, 1993, 11 pages.
Leitold et al, “VIRus Searching and KILling Language.” Proceedings of the Second International Virus Bulletin Conference, Sep. 1992, 15 pages.
Taubes, “An Immune System for Cyberspace,” Think Research [online], vol. 34, No. 4, 1996 (retrieved on Dec. 15, 2003). Retrieved from the Internet: <URL: http://domino.research.ibm.com/comm./wwwr—thinkresearch.nsf/pages/antivirus496.html>, 9 pages.
Ször, “Memory Scanning Under Windows NT,” Virus Bulletin Conference, Sep. 1999, 22 pages.
Ször, “Attacks on Win32,” Virus Bulletin Conference, Oct. 1998, 84 pages.
Symantec, “Understanding Heuristics”, Symantec's Bloodhound Technology, 1997, Symantec White Paper Series, vol. XXXIV.
Trend Mirco, Inc., “Eliminating Viruses in the Lotus Notes Environment”, 1999, Trend Micro Product Paper.
Parkhouse, Jayne, “Pelican SafeTNet 2.0” [online], Jun. 2000. SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Data driven detection of viruses does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Data driven detection of viruses, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data driven detection of viruses will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2702154

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.