Global to push GA events into
skip to main content

Title: Methods, media, and systems for detecting attack on a digital processing device

Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document;more » and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.« less
; ; ;
Issue Date:
OSTI Identifier:
The Trustees of Columbia University in the City of New York PNNL
Patent Number(s):
Application Number:
Contract Number:
Resource Relation:
Patent File Date: 2014 Jul 21
Research Org:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org:
Country of Publication:
United States

Other works cited in this record:

Automatic immune system for computers and computer networks
patent, August 1995

Methods and apparatus for evaluating and extracting signatures of computer viruses and other undesirable software entities
patent, September 1995

Parameterized bloom filters
patent, December 1997

Apparatus and method for electronic mail virus detection and elimination
patent, March 1999

Method of identifying data type and locating in a file
patent, November 1999

Optical scanning system for surface inspection
patent, June 2000

Method and apparatus for detecting a macro computer virus using static analysis
patent, February 2004

Authenticating executable code and executions thereof
patent, June 2007

Host-based detection and prevention of malicious code propagation
patent, January 2008

Static code image modeling and recognition
patent, June 2008

Prevention of software tampering
patent, January 2009

Forecasting a volume associated with an outcome based on analysis of text strings
patent, February 2009

Generating a hierarchical data structure associated with a plurality of known arbitrary-length bit strings used for detecting whether an arbitrary-length bit string input matches one of a plurality of known arbitrary-length bit string
patent, September 2010

Correlation engine for detecting network attacks and detection method
patent, September 2011

Apparatus and method for removing malicious code inserted into file
patent, November 2013

N-gram-based detection of new malicious code
conference, January 2004
  • Abou-Assaleh, T.; Cercone, N.; Keselj, V.
  • Computer Software and Applications Conference, 2004. COMPSAC 2004. Proceedings of the 28th Annual International
  • DOI: 10.1109/CMPSAC.2004.1342667

Instance-based learning algorithms
journal, January 1991
  • Aha, David W.; Kibler, Dennis; Albert, Marc K.
  • Machine Learning, Vol. 6, Issue 1, p. 37-66
  • DOI: 10.1007/BF00153759

Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses
book, January 2002
  • Apap, Frank; Honig, Andrew; Hershkop, Shlomo
  • Recent Advances in Intrusion Detection, p. 36-53
  • DOI: 10.1007/3-540-36084-0_3

Randomized instruction set emulation to disrupt binary code injection attacks
conference, January 2003
  • Barrantes, Elena Gabriela; Ackley, David H.; Palmer, Trek S.
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 281-289
  • DOI: 10.1145/948109.948147

Can machine learning be secure?
conference, January 2006
  • Barreno, Marco; Nelson, Blaine; Sears, Russell
  • ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security, p. 16-25
  • DOI: 10.1145/1128817.1128824

Space/time trade-offs in hash coding with allowable errors
journal, July 1970

Macro virus identification problems
journal, January 1998

Nearest neighbor pattern classification
journal, January 1967

The Mahalanobis distance
journal, January 2000
  • De Maesschalck, R.; Jouan-Rimbaud, D.; Massart, D. L.
  • Chemometrics and Intelligent Laboratory Systems, Vol. 50, Issue 1, p. 1-18
  • DOI: 10.1016/S0169-7439(99)00047-7

Deep packet inspection using parallel Bloom filters
conference, January 2003
  • Dharmapurikar, S.; Krishnamurthy, P.; Sproull, T.
  • High Performance Interconnects, 2003. Proceedings. 11th Symposium on
  • DOI: 10.1109/CONECT.2003.1231477

Anomaly detection using call stack information
conference, January 2003
  • Feng, H. H.; Kolesnikov, O. M.; Fogla, P.
  • Security and Privacy, 2003. Proceedings. 2003 Symposium on
  • DOI: 10.1109/SECPRI.2003.1199328

Evading network anomaly detection systems: formal reasoning and practical techniques
conference, January 2006
  • Fogla, Prahlad; Lee, Wenke
  • CCS '06 Proceedings of the 13th ACM conference on Computer and communications security, p. 59-68
  • DOI: 10.1145/1180405.1180414

A sense of self for Unix processes
conference, January 1996
  • Forrest, S.; Hofmeyr, S. A.; Somayaji, A.
  • Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
  • DOI: 10.1109/SECPRI.1996.502675

A linear space algorithm for computing maximal common subsequences
journal, June 1975

Malware phylogeny generation using permutations of code
journal, September 2005
  • Karim, Md. Enamul.; Walenstein, Andrew; Lakhotia, Arun
  • Journal in Computer Virology, Vol. 1, Issue 1-2, p. 13-23
  • DOI: 10.1007/s11416-005-0002-9

Countering code-injection attacks with instruction-set randomization
conference, January 2003
  • Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280
  • DOI: 10.1145/948109.948146

Honeycomb: creating intrusion detection signatures using honeypots
journal, January 2004
  • Kreibich, Christian; Crowcroft, Jon
  • ACM SIGCOMM Computer Communication Review, Vol. 34, Issue 1, p. 51-56
  • DOI: 10.1145/972374.972384

Polymorphic Worm Detection Using Structural Information of Executables
book, January 2006
  • Kruegel, Christopher; Kirda, Engin; Mutz, Darren
  • Recent Advances in Intrusion Detection, p. 207-226
  • DOI: 10.1007/11663812_11

