WO2008036665A3 - Methods, media, and systems for detecting attack on a digital processing device - Google Patents
Methods, media, and systems for detecting attack on a digital processing device Download PDFInfo
- Publication number
- WO2008036665A3 WO2008036665A3 PCT/US2007/078773 US2007078773W WO2008036665A3 WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3 US 2007078773 W US2007078773 W US 2007078773W WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- document
- methods
- media
- systems
- processing device
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Abstract
Methods, media, and systems for detecting attack are provided. In some embodiments, them methods include comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/406,814 US8789172B2 (en) | 2006-09-18 | 2009-03-18 | Methods, media, and systems for detecting attack on a digital processing device |
US14/336,649 US9576127B2 (en) | 2006-09-18 | 2014-07-21 | Methods, media, and systems for detecting attack on a digital processing device |
US15/400,127 US10181026B2 (en) | 2006-09-18 | 2017-01-06 | Methods, media, and systems for detecting attack on a digital processing device |
US16/215,976 US10902111B2 (en) | 2006-09-18 | 2018-12-11 | Methods, media, and systems for detecting attack on a digital processing device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US84556306P | 2006-09-18 | 2006-09-18 | |
US60/845,563 | 2006-09-18 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/406,814 Continuation-In-Part US8789172B2 (en) | 2006-09-18 | 2009-03-18 | Methods, media, and systems for detecting attack on a digital processing device |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008036665A2 WO2008036665A2 (en) | 2008-03-27 |
WO2008036665A3 true WO2008036665A3 (en) | 2008-10-02 |
Family
ID=39201205
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/078773 WO2008036665A2 (en) | 2006-09-18 | 2007-09-18 | Methods, media, and systems for detecting attack on a digital processing device |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008036665A2 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8789172B2 (en) | 2006-09-18 | 2014-07-22 | The Trustees Of Columbia University In The City Of New York | Methods, media, and systems for detecting attack on a digital processing device |
US8407160B2 (en) | 2006-11-15 | 2013-03-26 | The Trustees Of Columbia University In The City Of New York | Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models |
CN105068832B (en) * | 2015-07-30 | 2018-06-01 | 北京奇虎科技有限公司 | A kind of method and apparatus for generating executable file |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020073055A1 (en) * | 1998-09-30 | 2002-06-13 | David M. Chess | System and method for detecting and repairing document-infecting viruses using dynamic heuristics |
US20030229810A1 (en) * | 2002-06-05 | 2003-12-11 | Bango Joseph J. | Optical antivirus firewall for internet, LAN, and WAN computer applications |
US6697950B1 (en) * | 1999-12-22 | 2004-02-24 | Networks Associates Technology, Inc. | Method and apparatus for detecting a macro computer virus using static analysis |
US20050273698A1 (en) * | 2004-05-19 | 2005-12-08 | Bentley System, Inc. | Document genealogy |
US20060036570A1 (en) * | 2004-08-03 | 2006-02-16 | Softricity, Inc. | System and method for controlling inter-application association through contextual policy control |
US20060129603A1 (en) * | 2004-12-14 | 2006-06-15 | Jae Woo Park | Apparatus and method for detecting malicious code embedded in office document |
-
2007
- 2007-09-18 WO PCT/US2007/078773 patent/WO2008036665A2/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020073055A1 (en) * | 1998-09-30 | 2002-06-13 | David M. Chess | System and method for detecting and repairing document-infecting viruses using dynamic heuristics |
US6697950B1 (en) * | 1999-12-22 | 2004-02-24 | Networks Associates Technology, Inc. | Method and apparatus for detecting a macro computer virus using static analysis |
US20030229810A1 (en) * | 2002-06-05 | 2003-12-11 | Bango Joseph J. | Optical antivirus firewall for internet, LAN, and WAN computer applications |
US20050273698A1 (en) * | 2004-05-19 | 2005-12-08 | Bentley System, Inc. | Document genealogy |
US20060036570A1 (en) * | 2004-08-03 | 2006-02-16 | Softricity, Inc. | System and method for controlling inter-application association through contextual policy control |
US20060129603A1 (en) * | 2004-12-14 | 2006-06-15 | Jae Woo Park | Apparatus and method for detecting malicious code embedded in office document |
Also Published As
Publication number | Publication date |
---|---|
WO2008036665A2 (en) | 2008-03-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2007022392A3 (en) | Information protection method and system | |
WO2007061671A3 (en) | Systems and methods for detecting and disabling malicious script code | |
WO2012154664A3 (en) | Methods, systems, and computer readable media for detecting injected machine code | |
WO2007148314A3 (en) | Secure domain information protection apparatus and methods | |
WO2007009009A3 (en) | Systems and methods for identifying sources of malware | |
WO2009109014A8 (en) | Methods for operation of a touch input device | |
NZ560861A (en) | System and method for foreign code detection | |
WO2006116394A3 (en) | System reactions to the detection of embedded watermarks in a digital host content | |
MY151479A (en) | Method and apparatus for detecting shellcode insertion | |
WO2011056880A3 (en) | Rollback feature | |
WO2007005440A3 (en) | Change event correlation | |
WO2008068450A3 (en) | Improvements in resisting the spread of unwanted code and data | |
WO2011151736A3 (en) | Method and apparatus for analyzing and detecting malicious software | |
WO2008048665A3 (en) | Method, system, and computer program product for malware detection analysis, and response | |
WO2009154992A3 (en) | Intelligent hashes for centralized malware detection | |
MY151504A (en) | System and method of fraund and misuse detection | |
WO2007098051A3 (en) | Perceptual image preview | |
WO2007030549A3 (en) | Threat detection and monitoring apparatus with integrated display system | |
EP1909228A4 (en) | Face image detecting device, face image detecting method, and face image detecting program | |
WO2008098014A3 (en) | System and methods for indel identification using short read sequencing | |
WO2008129643A1 (en) | Shot size identifying device and method, electronic device, and computer program | |
WO2008069971A3 (en) | Apparatus and associated methods for diagnosing configuration faults | |
MY160351A (en) | Illegal Mode Change Handling | |
WO2007101533A3 (en) | Platform boot with bridge support | |
WO2011002811A3 (en) | Arrangement for identifying uncontrolled events at the process module level and methods thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07842694 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07842694 Country of ref document: EP Kind code of ref document: A2 |