Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2006-06-06
2011-11-22
Vu, Kim (Department: 2435)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
Reexamination Certificate
active
08065736
ABSTRACT:
A system and method for using asynchronous changes to memory to detect malware is disclosed. The technology initially receives a memory buffer location to be evaluated, the memory buffer location possibly having at least a portion of malware therein. The technology then performs a plurality of double fetches to the memory buffer location. The technology additionally compares a plurality of responses to the plurality of double fetches, wherein a plurality of similar responses to the plurality of double fetches indicates the portion of malware is not present and wherein at least two distinct responses to the plurality of double fetches indicates the portion of malware is present.
REFERENCES:
patent: 4761730 (1988-08-01), Ng et al.
patent: 5684875 (1997-11-01), Ellenberger
patent: 6772345 (2004-08-01), Shetty
patent: 2005/0015606 (2005-01-01), Blamires et al.
patent: 2005/0021994 (2005-01-01), Barton et al.
patent: 2005/0071649 (2005-03-01), Shipp
patent: 2005/0138583 (2005-06-01), Ouyang
patent: 2005/0154900 (2005-07-01), Muttik
patent: 2005/0172338 (2005-08-01), Sandu et al.
patent: 2005/0188272 (2005-08-01), Bodorin et al.
patent: 2005/0204205 (2005-09-01), Ring et al.
patent: 2005/0216770 (2005-09-01), Rowett et al.
patent: 2005/0229250 (2005-10-01), Ring et al.
patent: 2005/0268112 (2005-12-01), Wang et al.
patent: 2006/0031673 (2006-02-01), Beck et al.
patent: 2007/0022287 (2007-01-01), Beck et al.
patent: 2007/0067844 (2007-03-01), Williamson et al.
patent: 2007/0101431 (2007-05-01), Clift et al.
“a-squared Anti-Malware”, http://www.emsisoft.com/en/software/personal/.
“OS Independent Run-time System Integrity Services”, http://www.intel.com/technology/comms/download/system—integrity—services.pdf.
“Spyware Doctor™ 3.5 for Windows”, http://wwvv.pctools.com/spyvvare-doctor/.
Christodorescu, Mihai, et al., “Semantics-Aware Malware Detection”, http://www.eecs.berkeley.edu/˜sseshia/pubdir/oakland05.pdf.
Clift Neill M.
Morrison Jonathan D.
King John B
Microsoft Corporation
Vu Kim
LandOfFree
Using asynchronous changes to memory to detect malware does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Using asynchronous changes to memory to detect malware, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Using asynchronous changes to memory to detect malware will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4271332