Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2011-03-22
2011-03-22
Zand, Kambiz (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C714S038110, C713S152000, C713S177000, C713S188000
Reexamination Certificate
active
07913305
ABSTRACT:
A malware detection system that determines whether an executable code module is malware according to behaviors exhibited while executing is presented. The malware detection system determines the type of code module and executes the code module in a behavior evaluation module for evaluating code corresponding to the code module's type. Some behaviors exhibited by the code module, while executing in the behavior evaluation module, are recorded as the code module's behavior signature. After the code module has completed its execution, the code module's behavior signature is compared against known malware behavior signatures stored in a malware behavior signature store. A determination as to whether the code module is malware is based on the results of the comparison.
REFERENCES:
patent: 5485575 (1996-01-01), Chess et al.
patent: 5842002 (1998-11-01), Schnurer et al.
patent: 5983348 (1999-11-01), Shuang
patent: 6192512 (2001-02-01), Chess
patent: 6357008 (2002-03-01), Nachenberg
patent: 6594686 (2003-07-01), Edwards et al.
patent: 6907396 (2005-06-01), Muttik
patent: 6968461 (2005-11-01), Lucas et al.
patent: 7203681 (2007-04-01), Arnold et al.
patent: 7620990 (2009-11-01), Bodorin
patent: 2002/0035696 (2002-03-01), Thacker
patent: 2002/0056076 (2002-05-01), Van Der Made
patent: 2003/0014550 (2003-01-01), Fischer et al.
patent: 2003/0023865 (2003-01-01), Cowie et al.
patent: 2003/0065926 (2003-04-01), Schultz et al.
patent: 2003/0101381 (2003-05-01), Mateev et al.
patent: 2003/0110391 (2003-06-01), Wolff et al.
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2004/0015712 (2004-01-01), Szor
patent: 2004/0054917 (2004-03-01), Obrecht et al.
patent: 2004/0199827 (2004-10-01), Muttik et al.
patent: 2005/0132206 (2005-06-01), Palliyl et al.
patent: 2005/0172115 (2005-08-01), Bodorin
patent: 2005/0172337 (2005-08-01), Bodorin
patent: 2006/0248582 (2006-11-01), Panjwani et al.
White et al., “Anatomy of a commercial-Grade Immune System”, http://citeseer.ist.psu.edu/white99anatomy.html, 1999, pp. 1-28.
C. Ko, “Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach”, PhD Thesis, UC Davis, 1996.
Office Action mailed Mar. 23, 2007 cited in U.S. Appl. No. 10/769,097.
Office Action mailed Sep. 26, 2007 cited in U.S. Appl. No. 10/769,097.
Office Action mailed Jun. 11, 2008 cited in U.S. Appl. No. 10/769,097.
Office Action mailed Jan. 23, 2009 cited in U.S. Appl. No. 10/769,097.
Office Action mailed Sep. 29, 2009 cited in U.S. Appl. No. 10/769,097.
Office Action mailed Oct. 30, 2007 cited in U.S. Appl. No. 10/769,103.
Office Action mailed Jun. 17, 2008 cited in U.S. Appl. No. 10/769,103.
Office Action mailed Dec. 26, 2008 cited in U.S. Appl. No. 10/769,103.
Notice of Allowance mailed Jul. 20, 2009 cited in U.S. Appl. No. 10/769,103.
Notice of Allowance mailed Mar. 8, 2010 cited in U.S. Appl. No. 10/769,097.
Bodorin Daniel M.
Marinescu Adrian M.
Armouche Hadi
Microsoft Corporation
Workman Nydegger
Zand Kambiz
LandOfFree
System and method for detecting malware in an executable... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for detecting malware in an executable..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for detecting malware in an executable... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2626314