DE69804760T2 - Verfahren und vorrichtung zur erkennung polymorpher viren - Google Patents

Verfahren und vorrichtung zur erkennung polymorpher viren

Info

Publication number
DE69804760T2
DE69804760T2 DE69804760T DE69804760T DE69804760T2 DE 69804760 T2 DE69804760 T2 DE 69804760T2 DE 69804760 T DE69804760 T DE 69804760T DE 69804760 T DE69804760 T DE 69804760T DE 69804760 T2 DE69804760 T2 DE 69804760T2
Authority
DE
Germany
Prior art keywords
virus
module
viruses
register
polymorphic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE69804760T
Other languages
English (en)
Other versions
DE69804760D1 (de
Inventor
S Nachenberg
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NortonLifeLock Inc
Original Assignee
Symantec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symantec Corp filed Critical Symantec Corp
Publication of DE69804760D1 publication Critical patent/DE69804760D1/de
Application granted granted Critical
Publication of DE69804760T2 publication Critical patent/DE69804760T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
DE69804760T 1997-01-08 1998-01-05 Verfahren und vorrichtung zur erkennung polymorpher viren Expired - Lifetime DE69804760T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/780,985 US5826013A (en) 1995-09-28 1997-01-08 Polymorphic virus detection module
PCT/US1998/008897 WO1998030957A2 (en) 1997-01-08 1998-01-05 Polymorphic virus detection module

Publications (2)

Publication Number Publication Date
DE69804760D1 DE69804760D1 (de) 2002-05-16
DE69804760T2 true DE69804760T2 (de) 2003-03-06

Family

ID=25121300

Family Applications (1)

Application Number Title Priority Date Filing Date
DE69804760T Expired - Lifetime DE69804760T2 (de) 1997-01-08 1998-01-05 Verfahren und vorrichtung zur erkennung polymorpher viren

Country Status (5)

Country Link
US (1) US5826013A (de)
EP (1) EP0951676B1 (de)
CA (1) CA2277330A1 (de)
DE (1) DE69804760T2 (de)
WO (1) WO1998030957A2 (de)

