Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2009-12-15
2011-12-06
Jung, David Y (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S025000
Reexamination Certificate
active
08074280
ABSTRACT:
Systems and methods for an anti-virus detection module that can detect known undesired computer files in archives that may be encrypted, compressed and/or password-protected are provided. According to one embodiment, a method is provided for detection of malicious or undesired computer files within an archive without decrypting and without decompressing the contents of the archive. A type and structure of the archive are identified by examining primary or secondary identification bytes stored within the archive. Based on the identified type and structure, descriptive information is obtained from the archive describing contained files within the archive file. The descriptive information for each contained files is evaluated to determine if any are malicious or undesired computer files by comparing the descriptive information to signatures of known malicious or undesired computer files. Finally, an attempt is made to prevent contained files determined to be malicious or undesired from being opened.
REFERENCES:
patent: 5442699 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 5907834 (1999-05-01), Kephart et al.
patent: 6192512 (2001-02-01), Chess
patent: 6279128 (2001-08-01), Arnold et al.
patent: 6393568 (2002-05-01), Ranger et al.
patent: 6622134 (2003-09-01), Sorkin
patent: 6711583 (2004-03-01), Chess et al.
patent: 6789200 (2004-09-01), Fiveash et al.
patent: 6813712 (2004-11-01), Luke
patent: 6879988 (2005-04-01), Basin et al.
patent: 7010689 (2006-03-01), Matyas et al.
patent: 7043634 (2006-05-01), Wolff et al.
patent: 7349931 (2008-03-01), Horne
patent: 7448085 (2008-11-01), Reyes et al.
patent: 7797746 (2010-09-01), Fossen
patent: 2002/0003886 (2002-01-01), Hillegass et al.
patent: 2004/0015726 (2004-01-01), Szor
patent: 2004/0260636 (2004-12-01), Marceau et al.
patent: 2006/0053180 (2006-03-01), Alon et al.
patent: 2007/0174362 (2007-07-01), Pham et al.
patent: 2008/0141373 (2008-06-01), Fossen
patent: 2010/0095380 (2010-04-01), Fossen
patent: 2011/0016530 (2011-01-01), Fossen
patent: 2011/0023121 (2011-01-01), Fossen
patent: 1377892 (2004-01-01), None
patent: 02084459 (2002-10-01), None
patent: 2005047862 (2005-05-01), None
Run-Time Detection of Malwares via Dynamic Control-Flow Inspection; Yong-Joon Park; Zhao Zhang; Songqing Chen; Application-specific Systems, Architectures and Processors, 2009. ASAP 2009. 20th IEEE International Conference on Publication Year: 2009 , pp. 223-226.
Detection of packed executables using support vector machines; Wang, Tzu-Yen; Wu, Chin-Hsiung; Machine Learning and Cybernetics (ICMLC), 2011 International Conference on; vol. 2; Publication Year: 2011 , pp. 717-722.
Metaware—An extensible malware detection and removal toolkit ; Chan Lee Yee; Lee Ling Chuan; Ismail, M.; Jumari, K.; Advanced Communication Technology (ICACT), 2011 13th International Conference on; Publication Year: 2011 , pp. 996-1000.
Sudharsanan, S., “Shared Key Encryption ofJPEG Color Images, Consumer Electronics.” IEEE Transactions on; vol. 51, Issue 4, Publication Year 2005. pp. 1204-1211.
Li et al., “An Adaptive Scalable Watermark Scheme for High-Quality Audio Archiving and Streaming Applications.” Multimedia and Expo, 2005. ICME 2005. IEEE International Conference on Publication Year 2005. pp. 1-4.
Chuan et al. “Automating Uncompressing and Static Analysis of Conficker Worm.” Communications (MICC). 2009 IEEE 9th Malaysia International Conference on. Publication Year 2009. pp. 193-198.
“Infectable Objects Part Four—Viruses in Archive Files and Compressed Files”, by Robert Vibert, Jan. 10, 2001.
“Advanced Virus Detection Scan Engine and DATs”, Copyright 2002, Network Associates Executive White Paper.
“McAfee VirusScan Security Suite”, Copyright 2001, McAfee / Network Associates.
“F-Secure Virus Descriptions”, Selection of Virus Alerts published by F-Secure, Inc. 2001-2003.
“How to Trick Anti-Virus Systems”, Dec. 24, 2003, GovernmentSecurity.org.
“Encrypted Email: Close One Door, Open Another”, by Veronica Cuello, Copyright 2001, SANS Institute InfoSec Reading Room.
“About Heuristics”, by Stephen Sladaritz, Copyright 2002, SANS Institute InfoSec Reading Room.
“One Virus Engine Is Not Enough: The Case for Maximizing Network Protection with Multiple Anti-Virus Scanners”, Copyright 2002, GFI Software.
Fossen Steven Michael
MacDonald Alexander Douglas
Fortinet, Inc.
Hamilton DeSanctis & Cha, LLP
Jung David Y
LandOfFree
Detection of undesired computer files in archives does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detection of undesired computer files in archives, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection of undesired computer files in archives will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4294757