Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-08-08
2006-08-08
Song, Hosuk (Department: 2135)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S025000
Reexamination Certificate
active
07089591
ABSTRACT:
A computer-implemented method, apparatus, and computer readable medium for detecting publicly identified and publicly unidentified macro viruses within code (15) adapted for use on a digital computer (1). A detection module (17) analyzes the code (15) to determine whether the code (15) contains instructions causing a macro (8) to be moved to a global environment (13), and whether said code (15) also contains instructions causing the same macro (8) to be copied to a local document (11). When these two conditions are satisfied, detection module (17) declares that a macro virus is present within the code (8). A repair module (19) can be coupled to the detection module (17) and to the code (15) for deleting the code (15) when the detection module (17) declares that the code (15) contains a macro virus. If the user of the detection module (17) is willing to accept a slight penalty in terms of increased detection time, detection module (17) can be made to handle string concatenation operators, proxied variable names, program calls, and/or substituted object names.
REFERENCES:
patent: 5398196 (1995-03-01), Chambers
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5473769 (1995-12-01), Cozza
patent: 5572590 (1996-11-01), Chess
patent: 5696822 (1997-12-01), Nachenberg
patent: 5715174 (1998-02-01), Cotichini et al.
patent: 5715464 (1998-02-01), Crump et al.
patent: 5812763 (1998-09-01), Teng
patent: 5889943 (1999-03-01), Ji et al.
patent: 5951698 (1999-09-01), Chen et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5960170 (1999-09-01), Chen et al.
patent: 5978917 (1999-11-01), Chi
patent: 5987610 (1999-11-01), Franczek et al.
patent: 6052709 (2000-04-01), Paul
patent: 6070244 (2000-05-01), Orchier et al.
patent: 6072830 (2000-06-01), Proctor et al.
patent: 6088803 (2000-07-01), Tso et al.
patent: 6104872 (2000-08-01), Kubota et al.
patent: 6108799 (2000-08-01), Boulay et al.
patent: 6167434 (2000-12-01), Pang
patent: 6192379 (2001-02-01), Bekenn
patent: 6199181 (2001-03-01), Rechef et al.
patent: 6275938 (2001-08-01), Bond et al.
patent: 6338141 (2002-01-01), Wells
patent: 6357008 (2002-03-01), Nachenberg
patent: 6370648 (2002-04-01), Diep
patent: 6493007 (2002-12-01), Pang
patent: 6552814 (2003-04-01), Okimoto et al.
patent: 6622150 (2003-09-01), Kouznetsov et al.
patent: 6678734 (2004-01-01), Haatainen et al.
patent: 6697950 (2004-02-01), Ko
patent: 6748534 (2004-06-01), Gryaznov et al.
patent: 6763462 (2004-07-01), Marsh
patent: 6813712 (2004-11-01), Luke
patent: 6851057 (2005-02-01), Nachenberg
patent: 6910134 (2005-06-01), Maher, III et al.
patent: 2002/0004908 (2002-01-01), Galea
patent: 2002/0035696 (2002-03-01), Thacker
patent: 2002/0046275 (2002-04-01), Crosbie et al.
patent: 2002/0083175 (2002-06-01), Afek et al.
patent: 2002/0091940 (2002-07-01), Wellborn et al.
patent: 2002/0157008 (2002-10-01), Radatti
patent: 2002/0162015 (2002-10-01), Tang
patent: 2002/0178374 (2002-11-01), Swimmer et al.
patent: 2003/0051026 (2003-03-01), Carter et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2003/0120951 (2003-06-01), Gartside et al.
patent: 2003/0126449 (2003-07-01), Kelly et al.
patent: 2003/0191966 (2003-10-01), Gleichauf
patent: 2003/0212902 (2003-11-01), Van der Made
patent: 2003/0236995 (2003-12-01), Fretwell
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0015726 (2004-01-01), Szor
patent: 2004/0030913 (2004-02-01), Liang et al.
patent: 2004/0158730 (2004-08-01), Sarkar
patent: 2005/0021740 (2005-01-01), Bar et al.
patent: 2005/0044406 (2005-02-01), Stute
patent: 2005/0132205 (2005-06-01), Palliyil et al.
patent: 2005/0177736 (2005-08-01), De los Santos et al.
patent: 2005/0204150 (2005-09-01), Peikari
patent: 2006/0064755 (2006-03-01), Azadet et al.
patent: 100 21 686 (2001-11-01), None
patent: 1 280 039 (2003-01-01), None
patent: 2 364 142 (2002-01-01), None
patent: WO 97/39399 (1997-10-01), None
patent: WO 01/91403 (2001-11-01), None
patent: WO 02/05072 (2002-01-01), None
Kephart, Jeffrey & Sorkin, Gregory & Swimmer, Morton: An Immune System For Cyberspace, IBM Thomas J. Watson Research Center, IEEE 1997, pp. 879-884.
Parkhouse, Jayne, “Pelican Safe TNet 2.0” [online], Jun. 2000, SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL:http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Szor, P. and Ferrie, P., “Hunting for Metamorphic”, Virus Bulletin Conference, Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England, pp. 123-144.
Szor, P. and Ferrie, P., Attacks on Win32, Virus Bulletin Conference, Sep. 1998, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England, pp. 57-84.
Szor, P. and Ferrie, P., “Attacks in Win32 Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England, pp. 47-68.
Von Babo, Michael, “Zehn Mythrum Computerviren: Dichtug Und Wahrheit Uber Den Schrecken Des Informatkzeitlers,” Technische Kundschau, Hallwag, Bern CH vol. 84, No. 36, Sep. 4, 1992, pp. 44-47.
Delio, M., “Virus Throttle a Hopeful Defense”,. Wired News, retrieved from Internet http://www.wired.com
ews/print/0, 1294, 56753, 00.html Jan. 1, 2003.
“System File Protection and Windows ME”, [online], last updated Dec. 4, 2001, [retrieved on Apr. 9,. 2002] Retrieved from the Internet: <URL: http://222.Microsoft.com/hwdev/archives/sfp/winME—sfpP.asp>.
“Description of Windows 2000 Windows File Protection Feature (Q222193)”, [online], first published May 26, 1999, last modified Jan. 12, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet <URL:http://support.microsoft.com/default.aspx?scid=kb:EN-US;q222193>.
“Software: Windows ME; Windows ME and System File Protection”, [online] last updated Mar. 11, 2002, [retrieved on Apr. 9, 2002] Retrieved from the Internet: <URL: http//www.wackyb.co.nz/mesfp.html>.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abington, Oxfordshire, England, pp. 1-22.
Von Babo, Michael, “Zehn Mythen um Computerviren: Dichtung und Wahrheit Ober den Schrecken des Informatikzeitalters,” 1155 Technische Rundschau, Bern, Switzerland, vol. 84, No. 36. Sep. 4, 1992, pp. 44-47.
Toth et al., “Connection-history based anomaly detection”, Proceedings of the 2002 IEEE Workshop on Information Assurance and Security, West Point, NY, Jun. 17-19, 2002. pp. 30-35.
Ha Leynna
Song Hosuk
Sonnenschein Nath & Rosenthal LLP
Symantec Corporation
LandOfFree
Generic detection and elimination of marco viruses does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Generic detection and elimination of marco viruses, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Generic detection and elimination of marco viruses will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3614032