Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-11-06
2007-11-06
Moise, Emmanuel L. (Department: 2137)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S188000
Reexamination Certificate
active
10360381
ABSTRACT:
Methods, apparati, and computer-readable media for detecting malicious computer code in a host computer (1). A method embodiment of the present invention comprises the steps of determining (32) whether data leaving the host computer (1) is addressed to exit a port (15) of the host computer (1) where outbound executable content normally does not appear; when the data is addressed to exit such a port (15), determining (33) whether a string (24) from a pre-established runtime database (9) of executable threads is present in said data; and when a string (24) from said runtime database (9) is present in said data, declaring (34) a suspicion of presence of malicious computer code in said data.
REFERENCES:
patent: 5398196 (1995-03-01), Chambers
patent: 5452442 (1995-09-01), Kephart
patent: 5495607 (1996-02-01), Pisello et al.
patent: 5572590 (1996-11-01), Chess
patent: 5675710 (1997-10-01), Lewis
patent: 5694569 (1997-12-01), Fischer
patent: 5826249 (1998-10-01), Skeirik
patent: 5832208 (1998-11-01), Chen et al.
patent: 5832527 (1998-11-01), Kawaguchi
patent: 5854916 (1998-12-01), Nachenberg
patent: 5884033 (1999-03-01), Duvall et al.
patent: 5944821 (1999-08-01), Angelo
patent: 5974549 (1999-10-01), Golan
patent: 6006242 (1999-12-01), Poole et al.
patent: 6021510 (2000-02-01), Nachenberg
patent: 6023723 (2000-02-01), McCormick et al.
patent: 6052709 (2000-04-01), Paul
patent: 6072942 (2000-06-01), Stockwell et al.
patent: 6088803 (2000-07-01), Tso et al.
patent: 6092194 (2000-07-01), Touboul
patent: 6094731 (2000-07-01), Waldin et al.
patent: 6119236 (2000-09-01), Shipley
patent: 6125459 (2000-09-01), Andoh et al.
patent: 6161130 (2000-12-01), Horvitz et al.
patent: 6167434 (2000-12-01), Pang
patent: 6253169 (2001-06-01), Apte et al.
patent: 6298351 (2001-10-01), Castelli et al.
patent: 6347310 (2002-02-01), Passera
patent: 6370526 (2002-04-01), Agrawal et al.
patent: 6397200 (2002-05-01), Lynch et al.
patent: 6397215 (2002-05-01), Kreulen et al.
patent: 6401122 (2002-06-01), Matsui et al.
patent: 6421709 (2002-07-01), McCormick et al.
patent: 6424960 (2002-07-01), Lee et al.
patent: 6442606 (2002-08-01), Subbaroyan et al.
patent: 6456991 (2002-09-01), Srinivasa et al.
patent: 6493007 (2002-12-01), Pang
patent: 6502082 (2002-12-01), Toyama et al.
patent: 6505167 (2003-01-01), Horvitz et al.
patent: 6546416 (2003-04-01), Kirsch
patent: 6721721 (2004-04-01), Bates et al.
patent: 6751789 (2004-06-01), Berry et al.
patent: 6772346 (2004-08-01), Chess et al.
patent: 6842861 (2005-01-01), Cox et al.
patent: 6886099 (2005-04-01), Smithson et al.
patent: 6931540 (2005-08-01), Edwards et al.
patent: 6944555 (2005-09-01), Blackett et al.
patent: 6952779 (2005-10-01), Cohen et al.
patent: 6973578 (2005-12-01), McIchionc
patent: 7024403 (2006-04-01), Kyler
patent: 2002/0035693 (2002-03-01), Eyres et al.
patent: 2002/0038308 (2002-03-01), Cappi
patent: 2002/0046207 (2002-04-01), Chino et al.
patent: 2002/0059078 (2002-05-01), Valdes et al.
patent: 2002/0073046 (2002-06-01), David
patent: 2002/0087649 (2002-07-01), Horvitz
patent: 2002/0138525 (2002-09-01), Karadimitriou et al.
patent: 2002/0144156 (2002-10-01), Copeland, III
patent: 2002/0147694 (2002-10-01), Dempsey et al.
patent: 2002/0147782 (2002-10-01), Dimitrova et al.
