Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2002-05-23
2008-08-05
Barron, Jr., Gilberto (Department: 2132)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C711S109000, C718S001000
Reexamination Certificate
active
07409717
ABSTRACT:
The executions of computer viruses are analyzed to develop register signatures for the viruses. The register signatures specify the sets of outputs the viruses produce when executed with a given set of inputs. A virus detection system (VDS) (400) holds a database (430) of the register signatures. The VDS (400) selects (710) a file that might contain a computer virus and identifies potential entry points in the file. The VDS (400) uses a virtual machine (422) having an initial state to emulate (714) a relatively small number of instructions at each entry point. While emulating each potential entry point, the VDS builds (716) a register table that tracks the state of a subset of the virtual registers (428). Once the VDS (400) reaches an emulation breakpoint, it analyzes the register table in view of the register signatures to determine whether the file contains a virus.
REFERENCES:
patent: 5796989 (1998-08-01), Morley et al.
patent: 5826013 (1998-10-01), Nachenberg
patent: 5964889 (1999-10-01), Nachenberg
patent: 5978917 (1999-11-01), Chi
patent: 6016542 (2000-01-01), Gottlieb et al.
patent: 6067410 (2000-05-01), Nachenberg
patent: 6088803 (2000-07-01), Tso et al.
patent: 6347375 (2002-02-01), Reinert et al.
patent: 6564154 (2003-05-01), Zimmerman et al.
patent: 6851057 (2005-02-01), Nachenberg
patent: 6971019 (2005-11-01), Nachenberg
patent: 6981279 (2005-12-01), Arnold et al.
patent: 7092861 (2006-08-01), Shteyn
patent: 7146305 (2006-12-01), van der Made
patent: 2006/0100010 (2006-05-01), Gatto et al.
patent: WO 99/15966 (1999-04-01), None
Parkhouse, Jayne, “Pelican SafeTNet 2.0” [online], Jun. 2000, SC Magazine Product Review, [retrieved on Dec. 1, 2003]. Retrieved from the Internet: <URL: http://www.scmagazine.com/scmagazine/standalone/pelican/sc—pelican.html.
Padawer, “Microsoft P-Code Technology,” [online]. Apr. 1992 [retrieved on Nov. 13, 2003]. Retrieved from the Internet: <URL: http://msdn.Microsoft.com/archive/en-us/dnarvc/html/msdn—c7pcode2.asp?frame=true.>, 6 pages.
“Frequently Asked Questions on Virus-L/comp.virus,” [online]. Oct. 9, 1995 [retrieved on Nov. 25, 2003]. Retrieved from the Internet: <URL: http://www.claws-and-paws.com/virus/faqs/vlfaq200.shtml>, 53 pages.
LeCharlier et al., “Dynamic Detection and Classification of Computer Viruses Using General Behaviour Patterns,” Proceedings of the Fifth International Virus Bulletin Conference, Boston, Mass., Sep. 20-22, 1995, 22 pages.
McCanne et al., “The BSD Packet Filter: A new Architecture for User-level Packet Capture,” Preprint Dec. 19, 1992, 1993 Winter USENIX conference, San Diego, California, Jan. 25-29, 1993, 11 pages.
Leitold et al., “VIRus Searching and KILling Language,” Proceedings of the Second International Virus Bulletin Conference, Sep. 1992, 15 pages.
Taubes, “An Immune System for Cyberspace,” Think Research [online], vol. 34, No. 4, 1996 [retrieved on Dec. 15, 2003]. Retrieved from the Internet: <URL: http://domino.research.ibm.com/comm./wwwr—thinkresearch.nsf/pages/antivirus496.html>, 9 pages.
Ször, “Memory Scanning Under Windows NT,” Virus Bulletin Conference, Sep. 1999, 22 pages.
Ször, “Attacks on Win32,” Virus Bulletin Conference, Oct. 1998, 84 pages.
PCT International Search Report, International Application No. PCT/US03/16445, Sep. 10, 2003, 4 pages.
Nachenberg, “A New Technique for Detecting Polymorphic Computer Viruses,” Thesis, University of Los Angeles, 132 pages, 1995.
Szor, “The New 32-bit Medusa,” Virus Bulletin, Dec. 2000, ISSN 0956-09979, 4 pages.
Sidiroglou, S. et al., “An Email Worm Vaccine Architecture,” 2005, Department of Computer Science, Columbia University, entire document, [Online] [Retrieved on Jan. 4, 2008] Retrieved from the Internet<URL:http://www1.cs.columbia.edu/˜angelos/Papers/2005/email-worm.pdf>.
Barron Jr. Gilberto
Fenwick & West LLP
Herring Virgil
Symantec Corporation
LandOfFree
Metamorphic computer virus detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Metamorphic computer virus detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Metamorphic computer virus detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4006701