DOE Patents DOE Patents
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information
Search DOE Patents

Title: Methods, media, and systems for detecting attack on a digital processing device

Abstract

Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document;more » and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.

Inventors:
; ; ;
Issue Date:
Research Org.:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1149603
Patent Number(s):
8789172
Application Number:
12/406,814
Assignee:
The Trustees of Columbia University in the City of New York (New York, NY)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
Show more
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Patent
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Stolfo, Salvatore J., Li, Wei-Jen, Keromylis, Angelos D., and Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States: N. p., 2014. Web.
Copy to clipboard
Stolfo, Salvatore J., Li, Wei-Jen, Keromylis, Angelos D., & Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States.
Copy to clipboard
Stolfo, Salvatore J., Li, Wei-Jen, Keromylis, Angelos D., and Androulaki, Elli. Tue . "Methods, media, and systems for detecting attack on a digital processing device". United States. https://www.osti.gov/servlets/purl/1149603.
Copy to clipboard
@article{osti_1149603,
title = {Methods, media, and systems for detecting attack on a digital processing device},
author = {Stolfo, Salvatore J. and Li, Wei-Jen and Keromylis, Angelos D. and Androulaki, Elli},
abstractNote = {Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Jul 22 00:00:00 EDT 2014},
month = {Tue Jul 22 00:00:00 EDT 2014}
}
Copy to clipboard
Patent:
View Patent
Save / Share:
Export Metadata
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.

Works referenced in this record:

Systems and methods for automatically detecting backdoors
patent, March 2015

Automatic immune system for computers and computer networks
patent, August 1995

Parameterized bloom filters
patent, December 1997

Apparatus and method for electronic mail virus detection and elimination
patent, March 1999

Optical scanning system for surface inspection
patent, June 2000

Prevention of software tampering
patent, January 2009

System and Method for Detecting and Repairing Document-Infecting Viruses Using Dynamic Heuristics
patent-application, June 2002

Protocol-parsing state machine and method of using same
patent-application, January 2003

Method and apparatus for sociological data mining
patent-application, September 2003

Optical antivirus firewall for internet, LAN, and WAN computer applications
patent-application, December 2003

Information reservoir
patent-application, June 2004

Network security apparatus and method
patent-application, January 2005

Technique for detecting executable malicious code using a combination of static and dynamic analyses
patent-application, May 2005

System and process for managing network traffic
patent-application, November 2005

Document genealogy
patent-application, December 2005

Apparatus method and medium for identifying files using n-gram distribution of data
patent-application, January 2006

System and method for controlling inter-application association through contextual policy control
patent-application, February 2006

Apparatus and method for detecting malicious code embedded in office document
patent-application, June 2006

System and method for identity-based fraud detection for transactions using a plurality of historical identity records
patent-application, July 2006

Software self-defense systems and methods
patent-application, October 2007

Detecting suspicious embedded malicious content in benign file formats
patent-application, January 2008

Systems and methods for the prevention of unauthorized use and manipulation of digital content
patent-application, July 2008

Method and Apparatus for Deep Packet Inspection
patent-application, August 2008

Systems and Methods for Watermarking Software and Other Media
patent-application, September 2008

Method and Apparatus for Detecting Malware Infection
patent-application, July 2009

N-gram-based detection of new malicious code
conference, January 2004

Instance-based learning algorithms
journal, January 1991

Randomized instruction set emulation to disrupt binary code injection attacks
conference, January 2003

  • Barrantes, Elena Gabriela; Ackley, David H.; Palmer, Trek S.
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 281-289
  • https://doi.org/10.1145/948109.948147

Can machine learning be secure?
conference, January 2006

  • Barreno, Marco; Nelson, Blaine; Sears, Russell
  • ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security, p. 16-25
  • https://doi.org/10.1145/1128817.1128824

Space/time trade-offs in hash coding with allowable errors
journal, July 1970

Macro virus identification problems
journal, January 1998

Nearest neighbor pattern classification
journal, January 1967

On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits
conference, January 2005

