Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
2006-10-25
2011-12-06
Iqbal, Nadeem (Department: 2114)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
Reexamination Certificate
active
08074115
ABSTRACT:
Methods, media, and systems for detecting anomalous program executions are provided. In some embodiments, methods for detecting anomalous program executions are provided, comprising: executing at least a part of a program in an emulator; comparing a function call made in the emulator to a model of function calls for the at least a part of the program; and identifying the function call as anomalous based on the comparison. In some embodiments, methods for detecting anomalous program executions are provided, comprising: modifying a program to include indicators of program-level function calls being made during execution of the program; comparing at least one of the indicators of program-level function calls made in the emulator to a model of function calls for the at least a part of the program; and identifying a function call corresponding to the at least one of the indicators as anomalous based on the comparison.
REFERENCES:
patent: 5968113 (1999-10-01), Haley et al.
patent: 6079031 (2000-06-01), Haley et al.
patent: 6154876 (2000-11-01), Haley et al.
patent: 7155708 (2006-12-01), Hammes et al.
patent: 7490268 (2009-02-01), Keromytis et al.
patent: 7496898 (2009-02-01), Vu
patent: 7639714 (2009-12-01), Stolfo et al.
patent: 2005/0108562 (2005-05-01), Khazan et al.
Hangal et al., Tracking down software bugs using automatic anomaly detection, Proceedings of the 24the international conference on software engineering, May 2002, pp. 291-301.
Chan et al., A machine learning approach to anomaly detection, Technical Report, Dept. of computer science, Florida institute of technology, Mar. 2003, pp. 1-13.
M. Chew and D. Song, Mitigating Buffer Overflows by Operating System Randomization, Technical Report CMUCS-02-197, Carnegie Mellon University, Dec. 2002.
V. Prevelakis, A Secure Station for Network Monitoring and Control, In Proceedings of the 8th USENIX Security Symposium, Aug. 1999.
J. Reynolds, J. Just, L. Clough, and R. Maglich, On-Line Intrusion Detection and Attack Prevention Using Diversity, Generate-and-Test, and Generalization, In Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS), Jan. 2003.
H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh, on the Effectiveness of Address-Space Randomization, In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS), pp. 298-307, Oct. 2004.
S. Sidiroglou, M. Locasto, S. Boyd, and A. Keromytis, Building A Reactive Immune System for Software Services, In Proceedings of the 11th USENIX Annual Technical Conference, Apr. 2005.
M. Stamp, Risk of Monoculture, Communications of the ACM, 47(3):120, Mar. 2004.
Using Network-Based Application Recognition and ACLs for Blocking the “Code Red” Worm, Technical report, Cisco Systems, Inc.
Aleph One, Smashing the stack for fun and profit, Phrack, 7(49), 1996.
K. Ashcraft and D. Engler, Detecting Lots of Security Holes Using System-Specific Static Analysis, In Proceedings of the IEEE Symposium on Security and Privacy, May 2002.
S. M. Bellovin, Distributed Firewalls, ;login: magazine, special issue on security, Nov. 1999.
M. Bhattacharyya, M. G. Schultz, E. Eskin, S. Hershkop, and S. J. Stolfo, MET: An Experimental System for Malicious Email Tracking, In Proceedings of the New Security Paradigms Workshop (NSPW), pp. 1-12, Sep. 2002.
Bulba and Kil3r, Bypassing StackGuard and StackShield, Phrack, 5(56), May 2000.
B. Chess, Improving Computer Security Using Extended Static Checking, In Proceedings of the IEEE Symposium on Security and Privacy, May 2002.
M. Christodorescu and S. Jha, Static Analysis of Executables to Detect Malicious Patterns, In Proceedings of the 12th USENIX Security Symposium, pp. 169-186, Aug. 2003.
F. Cohen, Computer Viruses: Theory and Practice, Computers & Security, 6:22-35, Feb. 1987.
C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman, Formatguard: Automatic protection from printf format string vulnerabilities, In Proceedings of the 10th USENIX Security Symposium, Aug. 2001.
C. Cowan, S. Beattie, C. Pu, P. Wagle, and V. Gligor, SubDomain: Parsimonious Security for Server Appliances, In Proceedings of the 14th USENIX System Administration Conference (LISA 2000), Mar. 2000.
