Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-06-26
2010-02-16
Colin, Carl (Department: 2433)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000, C726S025000
Reexamination Certificate
active
07665138
ABSTRACT:
A detecting method and architecture thereof for malicious codes is provided, which is applicable to a computer system having at least a host. Each host executes at least a process. The method is implemented with a system call interposition module and an analysis module for malicious codes. The system call module intercepts all system calls of process calls and all related arguments of the system calls. The analysis module for malicious codes analyzes the input data of pre-determined system calls, and executes the suspicious malicious codes. Once the same behaviors between the analysis module and the suspicious malicious codes are found, a system-intrusion warning is immediately triggered. The method is not required to maintain huge signature databases, and can detect unknown attack-skills in a manner of high correct rate and low incorrect ruling.
REFERENCES:
patent: 4001819 (1977-01-01), Wise
patent: 5163088 (1992-11-01), LoCascio
patent: 5359659 (1994-10-01), Rosenthal
patent: 5398196 (1995-03-01), Chambers
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5684875 (1997-11-01), Ellenberger
patent: 5940002 (1999-08-01), Finn et al.
patent: 5960177 (1999-09-01), Tanno
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6205115 (2001-03-01), Ikebe et al.
patent: 6237036 (2001-05-01), Ueno et al.
patent: 6594780 (2003-07-01), Shen et al.
patent: 6732279 (2004-05-01), Hoffman
patent: 6757822 (2004-06-01), Feiertag et al.
patent: 6775780 (2004-08-01), Muttik
patent: 6779117 (2004-08-01), Wells
patent: 7093239 (2006-08-01), van der Made
patent: 7181768 (2007-02-01), Ghosh et al.
patent: 7225204 (2007-05-01), Manley et al.
patent: 7370360 (2008-05-01), van der Made
patent: 2005/0193428 (2005-09-01), Ring et al.
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 477140 (2002-02-01), None
patent: 574655 (2004-02-01), None
“Fork (operating system)”—Wikipedia, the free encyclopedia; Feb. 27, 2005; pp. 1-3; “http://en.wikipedia.org/w/index.php?title=Fork—(operating—system)&oldid=10609259”.
“YoLinux Tutorial: Fork, Exec and Process control”; copyright 2004, 2005 by Greg Ippolito; pp. 1-19; “http://www.yolinux.com/TUTORIALS/ForkExecProcesses.html”.
Huang Ying-Yuan
Song Chen-Hwa
Colin Carl
Industrial Technology Research Institute
LandOfFree
Detecting method and architecture thereof for malicious codes does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detecting method and architecture thereof for malicious codes, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detecting method and architecture thereof for malicious codes will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4197329