WO2008036665A3 - Methods, media, and systems for detecting attack on a digital processing device - Google Patents

Methods, media, and systems for detecting attack on a digital processing device Download PDF

Info

Publication number
WO2008036665A3
WO2008036665A3 PCT/US2007/078773 US2007078773W WO2008036665A3 WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3 US 2007078773 W US2007078773 W US 2007078773W WO 2008036665 A3 WO2008036665 A3 WO 2008036665A3
Authority
WO
WIPO (PCT)
Prior art keywords
document
methods
media
systems
processing device
Prior art date
Application number
PCT/US2007/078773
Other languages
French (fr)
Other versions
WO2008036665A2 (en
Inventor
Wei-Jen Li
Salvatore J Stolfo
Angelos Stavrou
Elli Androulaki
Original Assignee
Univ Columbia
Wei-Jen Li
Salvatore J Stolfo
Angelos Stavrou
Elli Androulaki
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Columbia, Wei-Jen Li, Salvatore J Stolfo, Angelos Stavrou, Elli Androulaki filed Critical Univ Columbia
Publication of WO2008036665A2 publication Critical patent/WO2008036665A2/en
Publication of WO2008036665A3 publication Critical patent/WO2008036665A3/en
Priority to US12/406,814 priority Critical patent/US8789172B2/en
Priority to US14/336,649 priority patent/US9576127B2/en
Priority to US15/400,127 priority patent/US10181026B2/en
Priority to US16/215,976 priority patent/US10902111B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Abstract

Methods, media, and systems for detecting attack are provided. In some embodiments, them methods include comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
PCT/US2007/078773 2006-09-18 2007-09-18 Methods, media, and systems for detecting attack on a digital processing device WO2008036665A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US12/406,814 US8789172B2 (en) 2006-09-18 2009-03-18 Methods, media, and systems for detecting attack on a digital processing device
US14/336,649 US9576127B2 (en) 2006-09-18 2014-07-21 Methods, media, and systems for detecting attack on a digital processing device
US15/400,127 US10181026B2 (en) 2006-09-18 2017-01-06 Methods, media, and systems for detecting attack on a digital processing device
US16/215,976 US10902111B2 (en) 2006-09-18 2018-12-11 Methods, media, and systems for detecting attack on a digital processing device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US84556306P 2006-09-18 2006-09-18
US60/845,563 2006-09-18

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/406,814 Continuation-In-Part US8789172B2 (en) 2006-09-18 2009-03-18 Methods, media, and systems for detecting attack on a digital processing device

Publications (2)

Publication Number Publication Date
WO2008036665A2 WO2008036665A2 (en) 2008-03-27
WO2008036665A3 true WO2008036665A3 (en) 2008-10-02

Family

ID=39201205

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/078773 WO2008036665A2 (en) 2006-09-18 2007-09-18 Methods, media, and systems for detecting attack on a digital processing device

Country Status (1)

Country Link
WO (1) WO2008036665A2 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8789172B2 (en) 2006-09-18 2014-07-22 The Trustees Of Columbia University In The City Of New York Methods, media, and systems for detecting attack on a digital processing device
US8407160B2 (en) 2006-11-15 2013-03-26 The Trustees Of Columbia University In The City Of New York Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and/or generating sanitized anomaly detection models
CN105068832B (en) * 2015-07-30 2018-06-01 北京奇虎科技有限公司 A kind of method and apparatus for generating executable file

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020073055A1 (en) * 1998-09-30 2002-06-13 David M. Chess System and method for detecting and repairing document-infecting viruses using dynamic heuristics
US20030229810A1 (en) * 2002-06-05 2003-12-11 Bango Joseph J. Optical antivirus firewall for internet, LAN, and WAN computer applications
US6697950B1 (en) * 1999-12-22 2004-02-24 Networks Associates Technology, Inc. Method and apparatus for detecting a macro computer virus using static analysis
US20050273698A1 (en) * 2004-05-19 2005-12-08 Bentley System, Inc. Document genealogy
US20060036570A1 (en) * 2004-08-03 2006-02-16 Softricity, Inc. System and method for controlling inter-application association through contextual policy control
US20060129603A1 (en) * 2004-12-14 2006-06-15 Jae Woo Park Apparatus and method for detecting malicious code embedded in office document

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020073055A1 (en) * 1998-09-30 2002-06-13 David M. Chess System and method for detecting and repairing document-infecting viruses using dynamic heuristics
US6697950B1 (en) * 1999-12-22 2004-02-24 Networks Associates Technology, Inc. Method and apparatus for detecting a macro computer virus using static analysis
US20030229810A1 (en) * 2002-06-05 2003-12-11 Bango Joseph J. Optical antivirus firewall for internet, LAN, and WAN computer applications
US20050273698A1 (en) * 2004-05-19 2005-12-08 Bentley System, Inc. Document genealogy
US20060036570A1 (en) * 2004-08-03 2006-02-16 Softricity, Inc. System and method for controlling inter-application association through contextual policy control
US20060129603A1 (en) * 2004-12-14 2006-06-15 Jae Woo Park Apparatus and method for detecting malicious code embedded in office document

Also Published As

Publication number Publication date
WO2008036665A2 (en) 2008-03-27

Similar Documents

Publication Publication Date Title
WO2007022392A3 (en) Information protection method and system
WO2007061671A3 (en) Systems and methods for detecting and disabling malicious script code
WO2012154664A3 (en) Methods, systems, and computer readable media for detecting injected machine code
WO2007148314A3 (en) Secure domain information protection apparatus and methods
WO2007009009A3 (en) Systems and methods for identifying sources of malware
WO2009109014A8 (en) Methods for operation of a touch input device
NZ560861A (en) System and method for foreign code detection
WO2006116394A3 (en) System reactions to the detection of embedded watermarks in a digital host content
MY151479A (en) Method and apparatus for detecting shellcode insertion
WO2011056880A3 (en) Rollback feature
WO2007005440A3 (en) Change event correlation
WO2008068450A3 (en) Improvements in resisting the spread of unwanted code and data
WO2011151736A3 (en) Method and apparatus for analyzing and detecting malicious software
WO2008048665A3 (en) Method, system, and computer program product for malware detection analysis, and response
WO2009154992A3 (en) Intelligent hashes for centralized malware detection
MY151504A (en) System and method of fraund and misuse detection
WO2007098051A3 (en) Perceptual image preview
WO2007030549A3 (en) Threat detection and monitoring apparatus with integrated display system
EP1909228A4 (en) Face image detecting device, face image detecting method, and face image detecting program
WO2008098014A3 (en) System and methods for indel identification using short read sequencing
WO2008129643A1 (en) Shot size identifying device and method, electronic device, and computer program
WO2008069971A3 (en) Apparatus and associated methods for diagnosing configuration faults
MY160351A (en) Illegal Mode Change Handling
WO2007101533A3 (en) Platform boot with bridge support
WO2011002811A3 (en) Arrangement for identifying uncontrolled events at the process module level and methods thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07842694

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07842694

Country of ref document: EP

Kind code of ref document: A2