Families Citing this family (166)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5964889A (en) * 1997-04-16 1999-10-12 Symantec Corporation Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator
US5987608A (en) * 1997-05-13 1999-11-16 Netscape Communications Corporation Java security mechanism
US6134566A (en) * 1997-06-30 2000-10-17 Microsoft Corporation Method for controlling an electronic mail preview pane to avoid system disruption
US6357008B1 (en) * 1997-09-23 2002-03-12 Symantec Corporation Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases
US6081894A (en) * 1997-10-22 2000-06-27 Rvt Technologies, Inc. Method and apparatus for isolating an encrypted computer system upon detection of viruses and similar data
US6003132A (en) * 1997-10-22 1999-12-14 Rvt Technologies, Inc. Method and apparatus for isolating a computer system upon detection of viruses and similar data
US6108799A (en) * 1997-11-21 2000-08-22 International Business Machines Corporation Automated sample creation of polymorphic and non-polymorphic marcro viruses
US6021510A (en) * 1997-11-24 2000-02-01 Symantec Corporation Antivirus accelerator
US6094731A (en) * 1997-11-24 2000-07-25 Symantec Corporation Antivirus accelerator for computer networks
US6029256A (en) * 1997-12-31 2000-02-22 Network Associates, Inc. Method and system for allowing computer programs easy access to features of a virus scanning engine
US6338141B1 (en) * 1998-09-30 2002-01-08 Cybersoft, Inc. Method and apparatus for computer virus detection, analysis, and removal in real time
AU2164700A (en) 1998-12-09 2000-06-26 Network Ice Corporation A method and apparatus for providing network and computer system security
EP1137992A4 (de) * 1998-12-11 2003-02-05 Rvt Technologies Inc Verfahren und gerät um ein rechnersystem zu isolieren, sobald ein virus oder ähnliche daten festgestellt wurden
US6874087B1 (en) 1999-07-13 2005-03-29 International Business Machines Corporation Integrity checking an executable module and associated protected service provider module
AU6218800A (en) 1999-07-14 2001-01-30 Recourse Technologies, Inc. System and method for quickly authenticating messages using sequence numbers
US6981155B1 (en) 1999-07-14 2005-12-27 Symantec Corporation System and method for computer security
US7117532B1 (en) 1999-07-14 2006-10-03 Symantec Corporation System and method for generating fictitious content for a computer
US7346929B1 (en) 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US7203962B1 (en) 1999-08-30 2007-04-10 Symantec Corporation System and method for using timestamps to detect attacks
US6851057B1 (en) 1999-11-30 2005-02-01 Symantec Corporation Data driven detection of viruses
US8006243B2 (en) 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
US6954858B1 (en) 1999-12-22 2005-10-11 Kimberly Joyce Welborn Computer virus avoidance system and mechanism
US6971019B1 (en) * 2000-03-14 2005-11-29 Symantec Corporation Histogram-based virus detection
KR100367129B1 (ko) * 2000-03-21 2003-01-09 주식회사 하우리 다형성 바이러스 진단시스템 및 그 방법
WO2001084775A2 (en) 2000-04-28 2001-11-08 Internet Security Systems, Inc. System and method for managing security events on a network
US7574740B1 (en) 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20040064737A1 (en) * 2000-06-19 2004-04-01 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
US7350235B2 (en) * 2000-07-14 2008-03-25 Computer Associates Think, Inc. Detection of decryption to identify encrypted virus
US7093239B1 (en) * 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
US8341743B2 (en) * 2000-07-14 2012-12-25 Ca, Inc. Detection of viral code using emulation of operating system functions
US7069589B2 (en) * 2000-07-14 2006-06-27 Computer Associates Think, Inc.. Detection of a class of viral code
US7069583B2 (en) * 2000-07-14 2006-06-27 Computer Associates Think, Inc. Detection of polymorphic virus code using dataflow analysis
US7210040B2 (en) * 2000-07-14 2007-04-24 Computer Associates Think, Inc. Detection of suspicious privileged access to restricted computer resources
US7636945B2 (en) * 2000-07-14 2009-12-22 Computer Associates Think, Inc. Detection of polymorphic script language viruses by data driven lexical analysis
US6981279B1 (en) * 2000-08-17 2005-12-27 International Business Machines Corporation Method and apparatus for replicating and analyzing worm programs
US7032114B1 (en) * 2000-08-30 2006-04-18 Symantec Corporation System and method for using signatures to detect computer intrusions
US6928555B1 (en) * 2000-09-18 2005-08-09 Networks Associates Technology, Inc. Method and apparatus for minimizing file scanning by anti-virus programs
US7178166B1 (en) 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US6968461B1 (en) * 2000-10-03 2005-11-22 Networks Associates Technology, Inc. Providing break points in a malware scanning operation
US9027121B2 (en) 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7146305B2 (en) 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US7398553B1 (en) * 2000-10-30 2008-07-08 Tread Micro, Inc. Scripting virus scan engine
US7130466B2 (en) 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
US20020147803A1 (en) 2001-01-31 2002-10-10 Dodd Timothy David Method and system for calculating risk in association with a security audit of a computer network
WO2002093334A2 (en) * 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
CN1147795C (zh) * 2001-04-29 2004-04-28 北京瑞星科技股份有限公司 检测和清除已知及未知计算机病毒的方法、系统
US7065789B1 (en) 2001-05-22 2006-06-20 Computer Associates Think, Inc. System and method for increasing heuristics suspicion levels in analyzed computer code
US20020184566A1 (en) * 2001-06-01 2002-12-05 Michael Catherwood Register pointer trap
US7237264B1 (en) 2001-06-04 2007-06-26 Internet Security Systems, Inc. System and method for preventing network misuse
US20020188649A1 (en) * 2001-06-12 2002-12-12 Ron Karim Mechanism for safely executing an untrusted program
US7657419B2 (en) 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
US8056131B2 (en) * 2001-06-21 2011-11-08 Cybersoft, Inc. Apparatus, methods and articles of manufacture for intercepting, examining and controlling code, data and files and their transfer
IL160757A0 (en) * 2001-09-14 2004-08-31 Computer Ass Think Inc Virus detection system
US7266844B2 (en) * 2001-09-27 2007-09-04 Mcafee, Inc. Heuristic detection of polymorphic computer viruses based on redundancy in viral code
