Patent
Malicious-process-determining method, data processing apparatus and recording medium
Kazunori Saito
- 26 Aug 2005
42
TL;DR: A malicious process-determining method, a data processing apparatus, and a recording medium according to the present invention each consists of reading the data stored in a buffer memory by one byte, and for a plurality of instruction sequences each having a different read address, sequentially analyzing what kind of instruction code is contained therein this paper.
read more
Abstract: A malicious-process-determining method, a data processing apparatus, and a recording medium according to the present invention each consists of reading the data stored in a buffer memory by one byte, and for a plurality of instruction sequences each having a different read address, sequentially analyzing what kind of instruction code is contained therein. When the int instruction is contained in the analyzed instruction sequence, the number of times the immediate value is pushed to the stack is greater than 1, and the character code corresponding to “/” is contained in the virtual stack, a determination is made that a malicious code is contained in the relevant instruction sequence.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
System and method for detecting executable machine instructions in a data stream
Peter J. Silberman,II James R. Butler,Nick J. Harbour +2 more
- 27 Oct 2010
TL;DR: In this article, the pre-processing may include determining whether the plurality of values meets a randomness condition, a length condition, and/or a string ratio condition; the candidate data subset is inspected for computer instructions, characteristics of the computer instructions are determined, and a predetermined action taken based on the characteristics of computer instructions.
187
Patent
Method and system for obfuscating a cryptographic function
Wilhelmus Petrus Adrianus Johannus Michiels,Paulus Mathias Hubertus Mechtildis Antonius Gorissen +1 more
- 28 Feb 2007
TL;DR: In this article, a method of protecting an integrity of a data processing system is proposed, which comprises determining (1) a data string to be protected and (2) a set of parameters representing a predetermined data processing function, using a redundancy in the set of parameter values to incorporate the data string into a bit representation of the parameter values.
67
Patent
System and method for scanning obfuscated files for pestware
Jefferson Delk Horne
- 14 Apr 2006
TL;DR: In this article, a plurality of files in a file storage device of a protected computer are scanned and obfuscated files are identified from amont the plurality of file files in the file.
58
Patent
System and method for detection of complex malware
Alexey A. Polyakov,Vladislav V. Martynenko,Yuri G. Slobodyanuk,Denis A. Nazarov,Mikhail A. Pavlyushchik +4 more
- 28 Apr 2011
TL;DR: In this paper, the authors present a system for detecting malware with complex infection patterns, which provides enhanced protection against malware by identifying potentially harmful software objects, monitoring execution of various processes and threads of potentially harmful objects, compiling contexts of events of execution of the monitored processes, and merging contexts of related threads.
49
Patent
Proactive Exploit Detection
Cristian Craioveanu,Ying Lin,Peter Ferrie,Bruce Dang +3 more
- 12 Mar 2009
TL;DR: In this paper, a malware detection system may disassemble a collection of data to obtain a sequence of possible instructions and determine whether the collection is suspected of containing malicious executable code based, at least partially, on an analysis of the possible instructions.
37
References
Patent
Network security system and method using a parallel finite state machine adaptive active monitor and responder
Paul C. Hershey,Donald B. Johnson,An V. Le,Stephen M. Matyas,John G. Waclawsky,John D. Wilkins +5 more
- 27 Oct 1993
TL;DR: In this paper, a system and method provide a security agent, consisting of a monitor and a responder, that respond to a detected security event in a data communications network, by producing and transmitting a security alert message to a network security manager.
423
Patent
Polymorphic virus detection module
Carey Nachenberg
- 05 Jan 1998
TL;DR: Polymorphic anti-virus modules (PAMs) as discussed by the authors include a CPU emulator for emulating the target program, a virus signature scanning module for scanning decrypted virus code, and an emulation control module.
268
Patent
Method for detecting buffer overflow for computer security
Yona Hollander,Ophir Rahman,Shmuel Sagiv,Ury Segal +3 more
- 18 Mar 1999
TL;DR: In this paper, the authors propose a method for detecting buffer overflow weakness exploitation, including the steps of determining a plurality of threshold parameters, each respective to a buffer overflow vulnerability exploitation event, analyzing a code to be executed, and comparing the validation values to the respective ones of the threshold parameters.
101
Patent
Security association data cache and structure
Satish N. Anand,Hemanshu Bhatnagar,Swaroop Admusumilli,James Darren Parker +3 more
- 13 May 2002
TL;DR: In this article, the output control unit can selectively send clear data and/or cipher data to the hash circuit and to an output FIFO memory buffer, which handles final processing under the control of the output controller.
48
Patent
Methods and apparatus for detecting heap smashing
Christof Fetzer,Zhen Xiao +1 more
- 24 Oct 2001
TL;DR: In this paper, a method and apparatus for detecting heap smashing condition is presented, where a call to a library function, such as a request to write a data block to the heap section of a memory, is intercepted from a program being executed.
47
Related Papers (5)
M. Schmid,Michael Weber,Michael Haddox-Schatz,David Geyer +3 more
- 24 Sep 2004
Vladimir Kiriansky,Derek L. Bruening,Saman Amarasinghe +2 more
- 21 Sep 2009
Carey Nachenberg
- 30 Nov 1999