skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Methods, media, and systems for detecting attack on a digital processing device

Patent ·
OSTI ID:1149603
; ; ;

Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
Assignee:
The Trustees of Columbia University in the City of New York (New York, NY)
Patent Number(s):
8,789,172
Application Number:
12/406,814
OSTI ID:
1149603
Country of Publication:
United States
Language:
English

References (75)

Systems and methods for detecting malicious PDF network content patent March 2015
Systems and methods for automatically detecting backdoors patent March 2015
Automatic immune system for computers and computer networks patent August 1995
Parameterized bloom filters patent December 1997
Apparatus and method for electronic mail virus detection and elimination patent March 1999
Method of identifying data type and locating in a file patent November 1999
Optical scanning system for surface inspection patent June 2000
Method and apparatus for detecting a macro computer virus using static analysis patent February 2004
Authenticating executable code and executions thereof patent June 2007
Host-based detection and prevention of malicious code propagation patent January 2008
Prevention of software tampering patent January 2009
Generating a hierarchical data structure associated with a plurality of known arbitrary-length bit strings used for detecting whether an arbitrary-length bit string input matches one of a plurality of known arbitrary-length bit string patent September 2010
System and Method for Detecting and Repairing Document-Infecting Viruses Using Dynamic Heuristics patent-application June 2002
Protocol-parsing state machine and method of using same patent-application January 2003
Method and apparatus for sociological data mining patent-application September 2003
Optical antivirus firewall for internet, LAN, and WAN computer applications patent-application December 2003
Information reservoir patent-application June 2004
Network security apparatus and method patent-application January 2005
Technique for detecting executable malicious code using a combination of static and dynamic analyses patent-application May 2005
System and process for managing network traffic patent-application November 2005
Document genealogy patent-application December 2005
Apparatus method and medium for identifying files using n-gram distribution of data patent-application January 2006
System and method for controlling inter-application association through contextual policy control patent-application February 2006
Apparatus and method for detecting malicious code embedded in office document patent-application June 2006
System and method for identity-based fraud detection for transactions using a plurality of historical identity records patent-application July 2006
Software self-defense systems and methods patent-application October 2007
Detecting suspicious embedded malicious content in benign file formats patent-application January 2008
Systems and methods for the prevention of unauthorized use and manipulation of digital content patent-application July 2008
Method and Apparatus for Deep Packet Inspection patent-application August 2008
Systems and Methods for Watermarking Software and Other Media patent-application September 2008
Method and Apparatus for Detecting Malware Infection patent-application July 2009
N-gram-based detection of new malicious code conference January 2004
Instance-based learning algorithms journal January 1991
Randomized instruction set emulation to disrupt binary code injection attacks
  • Barrantes, Elena Gabriela; Ackley, David H.; Palmer, Trek S.
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 281-289 https://doi.org/10.1145/948109.948147
conference January 2003
Can machine learning be secure?
  • Barreno, Marco; Nelson, Blaine; Sears, Russell
  • ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security, p. 16-25 https://doi.org/10.1145/1128817.1128824
conference January 2006
Space/time trade-offs in hash coding with allowable errors journal July 1970
Macro virus identification problems journal January 1998
Nearest neighbor pattern classification journal January 1967
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits conference January 2005
Gauging Similarity with n-Grams: Language-Independent Categorization of Text journal February 1995
The Mahalanobis distance journal January 2000
Deep packet inspection using parallel Bloom filters conference January 2003
Anomaly detection using call stack information conference January 2003
Evading network anomaly detection systems: formal reasoning and practical techniques conference January 2006
A sense of self for Unix processes conference January 1996
Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: A comparison with traditional approaches journal November 2003
A linear space algorithm for computing maximal common subsequences journal June 1975
RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization conference October 2007
Malware phylogeny generation using permutations of code journal September 2005
Countering code-injection attacks with instruction-set randomization
  • Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280 https://doi.org/10.1145/948109.948146
conference January 2003
Honeycomb: creating intrusion detection signatures using honeypots journal January 2004
Recent Advances in Intrusion Detection book January 2006
Service specific anomaly detection for network intrusion detection conference January 2002
Thwarting Attacks in Malcode-Bearing Documents by Altering Data Sector Values September 2008
Fileprints: identifying file types by n-gram analysis conference January 2005
Fast and automated generation of attack signatures: a basis for building self-protecting servers conference January 2005
Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation report January 2006
Characterizing the behavior of a program using multiple-length N-grams conference January 2000
Content based file type detection algorithms conference January 2003
Internet quarantine: requirements for containing self-propagating code
  • Moore, D.; Shannon, C.; Voelker, G. M.
  • IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428) https://doi.org/10.1109/INFCOM.2003.1209212
conference January 2003
Universal one-way hash functions and their cryptographic applications conference January 1989
Paragraph: Thwarting Signature Learning by Training Maliciously book January 2006
Polygraph: Automatically Generating Signatures for Polymorphic Worms conference January 2005
A practical mimicry attack against powerful system-call monitors conference January 2008
Misleading worm signature generators using deliberate noise injection conference January 2006
Data mining methods for detection of new malicious executables conference January 2001
Specification-based anomaly detection: a new approach for detecting network intrusions conference January 2002
On the effectiveness of address-space randomization conference January 2004
On the infeasibility of modeling polymorphic shellcode conference January 2007
"Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector conference January 2002
Mimicry attacks on host-based intrusion detection systems conference January 2002
Intrusion detection via static analysis conference January 2001
Shield: vulnerability-driven network filters for preventing known vulnerability exploits journal October 2004
SigFree: A Signature-Free Buffer Overflow Attack Blocker journal January 2010
Toward Automated Dynamic Malware Analysis Using CWSandbox journal March 2007

Cited By (39)

System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection patent August 2017
Multistage system and method for analyzing obfuscated content for malware patent June 2017
Framework for classifying an object as malicious with machine learning for deploying updated predictive models patent June 2017
Selective system call monitoring patent June 2017
System and method for detecting anomalous behaviors using a virtual machine environment patent May 2017
Network-based malware detection patent May 2017
Electronic device for aggregation, correlation and consolidation of analysis attributes patent May 2017
Advanced persistent threat (APT) detection center patent April 2017
System and method for bot detection patent April 2017
Malicious content analysis with multi-version application support within single operating environment patent April 2017
System and method of detecting delivery of malware based on indicators of compromise from different sources patent March 2017
Return-oriented programming detection patent March 2017
Detecting malware based on reflection patent March 2017
System and method for signature generation patent March 2017
System and method for offloading packet processing and static analysis operations patent March 2017
Systems and methods for computer worm defense patent December 2016
Optimized resource allocation for virtual machines within a malware content detection system patent November 2016
Methods for detecting file altering malware in VM based analysis patent November 2016
Computer exploit detection using heap spray pattern matching patent September 2016
Systems and methods for analyzing malicious PDF network content patent September 2016
Dynamic content activation for automated analysis of embedded objects patent September 2016
System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object patent August 2016
Distributed systems and methods for automatically detecting unknown bots and botnets patent August 2016
System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers patent July 2016
Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application patent June 2016
System and method of detecting delivery of malware using cross-customer data patent June 2016
File extraction from memory dump for malicious content analysis patent May 2016
Correlation and consolidation of analytic data for holistic view of a malware attack patent April 2016
System, apparatus and method for automatically verifying exploits within suspect objects and highlighting the display information associated with the verified exploits patent April 2016
Systems and methods for unauthorized activity defense patent April 2016
System and method for detecting malicious links in electronic messages patent March 2016
Fuzzy hash of behavioral results patent March 2016
System and method for analyzing packets patent March 2016
Detection efficacy of virtual machine-based analysis with application specific events patent February 2016
Framework for iterative analysis of mobile software applications patent December 2015
Dynamically remote tuning of a malware content detection system patent December 2015
Framework for efficient security coverage of mobile software applications patent November 2015
Systems and methods for detecting malicious PDF network content patent August 2015
Framework for efficient security coverage of mobile software applications installed on mobile devices patent April 2015

Similar Records

Related Subjects

97 MATHEMATICS AND COMPUTING