FR2830638A1 (fr) * 2001-10-05 2003-04-11 France Telecom Procede de detection generique de programmes d'attaque caches dans des chaines de donnees
US20030101381A1 (en) * 2001-11-29 2003-05-29 Nikolay Mateev System and method for virus checking software
US7346781B2 (en) * 2001-12-06 2008-03-18 Mcafee, Inc. Initiating execution of a computer program from an encrypted version of a computer program
US7761605B1 (en) * 2001-12-20 2010-07-20 Mcafee, Inc. Embedded anti-virus scanner for a network adapter
WO2003058451A1 (en) 2002-01-04 2003-07-17 Internet Security Systems, Inc. System and method for the managed security control of processes on a computer system
US7607171B1 (en) 2002-01-17 2009-10-20 Avinti, Inc. Virus detection by executing e-mail code in a virtual machine
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US7096498B2 (en) 2002-03-08 2006-08-22 Cipher Trust, Inc. Systems and methods for message threat management
US7693947B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for graphically displaying messaging traffic
US8578480B2 (en) 2002-03-08 2013-11-05 Mcafee, Inc. Systems and methods for identifying potentially malicious messages
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US8132250B2 (en) 2002-03-08 2012-03-06 Mcafee, Inc. Message profiling systems and methods
US7870203B2 (en) 2002-03-08 2011-01-11 Mcafee, Inc. Methods and systems for exposing messaging reputation to an end user
US7694128B2 (en) 2002-03-08 2010-04-06 Mcafee, Inc. Systems and methods for secure communication delivery
US7903549B2 (en) 2002-03-08 2011-03-08 Secure Computing Corporation Content-based policy compliance systems and methods
US6941467B2 (en) * 2002-03-08 2005-09-06 Ciphertrust, Inc. Systems and methods for adaptive message interrogation through multiple queues
US7124438B2 (en) 2002-03-08 2006-10-17 Ciphertrust, Inc. Systems and methods for anomaly detection in patterns of monitored communications
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US7103913B2 (en) * 2002-05-08 2006-09-05 International Business Machines Corporation Method and apparatus for determination of the non-replicative behavior of a malicious program
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US7409717B1 (en) * 2002-05-23 2008-08-05 Symantec Corporation Metamorphic computer virus detection
DE10233173B4 (de) * 2002-07-22 2006-03-23 Bayer Industry Services Gmbh & Co. Ohg Verfahren zur Abscheidung von Quecksilber aus Rauchgasen
US7487543B2 (en) * 2002-07-23 2009-02-03 International Business Machines Corporation Method and apparatus for the automatic determination of potentially worm-like behavior of a program
GB2391965B (en) * 2002-08-14 2005-11-30 Messagelabs Ltd Method of, and system for, heuristically detecting viruses in executable code
US7469419B2 (en) 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7761917B1 (en) 2002-11-21 2010-07-20 Vmware, Inc. Method and apparatus for the detection and prevention of intrusions, computer worms, and denial of service attacks
US7657937B1 (en) 2003-01-02 2010-02-02 Vmware, Inc. Method for customizing processing and response for intrusion prevention
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
TW200416542A (en) * 2003-02-26 2004-09-01 Osaka Ind Promotion Org Determination method of improper processing, data processing device, computer program and recording media (II)
TW200416541A (en) * 2003-02-26 2004-09-01 Osaka Ind Promotion Org Determination method of improper processing, data processing device, computer program and recording media (I)
US7284273B1 (en) * 2003-05-29 2007-10-16 Symantec Corporation Fuzzy scanning system and method
US7657938B2 (en) 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
WO2005052767A1 (en) * 2003-11-05 2005-06-09 Qinetiq Limited Detection of items stored in a computer system
CA2545916C (en) 2003-11-12 2015-03-17 The Trustees Of Columbia University In The City Of New York Apparatus method and medium for detecting payload anomaly using n-gram distribution of normal data
US7624449B1 (en) * 2004-01-22 2009-11-24 Symantec Corporation Countering polymorphic malicious computer code through code optimization
US7984304B1 (en) * 2004-03-02 2011-07-19 Vmware, Inc. Dynamic verification of validity of executable code
US8613091B1 (en) * 2004-03-08 2013-12-17 Redcannon Security, Inc. Method and apparatus for creating a secure anywhere system
US7484247B2 (en) 2004-08-07 2009-01-27 Allen F Rozman System and method for protecting a computer system from malicious software
US7591018B1 (en) * 2004-09-14 2009-09-15 Trend Micro Incorporated Portable antivirus device with solid state memory
US7480683B2 (en) * 2004-10-01 2009-01-20 Webroot Software, Inc. System and method for heuristic analysis to identify pestware
ITRM20040517A1 (it) * 2004-10-20 2005-01-20 Diego Angelo Tomaselli Metodo e sistema antivirus.
US20060095964A1 (en) * 2004-10-29 2006-05-04 Microsoft Corporation Document stamping antivirus manifest
US8635690B2 (en) 2004-11-05 2014-01-21 Mcafee, Inc. Reputation based message processing
WO2006101549A2 (en) 2004-12-03 2006-09-28 Whitecell Software, Inc. Secure system for allowing the execution of authorized computer program code
US7636856B2 (en) * 2004-12-06 2009-12-22 Microsoft Corporation Proactive computer malware protection through dynamic translation
US7343599B2 (en) * 2005-01-03 2008-03-11 Blue Lane Technologies Inc. Network-based patching machine
US8059551B2 (en) * 2005-02-15 2011-11-15 Raytheon Bbn Technologies Corp. Method for source-spoofed IP packet traceback
US8046834B2 (en) * 2005-03-30 2011-10-25 Alcatel Lucent Method of polymorphic detection
US7349931B2 (en) 2005-04-14 2008-03-25 Webroot Software, Inc. System and method for scanning obfuscated files for pestware
US7571476B2 (en) * 2005-04-14 2009-08-04 Webroot Software, Inc. System and method for scanning memory for pestware
US7591016B2 (en) * 2005-04-14 2009-09-15 Webroot Software, Inc. System and method for scanning memory for pestware offset signatures
US7937480B2 (en) 2005-06-02 2011-05-03 Mcafee, Inc. Aggregation of reputation data
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US7571483B1 (en) 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US7739740B1 (en) * 2005-09-22 2010-06-15 Symantec Corporation Detecting polymorphic threats
