skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Methods, media, and systems for detecting attack on a digital processing device

Patent ·
OSTI ID:1496606
; ; ;

Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.

Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
Assignee:
The Trustees of Columbia University in the City of New York (New York, NY)
Patent Number(s):
10,181,026
Application Number:
15/400,127
OSTI ID:
1496606
Resource Relation:
Patent File Date: 2017 Jan 06
Country of Publication:
United States
Language:
English

References (35)

Anagram: A Content Anomaly Detector Resistant to Mimicry Attack book January 2006
Universal one-way hash functions and their cryptographic applications conference January 1989
The Mahalanobis distance journal January 2000
Systems and methods for detecting software security vulnerabilities patent June 2008
Optical antivirus firewall for internet, LAN, and WAN computer applications patent-application December 2003
RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization conference October 2007
A linear space algorithm for computing maximal common subsequences journal June 1975
System and method for detecting malicious executable code patent October 2011
System and Method for Detecting and Repairing Document-Infecting Viruses Using Dynamic Heuristics patent-application June 2002
System and method for controlling inter-application association through contextual policy control patent-application February 2006
Kolmogorov complexity estimates for detection of viruses in biologically inspired security systems: A comparison with traditional approaches journal November 2003
Data mining methods for detection of new malicious executables conference January 2001
Space/time trade-offs in hash coding with allowable errors journal July 1970
Correlation engine for detecting network attacks and detection method patent September 2011
Method and apparatus for detecting a macro computer virus using static analysis patent February 2004
Countering code-injection attacks with instruction-set randomization
  • Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280 https://doi.org/10.1145/948109.948146
conference January 2003
Nearest neighbor pattern classification journal January 1967
Gauging Similarity with n-Grams: Language-Independent Categorization of Text journal February 1995
Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses patent-application April 2015
Prevention of software tampering patent January 2009
Content based file type detection algorithms conference January 2003
Anomalous Payload-Based Network Intrusion Detection book January 2004
System and method for detecting malicious script patent May 2015
Fileprints: identifying file types by n-gram analysis conference January 2005
Apparatus and method for detecting malicious code embedded in office document patent-application June 2006
N-gram-based detection of new malicious code conference January 2004
Instance-based learning algorithms journal January 1991
Thwarting Attacks in Malcode-Bearing Documents by Altering Data Sector Values September 2008
Method of identifying data type and locating in a file patent November 1999
Apparatus and method for removing malicious code inserted into file patent November 2013
Apparatus and method for electronic mail virus detection and elimination patent March 1999
Malware phylogeny generation using permutations of code journal September 2005
Towards Stealthy Malware Detection book January 2007
Document genealogy patent-application December 2005
Randomized instruction set emulation to disrupt binary code injection attacks
  • Barrantes, Elena Gabriela; Ackley, David H.; Palmer, Trek S.
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 281-289 https://doi.org/10.1145/948109.948147
conference January 2003

Similar Records

Related Subjects

97 MATHEMATICS AND COMPUTING