Patent
Detecting exploit code in network flows
Eric van den Berg,Ramkumar Chinchani +1 more
- 28 Oct 2005
213
TL;DR: In this paper, a content filter is utilized for filtering out legitimate programs from the data flows, and the unfiltered portions are provided to an executable code recognizer which detects executable code.
read more
Abstract: The present invention discloses detecting exploit code in network flows. The network data packets are intercepted by a flow monitor, which generates data flows from the intercepted data packets. A content filter is utilized for filtering out legitimate programs from the data flows, and the unfiltered portions are provided to an executable code recognizer which detects executable code. The executable code recognizer also performs convergent binary disassembly on the unfiltered portions of the data flows, constructs a control flow graph, control flow analysis, data flow analysis, and constraint enforcement in order to detect executable code.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Electronic message analysis for malware detection
Ashar Aziz,Henry Uyeno,Jay Manni,Amin Sukhera,Stuart Staniford +4 more
- 23 Feb 2012
TL;DR: In this paper, an electronic message is analyzed for malware contained in the message and the analysis may include replaying the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message, if the replayed URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
262
Patent
Network-Based Binary File Extraction and Analysis for Malware Detection
Jayaraman Manni,Ashar Aziz,Fengmin Gong,Upendran Loganathan,Amin Sukhera +4 more
- 30 Sep 2009
TL;DR: In this paper, a system and method for network-based file analysis for malware detection is described, where a binary file including the binary packet is extracted from the network content and determined whether the extracted binary file is detected to be malware.
243
Patent
Detecting Malicious Network Content Using Virtual Environment Components
Osman Abdoul Ismael,Samuel Yie,Jayaraman Manni,Muhammad Amin,Bahman Mahbod +4 more
- 23 Jan 2009
TL;DR: In this paper, a set of heuristics are used to identify suspicious network content communicated over a network and further analyzed in a virtual environment that includes one or more virtual environment components.
226
Patent
Detecting Malicious Network Content
Ashar Aziz,Stuart Staniford,Muhammad Amin,Henry Uyeno,Samuel Yie +4 more
- 24 Feb 2012
TL;DR: In this paper, a system consisting of a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable devices, a controller configured to send data associated with the devices, an analysis module to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the devices storing the malware.
207
Patent
Systems and Methods for Scheduling Analysis of Network Content for Malware
Stuart Staniford,Ashar Aziz +1 more
- 24 Jun 2013
TL;DR: In this paper, a method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network contents, determining a score related to a probability that the network content includes malicious network contents based on at least the suspicious characteristic, identifying the content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content and analyzing a response of the virtual machine.
198
References
Patent
Active network defense system and method
Craig Cantrell,Marc Willebeek-LeMair,Dennis Cox,John F. McHale,Brian Smith,Donovan Kolbly +5 more
- 07 Nov 2003
TL;DR: In this paper, an active network defense system is provided that is operable to monitor and block traffic in automated fashion, which is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure.
484
Patent
Detecting Public Network Attacks Using Signatures and Fast Content Analysis
Sumeet Singh,George Varghese,Cristi Estan,Stefan Savage +3 more
- 01 Dec 2004
TL;DR: In this article, a content sifting method is combined with a value sampling method to increase the throughput of network traffic that can be monitored and reported as a signature for suspected worm.
316
Patent
System and method for threat detection and response
Hezi I. Mualem,Nick Black,John Molnar,Jason Lunz +3 more
- 22 Jul 2004
TL;DR: In this paper, systems, devices and methods for analyzing a network packet received from a remote source and destined for a network resource, the network packet having associated packet data, and for identifying a plurality of network threats are disclosed.
241
WORM vs. WORM: preliminary study of an active counter-attack mechanism
Frank J. Castaneda,Emre C. Sezer,Jun Xu +2 more
- 29 Oct 2004
TL;DR: This paper proposes a method that transforms a malicious worm into an anti-worm which disinfects its original, and shows through simulation the effectiveness of anAnti-worm with several propagation schemes and its impact on the overall network.
Patent
Preventing attacks in a data processing system
Morton D. Swimmer,Andreas Wespi,Diego Zamboni +2 more
- 13 Jan 2004
TL;DR: In this paper, a method and apparatus for facilitating reduction in successful attacks on a monitored data processing system, such as a host computer, is presented, which comprises a host or application based sensor for detecting code based intrusions with a relatively low false-positive rate.
72
Related Papers (5)
Robert E. Cavanaugh
- 07 Apr 2004
Scott A. Field,Brandon Baker +1 more
- 28 Jun 2007
Eric P. Traut,Forrest Foltz,Andrew John Thornton,Suyash Sinha +3 more
- 25 Jan 2007