US20070079375A1 (en) * 2005-10-04 2007-04-05 Drew Copley Computer Behavioral Management Using Heuristic Analysis
US7996898B2 (en) * 2005-10-25 2011-08-09 Webroot Software, Inc. System and method for monitoring events on a computer to reduce false positive indication of pestware
US8640235B2 (en) * 2006-03-31 2014-01-28 Symantec Corporation Determination of malicious entities
EP1870829B1 (de) * 2006-06-23 2014-12-03 Microsoft Corporation Softwareschutz durch Erzwingen der Datenflussintegrität
US8261344B2 (en) * 2006-06-30 2012-09-04 Sophos Plc Method and system for classification of software using characteristics and combinations of such characteristics
US8365286B2 (en) * 2006-06-30 2013-01-29 Sophos Plc Method and system for classification of software using characteristics and combinations of such characteristics
US20080016572A1 (en) * 2006-07-12 2008-01-17 Microsoft Corporation Malicious software detection via memory analysis
US8151352B1 (en) 2006-07-14 2012-04-03 Bitdefender IPR Managament Ltd. Anti-malware emulation systems and methods
US8190868B2 (en) 2006-08-07 2012-05-29 Webroot Inc. Malware management through kernel detection
US8392996B2 (en) * 2006-08-08 2013-03-05 Symantec Corporation Malicious software detection
US7949716B2 (en) 2007-01-24 2011-05-24 Mcafee, Inc. Correlation and analysis of entity attributes
US7779156B2 (en) 2007-01-24 2010-08-17 Mcafee, Inc. Reputation based load balancing
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8179798B2 (en) 2007-01-24 2012-05-15 Mcafee, Inc. Reputation based connection throttling
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
US20100011441A1 (en) * 2007-05-01 2010-01-14 Mihai Christodorescu System for malware normalization and detection
US8402529B1 (en) 2007-05-30 2013-03-19 M86 Security, Inc. Preventing propagation of malicious software during execution in a virtual machine
US8176477B2 (en) 2007-09-14 2012-05-08 International Business Machines Corporation Method, system and program product for optimizing emulation of a suspected malware
US8185930B2 (en) 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
US8045458B2 (en) 2007-11-08 2011-10-25 Mcafee, Inc. Prioritizing network traffic
US8806619B2 (en) * 2007-12-20 2014-08-12 Cybernet Systems Corporation System and methods for detecting software vulnerabilities and malicious code
US8160975B2 (en) 2008-01-25 2012-04-17 Mcafee, Inc. Granular support vector machine with random granularity
US8589503B2 (en) 2008-04-04 2013-11-19 Mcafee, Inc. Prioritizing network traffic
US9032503B2 (en) * 2008-05-20 2015-05-12 Shakeel Mustafa Diversity string based pattern matching
US8365283B1 (en) * 2008-08-25 2013-01-29 Symantec Corporation Detecting mutating malware using fingerprints
GB0822619D0 (en) * 2008-12-11 2009-01-21 Scansafe Ltd Malware detection
US8621625B1 (en) * 2008-12-23 2013-12-31 Symantec Corporation Methods and systems for detecting infected files
US11489857B2 (en) 2009-04-21 2022-11-01 Webroot Inc. System and method for developing a risk profile for an internet resource
US8370934B2 (en) * 2009-06-25 2013-02-05 Check Point Software Technologies Ltd. Methods for detecting malicious programs using a multilayered heuristics approach
US8955131B2 (en) 2010-01-27 2015-02-10 Mcafee Inc. Method and system for proactive detection of malicious shared libraries via a remote reputation system
US9202048B2 (en) 2010-01-27 2015-12-01 Mcafee, Inc. Method and system for discrete stateful behavioral analysis
US8307434B2 (en) * 2010-01-27 2012-11-06 Mcafee, Inc. Method and system for discrete stateful behavioral analysis
US8474039B2 (en) 2010-01-27 2013-06-25 Mcafee, Inc. System and method for proactive detection and repair of malware memory infection via a remote memory reputation system
US20110185428A1 (en) * 2010-01-27 2011-07-28 Mcafee, Inc. Method and system for protection against unknown malicious activities observed by applications downloaded from pre-classified domains
US8819826B2 (en) 2010-01-27 2014-08-26 Mcafee, Inc. Method and system for detection of malware that connect to network destinations through cloud scanning and web reputation
US20110219449A1 (en) * 2010-03-04 2011-09-08 St Neitzel Michael Malware detection method, system and computer program product
US8621638B2 (en) 2010-05-14 2013-12-31 Mcafee, Inc. Systems and methods for classification of messaging entities
US9231969B1 (en) * 2010-05-28 2016-01-05 Symantec Corporation Determining file risk based on security reputation of associated objects
US9147071B2 (en) 2010-07-20 2015-09-29 Mcafee, Inc. System and method for proactive detection of malware device drivers via kernel forensic behavioral monitoring and a back-end reputation system
US9536089B2 (en) 2010-09-02 2017-01-03 Mcafee, Inc. Atomic detection and repair of kernel memory
US20120096554A1 (en) * 2010-10-19 2012-04-19 Lavasoft Ab Malware identification
US9032526B2 (en) 2011-05-12 2015-05-12 Microsoft Technology Licensing, Llc Emulating mixed-code programs using a virtual machine instance
DE202011102058U1 (de) 2011-06-16 2011-11-02 Michael Rathgeb Mechanismus zur Verhinderung der Ausführung von Schadcode
US8510841B2 (en) * 2011-12-06 2013-08-13 Raytheon Company Detecting malware using patterns
US20130347104A1 (en) * 2012-02-10 2013-12-26 Riverside Research Institute Analyzing executable binary code without detection
RU2491615C1 (ru) * 2012-02-24 2013-08-27 Закрытое акционерное общество "Лаборатория Касперского" Система и способ формирования записей для обнаружения программного обеспечения
RU2510074C2 (ru) 2012-02-24 2014-03-20 Закрытое акционерное общество "Лаборатория Касперского" Система и способ проверки исполняемого кода перед его выполнением
US8726392B1 (en) * 2012-03-29 2014-05-13 Symantec Corporation Systems and methods for combining static and dynamic code analysis
US9165142B1 (en) * 2013-01-30 2015-10-20 Palo Alto Networks, Inc. Malware family identification using profile signatures
US9009825B1 (en) * 2013-06-21 2015-04-14 Trend Micro Incorporated Anomaly detector for computer networks
RU2606559C1 (ru) 2015-10-22 2017-01-10 Акционерное общество "Лаборатория Касперского" Система и способ оптимизации антивирусной проверки файлов
US11159538B2 (en) 2018-01-31 2021-10-26 Palo Alto Networks, Inc. Context for malware forensics and detection
US10764309B2 (en) 2018-01-31 2020-09-01 Palo Alto Networks, Inc. Context profiling for malware detection

