Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2008-06-24
2008-06-24
Baum, Kristine (Department: 2139)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S024000, C726S025000, C713S188000
Reexamination Certificate
active
07392543
ABSTRACT:
Host computer systems automatically detect malicious code. The host computer systems automatically generate and send malicious code packets of the malicious code to a local analysis center (LAC) computer system. Based on the received malicious code packets, the LAC computer system provides a signature update to a network intrusion detection system. Further, the LAC computer system also automatically sends malicious code signatures of the malicious code to a global analysis center. In this manner, the spread of the malicious code is rapidly detected and prevented.
REFERENCES:
patent: 5598531 (1997-01-01), Hill
patent: 5696822 (1997-12-01), Nachenberg
patent: 5802178 (1998-09-01), Holden et al.
patent: 5822517 (1998-10-01), Dotan
patent: 6301699 (2001-10-01), Hollander et al.
patent: 6357008 (2002-03-01), Nachenberg
patent: 6412071 (2002-06-01), Hollander et al.
patent: 6546493 (2003-04-01), Magdych et al.
patent: 6728886 (2004-04-01), Ji et al.
patent: 7058821 (2006-06-01), Parekh et al.
patent: 7080408 (2006-07-01), Pak et al.
patent: 2003/0014662 (2003-01-01), Gupta et al.
patent: 2003/0061514 (2003-03-01), Bardsley et al.
patent: 2004/0064736 (2004-04-01), Obrecht et al.
patent: 2004/0250124 (2004-12-01), Chesla et al.
patent: 1 315 066 (2003-05-01), None
Sung, A.H., et al, ‘Static Analyzer of Vicious Executables (SAVE)’, IEEE, ACSAC 2004, entire document, http://ieeexplore.ieee.org/iel5/9473/30059/01377239.pdf?arnumber=1377239.
Szor, P., “Attacks on WIN32”, Virus Bulletin Conference, Oct. 1998, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 57-84.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-22.
Szor, P., “Attacks on WIN32-Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 47-68.
Chien, E. and Szor, P., “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques In Computer Viruses”, Virus Bulletin Conference, Sep. 2002, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-36.
Buysse, J., “Virtual Memory: Window NT® Implementation”, pp. 1-15 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet: <URL:http://people.msoe.edu/˜barnicks/courses/cs384/papers19992000/buyssej-Term.pdf>.
Dabak, P., Borate, M. and Phadke, S., “Hooking Windows NT System Services”, pp. 1-8 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.windowsitlibrary.com/Content/356/06/2.html>.
“How Entercept Protects: System Call Interception”, pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/kernelmode.asp>. No author provided.
“How Entercept Protects: System Call Interception”, p. 1 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/interception.asp>. No author provided.
Kath, R., “The Virtual-Memory Manager in Windows NT”, pp. 1-11 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://msdn.microsoft.com/library/en-us/dngenlib/html/msdn—ntvmm.asp?frame=true>.
Szor, P. and Kaspersky, E., “The Evolution of 32-Bit Windows Viruses”, Windows & .NET Magazine, pp. 1-4 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.winnetmag.com/Articles/Print.cfm?ArticleID=8773>.
Szor, P., “The New 32-bit Medusa”, Virus Bulletin, Dec. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 8-10.
Szor, P., “Shelling Out”, Virus Bulletin, Feb. 1997, Virus Bulletin Ltd:, The Pentagon, Abingdon, Oxfordshire, England, pp. 6-7.
McCorkendale, B. and Szor, P., “Code Red Buffer Overflow”, Virus Bulletin, Sep. 2001, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 4-5.
Nachenberg, C., “A New Technique for Detecting Polymorphic Computer Viruses”, University of California, Los Angeles, 1995.
“INFO: CreateFileMapping( ) SEC—* Flags”, pp. 1-2 [online]. Retrieved on Sep. 24, 2003. Retrieved from the Internet: <URL:http://support.Microsoft.com/default.aspx?scid=http://support.Microsoft.com:80/support/kb/articles/Q108/2/31.asp&NoWebContent=1> No author provided.
“CreateFileMapping”, pp. 1-5 [online]. Retrieved on Sep. 10, 2003. Retrieved from the Internet:<URL:http://msdn.Microsoft.com/library/en-us/fileio/base/createfilemapping.asp?frame=true> No author provided.
Kephart et al., “Blueprint for a Computer Immune System” pp. 1-14 [Online], Oct. 1, 1997. Retrieved on Jul. 7, 1999 from the Internet: <URL:http://www.av.ibm.com/InsideTheLab/Bookshelf/ScientificPapers/Kephart/VB>. (XP002108500).
White et al., “Anatomy of a Commercial-Grade Immune System”, pp. 1-28 [Online], Jun. 1999. Retrieved on Dec. 10, 2004 from the Internet: <URL:http://www.research.ibm.com/antivirus/SciPapers/White/Anatomy/Anatomy.PD>. (XP002310183).
Kephart, “A Biologically Inspired Immune System for Computers”,Proceedings of the International Workshop on the Synthesis and Simulation of Living Systems, pp. 130-139, 1994. (XP001059743).
Symantec, “The Digital Immune System—Enterprise-Grade Anti-Virus Automation in the 21stCentury”,Symantec Technical Brief, pp. 1-14 [Online], 2001. Retrieved on Dec. 1, 2006 from the Internet: <URL:http://securityresponse.symantec.com/avcenter/reference/dis.tech.brief.pdf>. (XP002410639).
Baum Kristine
Baum Ronald
Gunnison McKay & Hodgson, L.L.P.
Hodgson Serge J.
Symantec Corporation
LandOfFree
Signature extraction system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Signature extraction system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Signature extraction system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2808216