Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-07-23
2009-02-03
Sheikh, Ayaz (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S025000, C713S151000, C713S188000
Reexamination Certificate
active
07487543
ABSTRACT:
A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.
REFERENCES:
patent: 5398196 (1995-03-01), Chambers
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5636371 (1997-06-01), Yu
patent: 5734865 (1998-03-01), Yu
patent: 5812826 (1998-09-01), McLain, Jr.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5889943 (1999-03-01), Ji et al.
patent: 5978917 (1999-11-01), Chi
patent: 6006328 (1999-12-01), Drake
patent: 6192512 (2001-02-01), Chess
patent: 6711615 (2004-03-01), Porras et al.
patent: 6772345 (2004-08-01), Shetty
patent: 6785820 (2004-08-01), Muttik et al.
patent: 6842861 (2005-01-01), Cox et al.
patent: 6886099 (2005-04-01), Smithson et al.
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0115485 (2003-06-01), Milliken
patent: 2003/0212902 (2003-11-01), van der Made
patent: 2004/0093514 (2004-05-01), Piazza et al.
patent: 2004/0111531 (2004-06-01), Staniford et al.
patent: 2004/0117640 (2004-06-01), Chu et al.
patent: 2005/0188215 (2005-08-01), Shulman et al.
patent: 2005/0198519 (2005-09-01), Tamura et al.
patent: 2006/0021054 (2006-01-01), Costa et al.
patent: 2006/0095970 (2006-05-01), Rajagopal et al.
patent: 2006/0137012 (2006-06-01), Aaron
patent: 2007/0043858 (2007-02-01), Lee
patent: 1507382 (2005-02-01), None
patent: WO-02/06928 (2002-01-01), None
patent: WO 2006137657 (2006-12-01), None
patent: WO 2007038517 (2007-04-01), None
Cifuentes et al, Computer Security Analysis Through Decompilation and High-Level Debugging, Oct. 2001, IEEE, pp. 375-380.
Moskovitch et al, Detection of Unknown Computer Worms Activity Based on Computer Behavior using Data Mining, 2007, IEEE, pp. 169-177.
Gu et al, Worm detection, early warning and response based on local victim information, 2004, IEEE, pp. 136-145.
Cai et al, Worm Shield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation, 2007, IEEE, pp. 88-104.
Anonymous, Covad Enhances Network Protection Against Denial of Service and Bot and Worm Attacks, 2008, Business Wire, p. 1.
Burnett, Mark, “Securing Microsoft Services”, May 22, 2002, 4 pgs, website article www.securityfocus.com.
U.S. Appl. No. 09/640,453, filed Aug. 17, 2000.
Kephart, J. et al., “An Immune System For Cyberspace”, IEEE, 1997, pp. 879-884.
Kephart, J. et al., “Biologically Inspired Defenses Against Computer Viruses”, not dated, pp. 985-996.
Cohen, F., “A Short Course on Computer Viruses”, ASP Press, Pittsburgh, PA, 1990, pp. 9-15.
Shieh, S.W., et al., “A Pattern-Oriented Intrusion-Detection Model and Its Applications”, IEEE 1991, pp. 327-342.
Arnold William C.
Chess David M.
Morar John F.
Segal Alla
Whalley Ian N.
Harrington & Smith PC
International Business Machines - Corporation
Moorthy Aravind K
Sheikh Ayaz
LandOfFree
Method and apparatus for the automatic determination of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for the automatic determination of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for the automatic determination of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4104014