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5321840A (en) * 1988-05-05 1994-06-14 Transaction Technology, Inc. Distributed-intelligence computer system including remotely reconfigurable, telephone-type user terminal
US5144660A (en) * 1988-08-31 1992-09-01 Rose Anthony M Securing a computer against undesired write operations to or read operations from a mass storage device
US4975950A (en) * 1988-11-03 1990-12-04 Lentz Stephen A System and method of protecting integrity of computer data and software
US5121345A (en) * 1988-11-03 1992-06-09 Lentz Stephen A System and method for protecting integrity of computer data and software
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5408642A (en) * 1991-05-24 1995-04-18 Symantec Corporation Method for recovery of a computer program infected by a computer virus
DK170490B1 (da) * 1992-04-28 1995-09-18 Multi Inform As Databehandlingsanlæg
US5649095A (en) * 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
US5359659A (en) * 1992-06-19 1994-10-25 Doren Rosenthal Method for securing software against corruption by computer viruses
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5398196A (en) * 1993-07-29 1995-03-14 Chambers; David A. Method and apparatus for detection of computer viruses
US5675711A (en) * 1994-05-13 1997-10-07 International Business Machines Corporation Adaptive statistical regression and classification of data strings, with application to the generic detection of computer viruses
US5537540A (en) * 1994-09-30 1996-07-16 Compaq Computer Corporation Transparent, secure computer virus detection method and apparatus
US5684875A (en) * 1994-10-21 1997-11-04 Ellenberger; Hans Method and apparatus for detecting a computer virus on a computer
US5442699A (en) * 1994-11-21 1995-08-15 International Business Machines Corporation Searching for patterns in encrypted data
US5485575A (en) * 1994-11-21 1996-01-16 International Business Machines Corporation Automatic analysis of a computer virus structure and means of attachment to its hosts
US5613002A (en) * 1994-11-21 1997-03-18 International Business Machines Corporation Generic disinfection of programs infected with a computer virus
US5559960A (en) * 1995-04-21 1996-09-24 Lettvin; Jonathan D. Software anti-virus facility