The Mahalanobis distance
journal, January 2000

Deep packet inspection using parallel Bloom filters
conference, January 2003

Anomaly detection using call stack information
conference, January 2003

Evading network anomaly detection systems: formal reasoning and practical techniques
conference, January 2006

A sense of self for Unix processes
conference, January 1996

A linear space algorithm for computing maximal common subsequences
journal, June 1975

RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization
conference, October 2007

Malware phylogeny generation using permutations of code
journal, September 2005

Countering code-injection attacks with instruction-set randomization
conference, January 2003

  • Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280
  • https://doi.org/10.1145/948109.948146

Honeycomb: creating intrusion detection signatures using honeypots
journal, January 2004

Recent Advances in Intrusion Detection
book, January 2006

Service specific anomaly detection for network intrusion detection
conference, January 2002

Thwarting Attacks in Malcode-Bearing Documents by Altering Data Sector Values
September 2008

Fileprints: identifying file types by n-gram analysis
conference, January 2005

Fast and automated generation of attack signatures: a basis for building self-protecting servers
conference, January 2005

Bloodhound: Searching Out Malicious Input in Network Flows for Automatic Repair Validation
report, January 2006

Characterizing the behavior of a program using multiple-length N-grams
conference, January 2000

Content based file type detection algorithms
conference, January 2003

Internet quarantine: requirements for containing self-propagating code
conference, January 2003

  • Moore, D.; Shannon, C.; Voelker, G. M.
  • IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428)
  • https://doi.org/10.1109/INFCOM.2003.1209212

Universal one-way hash functions and their cryptographic applications
conference, January 1989

Paragraph: Thwarting Signature Learning by Training Maliciously
book, January 2006

Polygraph: Automatically Generating Signatures for Polymorphic Worms
conference, January 2005

A practical mimicry attack against powerful system-call monitors
conference, January 2008

Misleading worm signature generators using deliberate noise injection
conference, January 2006

Data mining methods for detection of new malicious executables
conference, January 2001

Specification-based anomaly detection: a new approach for detecting network intrusions
conference, January 2002

On the effectiveness of address-space randomization
conference, January 2004

On the infeasibility of modeling polymorphic shellcode
conference, January 2007

"Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector
conference, January 2002

Mimicry attacks on host-based intrusion detection systems
conference, January 2002

Intrusion detection via static analysis
conference, January 2001

Shield: vulnerability-driven network filters for preventing known vulnerability exploits
journal, October 2004

SigFree: A Signature-Free Buffer Overflow Attack Blocker
journal, January 2010

Toward Automated Dynamic Malware Analysis Using CWSandbox
journal, March 2007

    [ × clear filter / sort ]

    Works referencing / citing this record:

    Multistage system and method for analyzing obfuscated content for malware
    patent, June 2017

    Selective system call monitoring
    patent, June 2017

    Network-based malware detection
    patent, May 2017

    Advanced persistent threat (APT) detection center
    patent, April 2017

    System and method for bot detection
    patent, April 2017

    Return-oriented programming detection
    patent, March 2017

    Detecting malware based on reflection
    patent, March 2017

    System and method for offloading packet processing and static analysis operations
    patent, March 2017

    Methods for detecting file altering malware in VM based analysis
    patent, November 2016

    Computer exploit detection using heap spray pattern matching
    patent, September 2016

    Systems and methods for analyzing malicious PDF network content
    patent, September 2016

    Dynamic content activation for automated analysis of embedded objects
    patent, September 2016

    System and method of detecting delivery of malware using cross-customer data
    patent, June 2016

    File extraction from memory dump for malicious content analysis
    patent, May 2016

    Correlation and consolidation of analytic data for holistic view of a malware attack
    patent, April 2016

    Fuzzy hash of behavioral results
    patent, March 2016

    System and method for analyzing packets
    patent, March 2016

    Framework for iterative analysis of mobile software applications
    patent, December 2015

    Dynamically remote tuning of a malware content detection system
    patent, December 2015

    Framework for efficient security coverage of mobile software applications
    patent, November 2015

      [ × clear filter / sort ]

      Similar Records in DOE Patents and OSTI.GOV collections: