WO2005076101A3 - System and method for securing computers against computer virus - Google Patents
System and method for securing computers against computer virus Download PDFInfo
- Publication number
- WO2005076101A3 WO2005076101A3 PCT/JP2005/001979 JP2005001979W WO2005076101A3 WO 2005076101 A3 WO2005076101 A3 WO 2005076101A3 JP 2005001979 W JP2005001979 W JP 2005001979W WO 2005076101 A3 WO2005076101 A3 WO 2005076101A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- virus
- computer virus
- against computer
- computers against
- securing computers
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/564—Static detection by virus signature recognition
Abstract
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US54233404P | 2004-02-06 | 2004-02-06 | |
US60/542,334 | 2004-02-06 | ||
US10/899,380 | 2004-07-26 | ||
US10/899,380 US7370361B2 (en) | 2004-02-06 | 2004-07-26 | System and method for securing computers against computer virus |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2005076101A2 WO2005076101A2 (en) | 2005-08-18 |
WO2005076101A3 true WO2005076101A3 (en) | 2006-01-12 |
Family
ID=34830534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/001979 WO2005076101A2 (en) | 2004-02-06 | 2005-02-03 | System and method for securing computers against computer virus |
Country Status (2)
Country | Link |
---|---|
US (1) | US7370361B2 (en) |
WO (1) | WO2005076101A2 (en) |
Families Citing this family (48)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7089591B1 (en) | 1999-07-30 | 2006-08-08 | Symantec Corporation | Generic detection and elimination of marco viruses |
WO2002093334A2 (en) * | 2001-04-06 | 2002-11-21 | Symantec Corporation | Temporal access control for computer virus outbreaks |
US7155742B1 (en) | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
US7418729B2 (en) * | 2002-07-19 | 2008-08-26 | Symantec Corporation | Heuristic detection of malicious computer code by page tracking |
US7380277B2 (en) | 2002-07-22 | 2008-05-27 | Symantec Corporation | Preventing e-mail propagation of malicious computer code |
US7478431B1 (en) * | 2002-08-02 | 2009-01-13 | Symantec Corporation | Heuristic detection of computer viruses |
US7469419B2 (en) * | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
US7159149B2 (en) * | 2002-10-24 | 2007-01-02 | Symantec Corporation | Heuristic detection and termination of fast spreading network worm attacks |
US7249187B2 (en) * | 2002-11-27 | 2007-07-24 | Symantec Corporation | Enforcement of compliance with network security policies |
US7631353B2 (en) * | 2002-12-17 | 2009-12-08 | Symantec Corporation | Blocking replication of e-mail worms |
US7296293B2 (en) * | 2002-12-31 | 2007-11-13 | Symantec Corporation | Using a benevolent worm to assess and correct computer security vulnerabilities |
US8271774B1 (en) | 2003-08-11 | 2012-09-18 | Symantec Corporation | Circumstantial blocking of incoming network traffic containing code |
US7526804B2 (en) * | 2004-02-02 | 2009-04-28 | Microsoft Corporation | Hardware assist for pattern matches |
US7337327B1 (en) | 2004-03-30 | 2008-02-26 | Symantec Corporation | Using mobility tokens to observe malicious mobile code |
US7370233B1 (en) | 2004-05-21 | 2008-05-06 | Symantec Corporation | Verification of desired end-state using a virtual machine environment |
US7441042B1 (en) | 2004-08-25 | 2008-10-21 | Symanetc Corporation | System and method for correlating network traffic and corresponding file input/output traffic |
US7690034B1 (en) | 2004-09-10 | 2010-03-30 | Symantec Corporation | Using behavior blocking mobility tokens to facilitate distributed worm detection |
US7810158B2 (en) * | 2004-12-16 | 2010-10-05 | At&T Intellectual Property I, L.P. | Methods and systems for deceptively trapping electronic worms |
US8104086B1 (en) | 2005-03-03 | 2012-01-24 | Symantec Corporation | Heuristically detecting spyware/adware registry activity |
TW200634514A (en) * | 2005-03-24 | 2006-10-01 | Farstone Tech Inc | Security detection system and methods regarding the same |
US20080134326A2 (en) * | 2005-09-13 | 2008-06-05 | Cloudmark, Inc. | Signature for Executable Code |
US20070094734A1 (en) * | 2005-09-29 | 2007-04-26 | Mangione-Smith William H | Malware mutation detector |
US7707635B1 (en) * | 2005-10-06 | 2010-04-27 | Trend Micro Incorporated | Script-based pattern for detecting computer viruses |
US7877801B2 (en) * | 2006-05-26 | 2011-01-25 | Symantec Corporation | Method and system to detect malicious software |
US8239915B1 (en) | 2006-06-30 | 2012-08-07 | Symantec Corporation | Endpoint management using trust rating data |
