Patent
Detecting Malicious Network Content
Ashar Aziz,Stuart Staniford,Muhammad Amin,Henry Uyeno,Samuel Yie +4 more
- 24 Feb 2012
207
TL;DR: In this paper, a system consisting of a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable devices, a controller configured to send data associated with the devices, an analysis module to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the devices storing the malware.
read more
Abstract: Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Electronic message analysis for malware detection
Ashar Aziz,Henry Uyeno,Jay Manni,Amin Sukhera,Stuart Staniford +4 more
- 23 Feb 2012
TL;DR: In this paper, an electronic message is analyzed for malware contained in the message and the analysis may include replaying the suspicious URL in a virtual environment which simulates the intended computing device to receive the electronic message, if the replayed URL is determined to be malicious, the malicious URL is added to a black list which is updated throughout the computer system.
262
Patent
Systems and methods for virtualization and emulation assisted malware detection
Ali Golshan,James S. Binder +1 more
- 05 Nov 2012
TL;DR: In this paper, the authors describe a method for detecting suspicious behavior associated with an object, instantiating an emulation environment in response to the detected suspicious behavior, processing, recording responses to, and tracing operations of the object within the emulation environment, detecting a divergence between the traced operations of an object within a virtualization environment to the traces of the operation within an emulated environment, re-instantiating the virtualisation environment, providing the recorded response from the emulated object to the object in the VM, monitoring the operation of the objects within the VM and generating a report regarding
233
Patent
Systems and Methods for Scheduling Analysis of Network Content for Malware
Stuart Staniford,Ashar Aziz +1 more
- 24 Jun 2013
TL;DR: In this paper, a method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network contents, determining a score related to a probability that the network content includes malicious network contents based on at least the suspicious characteristic, identifying the content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content and analyzing a response of the virtual machine.
198
Patent
Optimized resource allocation for virtual machines within a malware content detection system
Osman Abdoul Ismael
- 10 May 2013
TL;DR: In this article, a virtual machine instance provides a first virtual operating environment while the second VM instance is adapted to share the resources allocated to the first VM instance, which is further adapted to allocate additional resources upon conducting Copy-On Write operation.
195
Patent
System and method for detecting malicious links in electronic messages
Vinay K. Pidathala,Henry Uyeno +1 more
- 18 Jul 2013
TL;DR: In this paper, any known URL links are removed from the URL links based on a list of known link signatures, and a link analysis is performed on the URL link based on link heuristics to determine whether the link link is suspicious.
182
References
•Proceedings Article
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome,Dawn Song +1 more
- 01 Jan 2005
TL;DR: TaintCheck as mentioned in this paper performs dynamic taint analysis by performing binary rewriting at run time, which can reliably detect most types of exploits and produces no false positives for any of the many different programs that were tested.
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
George W. Dunlap,Samuel T. King,Sukru Cinar,Murtaza A. Basrai,Peter M. Chen +4 more
- 09 Dec 2002
TL;DR: ReVirt removes the dependency on the target operating system by moving it into a virtual machine and logging below the virtual machine, and enables it to provide arbitrarily detailed observations about what transpired on the system, even in the presence of non-deterministic attacks and executions.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
Thomas Henry Ptacek,Timothy Nakula Newsham +1 more
- 01 Jan 1998
TL;DR: Three classes of attacks which exploit fundamentally problems with the reliability of passive protocol analysis are defined--insertion, evasion and denial of service attacks--and how to apply these three types of attacks to IP and TCP protocol analysis is described.
•Proceedings Article
Autograph: toward automated, distributed worm signature detection
TL;DR: Autograph as mentioned in this paper is a system that automatically generates signatures for novel Internet worms that propagate using TCP transport, and it is designed to produce signatures that exhibit high sensitivity (high true positives) and high specificity (low false positives).
Honeycomb: creating intrusion detection signatures using honeypots
Christian Kreibich,Jon Crowcroft +1 more
- 01 Jan 2004
TL;DR: A system for automated generation of attack signatures for network intrusion detection systems that successfully created precise traffic signatures that otherwise would have required the skills and time of a security officer to inspect the traffic manually.
776
Related Papers (5)
Ashar Aziz,Ramesh Radhakrishnan,Wei-Lung Lai,Jayaraman Manni +3 more
- 28 Jul 2006
Chad McMillan,Jason Garman +1 more
- 25 Jan 2007
Timothy E. Danford,Suresh Kumar Batchu +1 more
- 29 Jul 2008