Information security – Monitoring or scanning of software or data including attack...
Reexamination Certificate
2005-11-09
2010-02-16
Zand, Kambiz (Department: 2439)
Information security
Monitoring or scanning of software or data including attack...
C726S023000, C726S024000, C726S025000, C713S188000, C709S220000, C709S223000, C709S227000, C709S238000
Reexamination Certificate
active
07665136
ABSTRACT:
Methods and apparatuses for detecting hidden network channels of rootkit tools are described. In one embodiment, critical endpoint events detected at an endpoint computer system are selectively logged to an endpoint database. Also, critical network events associated with the endpoint computer system and detected on a network are selectively logged to a gateway database. Periodically some or all of the entries in the endpoint database are compared to entries in the gateway database. Entries detected at the network but not detected at the endpoint computer system are presumed indicative of hidden network channels of rootkit tools.
REFERENCES:
patent: 7058968 (2006-06-01), Rowland et al.
patent: 7571482 (2009-08-01), Polyakov et al.
patent: 2004/0117478 (2004-06-01), Triulzi et al.
patent: 2005/0229250 (2005-10-01), Ring et al.
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 2007/0079178 (2007-04-01), Gassoway
patent: 2007/0079373 (2007-04-01), Gassoway
Keong, T.C., ‘Defeating Kernel Native API Hookers by Direct Service Dispatch Table Restoration’, Special Interest Group in Security and Information Integrity (SIGΛ2), Oct. 3, 2004, entire document, http://www.security.org.sg/code/SIG2—DefeatingNativeAPIHookers.pdf.
Yin, H., et al, “Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis”, CCS'07, Oct. 29-Nov. 2, 2007, Copyright 2007 ACM 978-1-59593-703-02/07/0011, entire document, http://bitblaze.cs.berkeley.edu/papers/panorama.pdf.
Szor, P., “The Art of Computer Virus Research and Defense”, 2005, Addison-Wesley, pp. 425-436.
Baum Ronald
Gunnison Forrest
Gunnison McKay & Hodgson, L.L.P.
Symantec Corporation
Zand Kambiz
LandOfFree
Method and apparatus for detecting hidden network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for detecting hidden network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for detecting hidden network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4197880