US8201244B2 (en) * | 2006-09-19 | 2012-06-12 | Microsoft Corporation | Automated malware signature generation |
US7854002B2 (en) * | 2007-04-30 | 2010-12-14 | Microsoft Corporation | Pattern matching for spyware detection |
US8869109B2 (en) * | 2008-03-17 | 2014-10-21 | Microsoft Corporation | Disassembling an executable binary |
US8549624B2 (en) * | 2008-04-14 | 2013-10-01 | Mcafee, Inc. | Probabilistic shellcode detection |
US8442931B2 (en) | 2008-12-01 | 2013-05-14 | The Boeing Company | Graph-based data search |
US7603713B1 (en) * | 2009-03-30 | 2009-10-13 | Kaspersky Lab, Zao | Method for accelerating hardware emulator used for malware detection and analysis |
US8621626B2 (en) * | 2009-05-01 | 2013-12-31 | Mcafee, Inc. | Detection of code execution exploits |
US9087195B2 (en) * | 2009-07-10 | 2015-07-21 | Kaspersky Lab Zao | Systems and methods for detecting obfuscated malware |
US8640245B2 (en) | 2010-12-24 | 2014-01-28 | Kaspersky Lab, Zao | Optimization of anti-malware processing by automated correction of detection rules |
US8990259B2 (en) | 2011-06-24 | 2015-03-24 | Cavium, Inc. | Anchored patterns |
US9858051B2 (en) * | 2011-06-24 | 2018-01-02 | Cavium, Inc. | Regex compiler |
WO2013020003A1 (en) | 2011-08-02 | 2013-02-07 | Cavium, Inc. | Packet classification by an optimised decision tree |
US8533836B2 (en) * | 2012-01-13 | 2013-09-10 | Accessdata Group, Llc | Identifying software execution behavior |
RU2514142C1 (en) | 2012-12-25 | 2014-04-27 | Закрытое акционерное общество "Лаборатория Касперского" | Method for enhancement of operational efficiency of hardware acceleration of application emulation |
EP2954453B1 (en) * | 2013-02-10 | 2017-08-23 | PayPal, Inc. | Method and product for providing a predictive security product and evaluating existing security products |
US9275336B2 (en) | 2013-12-31 | 2016-03-01 | Cavium, Inc. | Method and system for skipping over group(s) of rules based on skip group rule |
US9544402B2 (en) | 2013-12-31 | 2017-01-10 | Cavium, Inc. | Multi-rule approach to encoding a group of rules |
US9667446B2 (en) | 2014-01-08 | 2017-05-30 | Cavium, Inc. | Condition code approach for comparing rule and packet data that are provided in portions |
US10505960B2 (en) | 2016-06-06 | 2019-12-10 | Samsung Electronics Co., Ltd. | Malware detection by exploiting malware re-composition variations using feature evolutions and confusions |
US9996328B1 (en) * | 2017-06-22 | 2018-06-12 | Archeo Futurus, Inc. | Compiling and optimizing a computer code by minimizing a number of states in a finite machine corresponding to the computer code |
US10481881B2 (en) * | 2017-06-22 | 2019-11-19 | Archeo Futurus, Inc. | Mapping a computer code to wires and gates |
US10713359B2 (en) * | 2017-09-29 | 2020-07-14 | AO Kaspersky Lab | System and method of identifying a malicious intermediate language file |
US20230059796A1 (en) * | 2021-08-05 | 2023-02-23 | Cloud Linux Software Inc. | Systems and methods for robust malware signature detection in databases |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001069356A2 (en) * | 2000-03-14 | 2001-09-20 | Symantec Corporation | Histogram-based virus detection |
US20020073330A1 (en) * | 2000-07-14 | 2002-06-13 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
US20030033536A1 (en) * | 2001-08-01 | 2003-02-13 | Pak Michael C. | Virus scanning on thin client devices using programmable assembly language |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2501771B2 (en) * | 1993-01-19 | 1996-05-29 | インターナショナル・ビジネス・マシーンズ・コーポレイション | Method and apparatus for obtaining multiple valid signatures of an unwanted software entity |
US5675711A (en) * | 1994-05-13 | 1997-10-07 | International Business Machines Corporation | Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses |
US5442699A (en) * | 1994-11-21 | 1995-08-15 | International Business Machines Corporation | Searching for patterns in encrypted data |
US6279128B1 (en) * | 1994-12-29 | 2001-08-21 | International Business Machines Corporation | Autonomous system for recognition of patterns formed by stored data during computer memory scrubbing |
US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US6192512B1 (en) * | 1998-09-24 | 2001-02-20 | International Business Machines Corporation | Interpreter with virtualized interface |
US6711583B2 (en) * | 1998-09-30 | 2004-03-23 | International Business Machines Corporation | System and method for detecting and repairing document-infecting viruses using dynamic heuristics |
