Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2005-10-05
2010-11-23
Smithers, Matthew B (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S024000
Reexamination Certificate
active
07841006
ABSTRACT:
In accordance with a particular embodiment of the present invention, a method of detecting kernel level rootkits includes requesting first information from a kernel level process, the first information including first contents. The first information is received at a user level process. The method also includes compiling second information at kernel level, the second information including second contents corresponding to an expected first contents of the first information. The first contents are compared to the second contents.
REFERENCES:
patent: 7631357 (2009-12-01), Stringham
patent: 2005/0204205 (2005-09-01), Ring et al.
patent: 2007/0022287 (2007-01-01), Beck et al.
patent: 2007/0055711 (2007-03-01), Polyakov et al.
Joanna Rutkowska: “Thoughts about Cross-View based Rootkit Detection”, Jun. 2005, Online resource—http://www.invisiblethings.org/papers/crossview—detection—thoughts.pdf.
Yi-Min Wang et al.: “Detecting stealth software with Strider GhostBuster”, Jun. 28-Jul. 1, 2005, IEEE, ISBN: 0-7695-2282-3, On pp. 368-377.
Arturo Alberto Busleiman, Detecting and Understa(n)ding Rootkits, Sep. 2003, Free Software Foundation, http://www.net-security.org/dl/articles/Detecting—and—Understanding—rootkits.txt.
T.C. Keong: “Win2K Kernel Hidden Process/Module Checker 0.1 (Proof-of-Concept)” Security and Information Integrity [Online] May 27, 2005, XP-002421381; retrieved from the Internet: URL:http://www.security.org.sg/code/kproccheck.html; the whole document.
Joanna Rutkowska: “Thoughts about Cross-View based Rootkit Detection” [Online] Jun. 2005, pp. 1-3, XP-00242117; retrieved from the Internet: URL:http://www.invisiblethings.org/papers/crossview—detection—throughts.pdf; the whole document.
Yi-Min Wang, et al.: “Detecting Stealth Software with Strider GhostBuster” Dependable Systems and Networks, 2005. DSN 2005. Proceedings. International Conference on Yokohama, Japan 28-01 Jun. 2005, Piscataway, NJ, USA, IEEE, Jun. 28, 2005, pp. 368-377, XP-10817813.
PCT Notification of Transmittal of the International Search Report with attached PCT International Search Report and Written Opinion of the International Searching Authority in International Application No. PCT/US2006/039087 filed Oct. 4, 2006 (10 pages), Mailed Mar. 20, 2007.
Baker & Botts L.L.P.
Computer Associates Think Inc.
Sims Jing
Smithers Matthew B
LandOfFree
Discovery of kernel rootkits by detecting hidden information does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Discovery of kernel rootkits by detecting hidden information, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Discovery of kernel rootkits by detecting hidden information will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4159300