Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-05-16
2010-11-30
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C718S001000
Reexamination Certificate
active
07845009
ABSTRACT:
Detecting a rootkit in a computing system may be achieved by detecting, by a virtual machine monitor, a virtualization trap occurring as a result of an action by a rootkit executing in a computing system; and analyzing the virtualization trap to detect the presence of the rootkit in the computing system. Action may then be taken to block the rootkit activity to safeguard the computing system.
REFERENCES:
patent: 6907533 (2005-06-01), Sorkin et al.
patent: 6981155 (2005-12-01), Lyle et al.
patent: 7356844 (2008-04-01), Lyle et al.
patent: 7424710 (2008-09-01), Nelson et al.
patent: 7607173 (2009-10-01), Szor et al.
patent: 7640543 (2009-12-01), Vij et al.
patent: 2005/0080753 (2005-04-01), Vega et al.
patent: 2005/0081199 (2005-04-01), Traut
patent: 2006/0005184 (2006-01-01), Tewari et al.
patent: 2006/0095904 (2006-05-01), Gardner
patent: 2007/0079178 (2007-04-01), Gassoway
patent: 2008/0244114 (2008-10-01), Schluessler et al.
K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, and A.D. Keromytis. Detecting Targeted Attacks Using Shadow Honeypots. In Proceedings of the 2004 USENIX Security Symposium, Aug. 2005.
T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection Based Architecture for Intrusion Detection. In Proceedings of the 2003 Network and Distributed System Security Symposium (NDSS), Feb. 2003.
A. Joshi, S.T. King, G.W. Dunlap, and P.M. Chen. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the 2005 Symposium on Operating Systems Principles (SOSP), pp. 91-104, Oct. 2005.
Samuel T. King, Peter M. Chen, University of Michigan and Yi-Min Wang, Chad Verbowski, Helen J. Wang, Jacob R. Lorch, Microsoft Research. SubVirt: Implementing malware with virtual machines.
Caven & Aghevli LLC
Intel Corporation
Revak Christopher A
LandOfFree
Method and apparatus to detect kernel mode rootkit events... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus to detect kernel mode rootkit events..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus to detect kernel mode rootkit events... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4217528