Also Published As

Publication number Publication date
EP0951676A2 (de) 1999-10-27
WO1998030957A2 (en) 1998-07-16
DE69804760D1 (de) 2002-05-16
WO1998030957A3 (en) 1998-11-05
CA2277330A1 (en) 1998-07-16
US5826013A (en) 1998-10-20
WO1998030957A9 (en) 1999-06-17
EP0951676B1 (de) 2002-04-10

Similar Documents

Publication Publication Date Title
DE69804760D1 (de) Verfahren und vorrichtung zur erkennung polymorpher viren
DE69609980T2 (de) Verfahren und system zur erkennung von polymorphen viren
US20060253687A1 (en) Overlapped code obfuscation
AU7340700A (en) Fast write instruction for micro engine used in multithreaded parallel processorarchitecture
DE10297273T5 (de) Verfahren zur Bereitstellung von Systemintegrität und Legacy-Umgebungsemulation
BRPI0503688A (pt) método para proporcionar remendos para software
CA2365315A1 (en) Method for permitting debugging and testing of software on a mobile communication device in a secure environment
WO2005019974A3 (en) Secure protection method for access to protected resources in a processor
RU2510075C2 (ru) Способ обнаружения вредоносного программного обеспечения в ядре операционной системы
DE60000285D1 (de) Vorrichtung und verfahren zur unterbrechungsverarbeitung von peripheriegeräten
ATE10401T1 (de) Datenverarbeitungssystem mit vorrichtung zum adressieren interner register.
KR930006542A (ko) 가상모드에서 선택적으로 동작하는 소프트웨어 인터럽트 명령어를 갖는 컴퓨터 시스템
Vogl et al. X-TIER: Kernel module injection
EA199900060A1 (ru) Переносимая защищенная система осуществления транзакций для программируемых устройств с микропроцессорами
Abrath et al. Obfuscating windows dlls
JP5549810B2 (ja) プログラム難読化装置、プログラム制御装置、プログラム難読化方法及びプログラム
Liutkevicius et al. Assessment of dongle-based software copy protection combined with additional protection methods
SE9701894D0 (sv) Method and devics for computer systems
Wetzels et al. Dissecting QNX
Wu et al. Efficient and automatic instrumentation for packed binaries
Dai Zovi Kernel rootkits
Zou et al. Identify stack overflow exploits with dynamic binary instrumentation
Wahab et al. ARMHEx: a framework for efficient DIFT in real-world SoCs
Fraser et al. Copilot-a coprocessor-based kernel runtime integrity monitor
IT1255601B (it) Sistema informatico avente istruzioni relative ad interruzione operanti in modo virtuale.

Legal Events

Date Code Title Description
8332 No legal effect for de
8370 Indication of lapse of patent is to be deleted
8364 No opposition during term of opposition