patent: 2002/0178375 (2002-11-01), Whittaker et al.
patent: 2002/0194488 (2002-12-01), Cormack et al.
patent: 2002/0194489 (2002-12-01), Almogy et al.
patent: 2002/0199186 (2002-12-01), Ali et al.
patent: 2002/0199194 (2002-12-01), Ali
patent: 2003/0023875 (2003-01-01), Hursey et al.
patent: 2003/0033587 (2003-02-01), Ferguson et al.
patent: 2003/0061287 (2003-03-01), Yu et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0110280 (2003-06-01), Hinchliffe et al.
patent: 2003/0110393 (2003-06-01), Brock et al.
patent: 2003/0110395 (2003-06-01), Presotto et al.
patent: 2003/0115458 (2003-06-01), Song
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2003/0140049 (2003-07-01), Radatti
patent: 2003/0145213 (2003-07-01), Carbone
patent: 2003/0154394 (2003-08-01), Levin
patent: 2003/0167402 (2003-09-01), Stolfo et al.
patent: 2003/0233352 (2003-12-01), Baker
patent: 2004/0015554 (2004-01-01), Wilson
patent: 2004/0039921 (2004-02-01), Chuang
patent: 2004/0103310 (2004-05-01), Sobel et al.
patent: 2004/0117401 (2004-06-01), Miyata et al.
patent: 2004/0117641 (2004-06-01), Kennedy et al.
patent: 2004/0220975 (2004-11-01), Carpentier et al.
patent: 0636977 (1995-02-01), None
patent: 1408393 (2004-04-01), None
patent: WO 93/25024 (1993-12-01), None
patent: WO 99/15966 (1999-04-01), None
patent: WO 00/28420 (2000-05-01), None
patent: WO 02/33525 (2002-04-01), None
Nachenberg, Carey, “Behavior Blocking: The Next Step in Anti-Virus Protection,” Mar. 19, 2002, pp. 1-5.
Burchell, Jonathan, “NetShield 1.5”, Virus Bulletin, Aug. 1994, pp. 21-23, XP 000617453.
Morar, J. E. and Chess, D. M., “Can Cryptography Prevent Computer Viruses?”, Virus Bulletin Conference 2000, Sep. 2000, pp. 127-138, Virus Bulletin Ltd., Oxfordshire, England.
Wikipedia.org web pages [online], Wikipedia, [retrieved Mar. 17, 2003] Retrieved from the Internet: <ULR: http://www.wikipedia.org/w/wiki.phintl?title=machine learning and printable=yes>.
Outlook.spambully.com web pages [online] Spam Bully [retrieved Jan. 16, 2003] Copyright 2002, Retrieved from the Internet <URL: http://outlook.spambully.com/about.php>.
“Enterprise Protection Strategy” [online] Trend Micro Inc. [retrieved Dec. 3, 2002] Retrieved from the Internet: <URL: http://www.trendmicro.com/en/products/eps/features/htm>.
“How to Test Outbreak Commander”, :Trend Micro Inc., Aug. 2002, pp. 1-13, Cupertino, CA.
Choi, Yang-Seo, et al., “A New Stack Buffer Overflow Hacking Defense Technique with Memory Address Confirmation”, Lecture Notes in Computer Science 2288, 2002, pp. 146-159, Springer Verlog, Berlin and Heidelsberg, Germany.
Chew, Monica and Dawn Song, “Mitigating Buffer Overflows by Operating System Randomization”, Dec. 2000, pp. 1-9, U.C. Berkeley, CA USA.
Bolosky, W., Corbin, S., Goebel, D., and Douceur, J., “Single Instance Storage in Windows 2000”, Microsoft Research, Balder Technology Group, Inc., [online] [retrieved Oct. 11, 2002] Retrieved from the Internet <URL: http://research.microsoft. com/sn/farsite/wss2000.pdf>.
Bontchev, Vesselin, “Possible Macro Virus Attacks and How to Prevent Them”, Computer & Security, vol. 15, No. 7, pp. 595-626, 1996.
Fenwick & West LLP
Moise Emmanuel L.
Pyzocha Michael
Symantec Corporation
LandOfFree
Dynamic detection of computer worms does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Dynamic detection of computer worms, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Dynamic detection of computer worms will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3886811