+

WO2008036665A3 - Methods, media, and systems for detecting attack on a digital processing device - Google Patents

Methods, media, and systems for detecting attack on a digital processing device Download PDF

Info

Publication number
WO2008036665A3
WO2008036665A3 PCT/US2007/078773 US2007078773W WO2008036665A3 WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3 US 2007078773 W US2007078773 W US 2007078773W WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3
Authority
WO
WIPO (PCT)
Prior art keywords
document
methods
media
systems
processing device
Prior art date
Application number
PCT/US2007/078773
Other languages
French (fr)
Other versions
WO2008036665A2 (en
Inventor
Wei-Jen Li
Salvatore J Stolfo
Angelos Stavrou
Elli Androulaki
Original Assignee
Univ Columbia
Wei-Jen Li
Salvatore J Stolfo
Angelos Stavrou
Elli Androulaki
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Columbia, Wei-Jen Li, Salvatore J Stolfo, Angelos Stavrou, Elli Androulaki filed Critical Univ Columbia
Publication of WO2008036665A2 publication Critical patent/WO2008036665A2/en
Publication of WO2008036665A3 publication Critical patent/WO2008036665A3/en
Priority to US12/406,814 priority Critical patent/US8789172B2/en
Priority to US14/336,649 priority patent/US9576127B2/en
Priority to US15/400,127 priority patent/US10181026B2/en
Priority to US16/215,976 priority patent/US10902111B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Methods, media, and systems for detecting attack are provided. In some embodiments, them methods include comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
PCT/US2007/078773 2006-09-18 2007-09-18 Methods, media, and systems for detecting attack on a digital processing device WO2008036665A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US12/406,814 US8789172B2 (en) 2006-09-18 2009-03-18 Methods, media, and systems for detecting attack on a digital processing device
US14/336,649 US9576127B2 (en) 2006-09-18 2014-07-21 Methods, media, and systems for detecting attack on a digital processing device
US15/400,127 US10181026B2 (en) 2006-09-18 2017-01-06 Methods, media, and systems for detecting attack on a digital processing device
US16/215,976 US10902111B2 (en) 2006-09-18 2018-12-11 Methods, media, and systems for detecting attack on a digital processing device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US84556306P 2006-09-18 2006-09-18
US60/845,563 2006-09-18

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/406,814 Continuation-In-Part US8789172B2 (en) 2006-09-18 2009-03-18 Methods, media, and systems for detecting attack on a digital processing device

Publications (2)

Publication Number Publication Date
WO2008036665A2 WO2008036665A2 (en) 2008-03-27
WO2008036665A3 true WO2008036665A3 (en) 2008-10-02

Family

ID=39201205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/078773 WO2008036665A2 (en) 2006-09-18 2007-09-18 Methods, media, and systems for detecting attack on a digital processing device

Country Status (1)

Country Link
WO (1) WO2008036665A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8789172B2 (en) 2006-09-18 2014-07-22 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for detecting attack on a digital processing device
US8407160B2 (en) 2006-11-15 2013-03-26 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models
CN105068832B (en) * 2015-07-30 2018-06-01 北京奇虎科技有限公司 A kind of method and apparatus for generating executable file

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020073055A1 (en) * 1998-09-30 2002-06-13 David M. Chess System and method for detecting and repairing document-infecting viruses using dynamic heuristics
US20030229810A1 (en) * 2002-06-05 2003-12-11 Bango Joseph J. Optical antivirus firewall for internet, LAN, and WAN computer applications
US6697950B1 (en) * 1999-12-22 2004-02-24 Networks Associates Technology, Inc. Method and apparatus for detecting a macro computer virus using static analysis
US20050273698A1 (en) * 2004-05-19 2005-12-08 Bentley System, Inc. Document genealogy
US20060036570A1 (en) * 2004-08-03 2006-02-16 Softricity, Inc. System and method for controlling inter-application association through contextual policy control
US20060129603A1 (en) * 2004-12-14 2006-06-15 Jae Woo Park Apparatus and method for detecting malicious code embedded in office document

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020073055A1 (en) * 1998-09-30 2002-06-13 David M. Chess System and method for detecting and repairing document-infecting viruses using dynamic heuristics
US6697950B1 (en) * 1999-12-22 2004-02-24 Networks Associates Technology, Inc. Method and apparatus for detecting a macro computer virus using static analysis
US20030229810A1 (en) * 2002-06-05 2003-12-11 Bango Joseph J. Optical antivirus firewall for internet, LAN, and WAN computer applications
US20050273698A1 (en) * 2004-05-19 2005-12-08 Bentley System, Inc. Document genealogy
US20060036570A1 (en) * 2004-08-03 2006-02-16 Softricity, Inc. System and method for controlling inter-application association through contextual policy control
US20060129603A1 (en) * 2004-12-14 2006-06-15 Jae Woo Park Apparatus and method for detecting malicious code embedded in office document

Also Published As

Publication number Publication date
WO2008036665A2 (en) 2008-03-27

Similar Documents

Publication Publication Date Title
WO2007022392A3 (en) Information protection method and system
WO2007022454A3 (en) Systems, methods, and media protecting a digital data processing device from attack
WO2007148314A3 (en) Secure domain information protection apparatus and methods
WO2007061671A3 (en) Systems and methods for detecting and disabling malicious script code
WO2012154664A3 (en) Methods, systems, and computer readable media for detecting injected machine code
WO2007009009A3 (en) Systems and methods for identifying sources of malware
EP2348440A3 (en) Collaborative malware detection and prevention on mobile devices
WO2009109014A8 (en) Methods for operation of a touch input device
WO2006116394A3 (en) System reactions to the detection of embedded watermarks in a digital host content
MY151479A (en) Method and apparatus for detecting shellcode insertion
WO2007005440A3 (en) Change event correlation
WO2011151736A3 (en) Method and apparatus for analyzing and detecting malicious software
WO2008048665A3 (en) Method, system, and computer program product for malware detection analysis, and response
WO2009154992A3 (en) Intelligent hashes for centralized malware detection
WO2008069971A3 (en) Apparatus and associated methods for diagnosing configuration faults
MY151504A (en) System and method of fraund and misuse detection
TW200643773A (en) Multi-object detection method of capacitive touch pad
EP1909228A4 (en) Face image detecting device, face image detecting method, and face image detecting program
WO2010138466A8 (en) Systems and methods for efficeint detection of fingerprinted data and information
WO2008129643A1 (en) Shot size identifying device and method, electronic device, and computer program
CA2573318A1 (en) Geospatial image change detecting system with environmental enhancement and associated methods
GB201013467D0 (en) Illegal mode change handling
WO2011002811A3 (en) Arrangement for identifying uncontrolled events at the process module level and methods thereof
MX2010009614A (en) Method of scanning.
WO2011127488A3 (en) Systems and methods of processing data associated with detection and/or handling of malware

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07842694

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07842694

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载