Cryptography – Key management – Having particular key generator
Patent
1995-04-14
1995-09-19
Beausoliel, Jr., Robert W.
Cryptography
Key management
Having particular key generator
380 4, G06F 1100
Patent
active
054524423
ABSTRACT:
A method, and apparatus for accomplishing the method, to extract and/or evaluate a signature of a computer virus or other undesirable software entity. The method includes a first step of inputting to a digital data processor at least one portion of a undesirable software entity, the at least one portion including a sequence of bytes of the undesirable software entity that is likely to remain substantially invariant from one instance of that entity to another instance, and it is from this portion or portions that candidate computer virus signatures are drawn. A second step constructs a list of unique n-grams from the sequence of bytes, each of the unique n-grams being comprised of from one to a specified maximum number of sequential bytes of the sequence of bytes. A third step estimates, for each of the unique n-grams, a probability of an occurrence of a unique n-gram within sequences of bytes obtained from a corpus of computer programs that are typically executed upon the digital data processor. For each candidate signature that is comprised of one or more of the unique n-grams, a fourth step estimates a probability of an occurrence of the candidate virus signature within the sequences of bytes obtained from the corpus. A fifth step accepts the candidate signature as a valid signature if the estimated probability of the occurrence of the candidate virus signature is less than a threshold probability. The threshold probabilities have values selected to reduce the possibility of an occurrence of a false positive indication during the subsequent use of the valid virus signature by a virus scanner.
REFERENCES:
patent: 5062045 (1991-10-01), Janis et al.
patent: 5084816 (1992-01-01), Boese et al.
patent: 5121345 (1992-01-01), Lentz
patent: 5200958 (1993-04-01), Hamilton et al.
patent: 5218605 (1993-01-01), Low et al.
patent: 5255208 (1993-10-01), Thakore et al.
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5291590 (1994-03-01), Ohnishi et al.
patent: 5297150 (1994-03-01), Clark
patent: 5319776 (1994-06-01), Hile et al.
Qasem et al "AI Trends in Virus Control" 1991 IEEE Proc. of South Eastcon pp. 99-103 vol. 1.
Crocker et al "A Proposal for a Verification-Based Virus Filler" 1989 IEEE Symposium Security & Privacy pp. 319-324.
Kephart et al "Directed Graph Epidemiological Module of Computer Viruses" 1991 IEEE Computer Society Symposium on Research in Security & Privacy pp. 343-359.
Kumar et al "A Generic Virus Scanner in C++" 1992 8th Ann. Computer Security Applications Proceedings pp. 210-219.
Shoutkov et al "Computer Viruses: Ways of Reproduction in MS DOS" 25th Ann. 1991 IEEE International Carnahan Conf. on Security Tech. pp.: 168-176.
S. W. Shieh et al. "A Pattern-Oriented Intrusion-Detection Model and its Applications", Proceedings of the 1991 IEEE Computer Society Symposium on Research and Privacy, pp. 327-342.
H. S. Javitz et al. "The SRI IDES Statistical Anomaly Detector", Proceedings of the 1991 IEEE Computer Symposium on Research in Security and Privacy, pp. 316-326.
W. Arnold et al. "System for Detecting Undesired Alteration of Software", IBM TDB, vol. 32, No. 11, Apr. 1990, pp. 48-50.
S. M. Katz, "Estimation of Probabilities from Sparse Data for the Language Model Component of a Speech Recognizer", IEEE Trans. ASSP-35, No. 3, Mar. 1987, pp. 400-401.
F. Cohen, A Short Course on Computer Viruses, ASP Press, Pittsburg, 1990, pp. 9-15.
Beausoliel, Jr. Robert W.
International Business Machines - Corporation
Palys Joseph E.
LandOfFree
Methods and apparatus for evaluating and extracting signatures o does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods and apparatus for evaluating and extracting signatures o, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods and apparatus for evaluating and extracting signatures o will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-1835694