US6622134B1 (en) * | 1999-01-05 | 2003-09-16 | International Business Machines Corporation | Method of constructing data classifiers and classifiers constructed according to the method |
GB2350449A (en) * | 1999-05-27 | 2000-11-29 | Ibm | Detecting replication of a computer virus using a counter virus |
US6851057B1 (en) * | 1999-11-30 | 2005-02-01 | Symantec Corporation | Data driven detection of viruses |
US6789200B1 (en) * | 2000-05-18 | 2004-09-07 | International Business Machines Corporation | Method of automatically instituting secure, safe libraries and functions when exposing a system to potential system attacks |
US7089589B2 (en) | 2001-04-10 | 2006-08-08 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait |
US7203959B2 (en) * | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
-
2004
- 2004-07-26 US US10/899,380 patent/US7370361B2/en active Active
-
2005
- 2005-02-03 WO PCT/JP2005/001979 patent/WO2005076101A2/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001069356A2 (en) * | 2000-03-14 | 2001-09-20 | Symantec Corporation | Histogram-based virus detection |
US20020073330A1 (en) * | 2000-07-14 | 2002-06-13 | Computer Associates Think, Inc. | Detection of polymorphic script language viruses by data driven lexical analysis |
US20030033536A1 (en) * | 2001-08-01 | 2003-02-13 | Pak Michael C. | Virus scanning on thin client devices using programmable assembly language |
Non-Patent Citations (3)
Title |
---|
AHO A V ET AL: "COMPILERS PRINCIPLES, TECHNIQUES, AND TOOLS", COMPILERS. PRINCIPLES, TECHNIQUES, AND TOOLS, READING, ADDISON-WESLEY PUBLISHING CO, US, 1986, XP002940830 * |
CHRISTODORESCU M; JHA S: "Static Analysis of Executables to Detect Malicious Patterns", PROCEEDINGS OF THE 12TH USENIXSECURITY SYMPOSIUM, 4 August 2003 (2003-08-04), pages 169 - 186, XP002333005, Retrieved from the Internet <URL:http://www.usenix.org/events/sec03/tech/full_papers/christodorescu/christodorescu.pdf> [retrieved on 20050621] * |
SZÖR P; FERRIE P: "Hunting For Metamorphic", VIRUS BULLETIN CONFERENCE 2001, September 2001 (2001-09-01), pages 123 - 144, XP002333352, Retrieved from the Internet <URL:http://www.peterszor.com/metamorp.pdf> [retrieved on 20050623] * |
Also Published As
Publication number | Publication date |
---|---|
WO2005076101A2 (en) | 2005-08-18 |
US7370361B2 (en) | 2008-05-06 |
US20050177736A1 (en) | 2005-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005076101A3 (en) | System and method for securing computers against computer virus | |
Stolfo et al. | Towards stealthy malware detection | |
US7873947B1 (en) | Phylogeny generation | |
US9990583B2 (en) | Match engine for detection of multi-pattern rules | |
US20150186649A1 (en) | Function Fingerprinting | |
CN109829306B (en) | Malicious software classification method for optimizing feature extraction | |
EP2513836B1 (en) | Obfuscated malware detection | |
US20160094564A1 (en) | Taxonomic malware detection and mitigation | |
CN105956180B (en) | A kind of filtering sensitive words method | |
US20080047012A1 (en) | Network intrusion detector with combined protocol analyses, normalization and matching | |
WO2005124627A3 (en) | Automated transaction processing system and approach | |
EP1655682A3 (en) | System and Method of Aggregating the Knowledge Base of Antivirus Software Applications | |
CN100535916C (en) | Scanning system for virus and method therefor | |
CN101753570A (en) | methods and systems for detecting malware | |
WO2007117635A3 (en) | Malware modeling detection system and method for mobile platforms | |
CN102307189B (en) | Malicious code detection method and network equipment | |
CN101441687B (en) | Method and apparatus for extracting virus characteristic of virus document | |
CN113821804B (en) | Cross-architecture automatic detection method and system for third-party components and security risks thereof | |
Rafique et al. | Malware classification using deep learning based feature extraction and wrapper based feature selection technique | |
EP1251421A3 (en) | Digital signature verifying method and apparatus | |
CN113935033A (en) | Feature-fused malicious code family classification method and device and storage medium | |
CN106910135A (en) | User recommends method and device | |
US9135442B1 (en) | Methods and systems for detecting obfuscated executables | |
CN108989336A (en) | A kind of emergency disposal system and emergence treating method for network safety event | |
CN109583201A (en) | The system and method for identifying malice intermediate language file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |