Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2007-10-02
2009-11-17
Moise, Emmanuel L (Department: 2437)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C726S022000, C726S023000
Reexamination Certificate
active
07620992
ABSTRACT:
Malicious behavior of a computer program is detected using an emulation engine, an event detector and an event analyzer. The emulation engine includes a system emulator configured to emulate, in an isolated computer environment, at least a part of a computer system and a program emulator configured to emulate in the isolated computer environment execution of the computer program, including execution of a plurality of executable components of the computer program, such as execution processes and threads. The event detector is configured to monitor events being generated by two or more of the executable components. The event analyzer is configured to determine, substantially in real time, based at least on one or more events generated by each of two or more of the plurality of executable components whether or not the computer program exhibits malicious behavior, wherein individually one or more of the plurality of executable components may exhibit benign behavior.
REFERENCES:
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5999723 (1999-12-01), Nachenberg
patent: 6775780 (2004-08-01), Muttik et al.
patent: 7089428 (2006-08-01), Farley et al.
patent: 7093239 (2006-08-01), van der Made
patent: 7103913 (2006-09-01), Arnold et al.
patent: 7146305 (2006-12-01), van der Made
patent: 7231667 (2007-06-01), Jordan et al.
patent: 7243373 (2007-07-01), Muttik et al.
patent: 2002/0078368 (2002-06-01), Yann et al.
patent: 2003/0115479 (2003-06-01), Edwards et al.
patent: 2003/0135791 (2003-07-01), Natvig
patent: 2003/0212902 (2003-11-01), van der Made
patent: 2004/0133796 (2004-07-01), Cohen et al.
patent: 2004/0243829 (2004-12-01), Jordan
patent: 2004/0255165 (2004-12-01), Szor
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 2006/0265746 (2006-11-01), Farley et al.
patent: 2007/0169197 (2007-07-01), Horne
Lee et al. Behavior Classification May 2006 EICAR Conference pp. 1-17.
Kurt Natvig SandboxII: Internet Sep. 2002 Virus Bulletin Conference pp. 1-18.
Willems et al. Toward Automated Dynamic Malware Analysis Using CW Sandbox Mar. 2007 IEEE Security and Privacy, vol. 5, No. 2 pp. 32-39.
Mori et al. A Tool for Analyzing and Detecting Malicious Mobile Code May 20-28, 2006 ICSE '06 pp. 831-834.
Akira Mori Detecting Unknown Computer Viruses—A New Approach Nov. 2, 2004 Lecture Notes in Computer Science Springer Berlin/ Heidelberg vol. 3233/2004 pp. 226-241.
Prabhat Singh et al., “The International Publication on Computer Virus Prevention, Recognition and Removal,” Virus Bulletin, Dec. 2004; pp. 8-12.
Eric Uday Kumar et al., “The International Publication on Computer Virus Prevention, Recognition and Removal,” Apr. 2005.
Peter Ferrie, “Fighting Malware and Spaml,” Virus Bulletin, Feb. 2007 pp. 4-5. USA.
Manuel Egele et al., “Dynamic Spyware Analysis,” Secure Systems Lab., 2007.
European Search Report issued Jul. 14, 2009 in European Application No. 09155264.6.
Monastyrsky Alexey V.
Pavlyushchik Mikhail A.
Sobko Andrey V.
Arent & Fox LLP
Fainberg Michael
Kaspersky Lab ZAO
Moise Emmanuel L
Pearson David J
LandOfFree
System and method for detecting multi-component malware does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for detecting multi-component malware, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for detecting multi-component malware will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4125164