C. Cowan, C. Pu, D. Maier, H. Hinton, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang, Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks, In Proceedings of the 7th USENIX Security Symposium, Jan. 1998.
D. Engler and K. Ashcraft, RacerX: Effective, Static Detection of Race Conditions and Deadlocks, Proceedings of ACM SOSP, Oct. 2003.
S. Forrest, A. Somayaji, and D. Ackley, Building Diverse Computer Systems, In Proceedings of the 6th HotOS Workshop, 1997.
M. Frantzen and M. Shuey, StackGhost: Hardware facilitated stack protection, In Proceedings of the 10th USENIX Security Symposium, pp. 55-66, Aug. 2001.
T. Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, In Proceedings of the Symposium on Network and Distributed Systems Security (SNDSS), pp. 163-176, Feb. 2003.
I. Goldberg, D. Wagner, R. Thomas, and E. Brewer, A Secure Environment for Untrusted Helper Applications, In Proceedings of the 1996 USENIX Annual Technical Conference, 1996.
S. loannidis, A. Keromytis, S. Bellovin, and J. Smith, Implementing a Distributed Firewall, In Proceedings of the ACM Computer and Communications Security (CCS) Conference, pp. 190-199, Nov. 2000.
R. Janakiraman, M. Waldvogel, and Q. Zhang, Indra: A peer-topeer approach to network intrusion detection and prevention, In Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop on Enterprise Security, Jun. 2003.
R. Jones and P. Kelly, Backwards-compatible bounds checking for arrays and pointers in C programs, In Third International Workshop on Automated Debugging, 1997.
J. Just, L. Clough, M. Danforth, K. Levitt, R. Maglich, J. C. Reynolds, and J. Rowe, Learning Unknown Attacks—A Start, In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), Oct. 2002.
J. Kephart, A Biologically Inspired Immune System for Computers, In Artificial Life IV: Proceedings of the Fourth International Workshop on the Synthesis and Simulation of Living Systems, pp. 130-139. MIT Press, 1994.
M. Kodialam and T. V. Lakshman, Detecting Network Intrusions via Sampling: A Game Theoretic Approach, In Proceedings of the 22nd Annual Joint Conference of IEEE Computer and Communication Societies (INFOCOM), Apr. 2003.
D. Larochelle and D. Evans, Statically Detecting Likely Buffer Overflow Vulnerabilities, In Proceedings of the 10th Security Symposium, pp. 177-190, Aug. 2001.
E. Larson and T. Austin, High Coverage Detection of Input-Related Security Faults, In Proceedings of the 12th Security Symposium, pp. 121-136, Aug. 2003.
K. Lhee and S. J. Chapin, Type-Assisted Dynamic Buffer Overflow Detection. In Proceedings of the 11th Security Symposium, pp. 81-90, Aug. 2002.
M.-J. Lin, A. Ricciardi, and K. Marzullo, A New Model for Availability in the Face of Self-Propagating Attacks, In Proceedings of the New Security Paradigms Workshop, Nov. 1998.
A. J. Malton, The Denotational Semantics of a Functional Tree-Manipulation Language, Computer Languages, 19 (3):157-168, 1993.
T. C. Miller and T. de Raadt, strlcpy and strlcat: Consistent, Safe, String Copy and Concatenation, In Proceedings of the USENIX Annual Technical Conference, Freenix Track, Jun. 1999.
D. Moore, C. Shanning, and K. Claffy, Code-Red: a case study on the spread and victims of an Internet worm. In Proceedings of the 2nd Internet Measurement Workshop (IMW), pp. 273-284, Nov. 2002.
D. Moore, C. Shannon, G. Voelker, and S. Savage, Internet Quarantine: Requirements for Containing Self-Propagating Code, In Proceedings of the IEEE Infocom Conference, Apr. 2003.
C. Nachenberg, Computer Virus-Coevolution, Communications of the ACM, 50(1):46-51, 1997.
D. Nojiri, J. Rowe, and K. Levitt, Cooperative Response Strategies for Large Scale Attack Miti
Keromytis Angelos D.
Sidiroglou Stelios
Stolfo Salvatore J.
Byrne Poh LLP
Iqbal Nadeem
The Trustees of Columbia University in the City of New York
LandOfFree
Methods, media and systems for detecting anomalous program... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Methods, media and systems for detecting anomalous program..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Methods, media and systems for detecting anomalous program... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4314001