Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-07-30
2009-02-03
Barron, Jr., Gilberto (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S188000
Reexamination Certificate
active
07487544
ABSTRACT:
A system and methods for detecting malicious executable attachments at an email processing application of a computer system using data mining techniques. The email processing application may be located at the server or at the client or host. The executable attachments are filtered from said email, and byte sequence features are extracted from the executable attachment. The executable attachments are classified by comparing the byte sequence feature of the executable attachment to a classification rule set derived from byte sequence features of a data set of known executables having a predetermined class in a set of classes, e.g., malicious or benign. The system is also able to classify executable attachments as borderline when the difference between the probability that the executable is malicious and the probability that the executable is benign are within a predetermined threshold. The system can notify the user when the number of borderline attachments exceeds the threshold in order to refine the classification rule set.
REFERENCES:
patent: 5452442 (1995-09-01), Kephart et al.
patent: 5485575 (1996-01-01), Chess et al.
patent: 5675711 (1997-10-01), Kephart et al.
patent: 5765170 (1998-06-01), Morikawa
patent: 5832208 (1998-11-01), Chen et al.
patent: 6016546 (2000-01-01), Kephart et al.
patent: 6161130 (2000-12-01), Horvitz et al.
patent: 6275850 (2001-08-01), Beyda et al.
patent: 6598076 (2003-07-01), Chang et al.
patent: 6778995 (2004-08-01), Gallivan
patent: 6820081 (2004-11-01), Kawai et al.
patent: 6826609 (2004-11-01), Smith et al.
patent: 6888548 (2005-05-01), Gallivan
patent: 6978274 (2005-12-01), Gallivan et al.
patent: 7035876 (2006-04-01), Kawai et al.
patent: 7080076 (2006-07-01), Williamson et al.
patent: 2002/0059383 (2002-05-01), Katsuda
patent: 2002/0065892 (2002-05-01), Malik
Jeffrey O. Kephart and William C. Arnold, “Automatic Extraction of Computer Virus Signatures,”4th Virus Bulletin International Conference, pp. 178-184, 1994.
R Kohavi, “A study of cross-validation and boot-strap for accuracy estimation and model selection,”IJCAI, 1995.
Ronald L. Rivest. “The MD5 Message Digest Algorithm.” published as Internet RFC 1321, Apr. 1992. http://www.freesoft.org/CIE/RFC/1321/.
Stephen R. van den Berg and Philip Guenther, “Procmail.” online publication, 2001. http://www.procmail.org.
Steve R. White, Morton Swimmer, Edward J. Pring, William C. Arnold, David M. Chess, and John F. Morar, “Anatomy of a Commercial-Grade Immune System,” IBM Research White Paper, 1999.
Eleazar Eskin et al. “System and Methods for Intrusion Detection with Dynamic Window Sizes,” filed Jul. 30, 2000, U.S. Appl. No. 10/208,402.
U.S. Appl. No. 10/352,343, filed Jan. 27, 2003 claiming priority to P34981 (070050.1936) U.S. Appl. No. 60/351,857, filed Jan. 25, 2001, entitled “Behavior Based Anomaly Detection For Host-Based Systems For Detection Of Intrusion In Computer Systems,” of Frank Apap, Andrew Honig, Shlomo Hershkop, Eleazar Eskin and Salvatore J. Stolfo.
U.S. Appl. No. 10/352,342, filed Jan. 27, 2003 claiming priority to U.S. Appl. No. 60/351,913, filed Jan. 25, 2002, entitled “Data Warehouse Architecture For Adaptive Model Generation Capability In Systems For Detecting Intrusion In Computer Systems,” of Salvatore J. Stolfo, Eleazar Eskin, Matthew Miller, Juxin Zhang and Zhi-Da Zhong.
U.S. Appl. No. 10/327,811, filed Dec. 19, 2002 claiming priority to U.S. Appl. No. 60/342,872, filed Dec. 20, 2001, entitled “System And Methods for Detecting A Denial-Of-Service Attack On A Computer System” of Salvatore J. Stolfo, Shlomo Hershkop, Rahul Bhan, Suhail Mohiuddin and Eleazar Eskin.
U.S. Appl. No. 10/320,259, filed Dec. 16, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/352,894, filed Jan. 29, 2002, entitled “Methods of Unsupervised Anomaly Detection Using A Geometric Framework” of Eleazar Eskin, Salvatore J. Stolfo and Leonid Portnoy.
U.S. Appl. No. 10/269,718, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/340,198, filed Dec. 14, 2001, entitled “Methods For Cost-Sensitive Modeling For Intrusion Detection” of Dec. 14, 2001, entitled “Methods For Cost-Sensitive Modeling For Intrusion Detection” of Salvatore J. Stolfo, Wenke Lee, Wei Fan and Matthew Miller.
U.S. Appl. No. 10/269,694, filed Oct. 11, 2002 claiming priority to U.S. Appl. No. 60/328,682, filed Oct. 11, 2001 and U.S. Appl. No. 60/339,952, filed Dec. 13, 2001, entitled “System And Methods For Anomaly Detection And Adaptive Learning” of Wei Fan, Salvatore J. Stolfo.
U.S. Appl. No. 10/222,632, filed Aug. 16, 2002 claiming priority to U.S. Appl. No. 60/312,703, filed Aug. 16, 2001 and U.S. Appl. No. 60/340,197, filed Dec. 14, 2001, entitled “System And Methods For Detecting Malicious Email Transmission” of Salvatore J. Stolfo, Eleazar Eskin, Manasi Bhattacharyya and Matthew G. Schultz.
Bhattacharyya Manasi
Eskin Eleazar
Salvatore Stolfo J.
Schultz Matthew G.
Zadok Erez
Baker & Botts LLP
Barron Jr. Gilberto
Nobahar Abdulhakim
The Trustees of Columbia University in the city of New York
LandOfFree
System and methods for detection of new malicious executables does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for detection of new malicious executables, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for detection of new malicious executables will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4078281