Service specific anomaly detection for network intrusion detection
conference, January 2002
  • Kr├╝gel, Christopher; Toth, Thomas; Kirda, Engin
  • SAC '02 Proceedings of the 2002 ACM symposium on Applied computing, p. 201-208
  • DOI: 10.1145/508791.508835

A Study of Malcode-Bearing Documents
book, January 2007
  • Li, Wei-Jen; Stolfo, Salvatore; Stavrou, Angelos
  • Detection of Intrusions and Malware, and Vulnerability Assessment
  • DOI: 10.1007/978-3-540-73614-1_14

Fileprints: identifying file types by n-gram analysis
conference, January 2005
  • Li, Wei-Jen; Wang, Ke; Stolfo, S. J.
  • Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
  • DOI: 10.1109/IAW.2005.1495935

Fast and automated generation of attack signatures: a basis for building self-protecting servers
conference, January 2005
  • Liang, Zhenkai; Sekar, R.
  • CCS '05 Proceedings of the 12th ACM conference on Computer and communications security, p. 213-222
  • DOI: 10.1145/1102120.1102150

FLIPS: Hybrid Adaptive Intrusion Prevention
book, January 2006
  • Locasto, Michael E.; Wang, Ke; Keromytis, Angelos D.
  • Recent Advances in Intrusion Detection, p. 82-101
  • DOI: 10.1007/11663812_5

Characterizing the behavior of a program using multiple-length N-grams
conference, January 2000
  • Marceau, Carla
  • NSPW '00 Proceedings of the 2000 workshop on New security paradigms, p. 101-110
  • DOI: 10.1145/366173.366197

Content based file type detection algorithms
conference, January 2003
  • McDaniel, M.; Heydari, M. H.
  • System Sciences, 2003. Proceedings of the 36th Annual Hawaii International Conference on
  • DOI: 10.1109/HICSS.2003.1174905

Polygraph: Automatically Generating Signatures for Polymorphic Worms
conference, January 2005
  • Newsome, J.; Karp, B.; Song, D.
  • Security and Privacy, 2005 IEEE Symposium on
  • DOI: 10.1109/SP.2005.15

Paragraph: Thwarting Signature Learning by Training Maliciously
book, January 2006
  • Newsome, James; Karp, Brad; Song, Dawn
  • Recent Advances in Intrusion Detection, p. 81-105
  • DOI: 10.1007/11856214_5

Misleading worm signature generators using deliberate noise injection
conference, January 2006
  • Perdisci, R.; Dagon, D.; Lee, Wenke
  • Security and Privacy, 2006 IEEE Symposium on
  • DOI: 10.1109/SP.2006.26

Data mining methods for detection of new malicious executables
conference, January 2001
  • Schultz, M. G.; Eskin, E.; Zadok, F.
  • Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium on
  • DOI: 10.1109/SECPRI.2001.924286

Specification-based anomaly detection: a new approach for detecting network intrusions
conference, January 2002
  • Sekar, R.; Gupta, A.; Frullo, J.
  • CCS '02 Proceedings of the 9th ACM conference on Computer and communications security, p. 265-274
  • DOI: 10.1145/586110.586146

On the effectiveness of address-space randomization
conference, January 2004
  • Shacham, Hovav; Page, Matthew; Pfaff, Ben
  • Proceedings of the 11th ACM conference on Computer and communications security, p. 298-307
  • DOI: 10.1145/1030083.1030124

A Dynamic Mechanism for Recovering from Buffer Overflow Attacks
book, January 2005
  • Sidiroglou, Stelios; Giovanidis, Giannis; Keromytis, Angelos D.
  • Information Security, p. 1-15
  • DOI: 10.1007/11556992_1

On the infeasibility of modeling polymorphic shellcode
conference, January 2007
  • Song, Yingbo; Locasto, Michael E.; Stavrou, Angelos
  • CCS '07 Proceedings of the 14th ACM conference on Computer and communications security, p. 541-551
  • DOI: 10.1145/1315245.1315312

Towards Stealthy Malware Detection
book, January 2007

"Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector
conference, January 2002

Undermining an Anomaly-Based Intrusion Detection System Using Common Exploits
book, January 2002
  • Tan, Kymie M. C.; Killourhy, Kevin S.; Maxion, Roy A.
  • Recent Advances in Intrusion Detection
  • DOI: 10.1007/3-540-36084-0_4

Intrusion detection via static analysis
conference, January 2001

Mimicry attacks on host-based intrusion detection systems
conference, January 2002
  • Wagner, David; Soto, Paolo
  • CCS '02 Proceedings of the 9th ACM conference on Computer and communications security, p. 255-264
  • DOI: 10.1145/586110.586145

Shield: vulnerability-driven network filters for preventing known vulnerability exploits
conference, January 2004
  • Wang, Helen J.; Guo, Chuanxiong; Simon, Daniel R.
  • Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, p. 193-204
  • DOI: 10.1145/1015467.1015489

Anomalous Payload-Based Network Intrusion Detection
book, January 2004

Anagram: A Content Anomaly Detector Resistant to Mimicry Attack
book, January 2006
  • Wang, Ke; Parekh, Janak J.; Stolfo, Salvatore J.
  • Recent Advances in Intrusion Detection, p. 226-248
  • DOI: 10.1007/11856214_12

Anomalous Payload-Based Worm Detection and Signature Generation
book, January 2006
  • Wang, Ke; Cretu, Gabriela; Stolfo, Salvatore J.
  • Recent Advances in Intrusion Detection, p. 227-246
  • DOI: 10.1007/11663812_12

SigFree: A Signature-Free Buffer Overflow Attack Blocker
journal, January 2010
  • Wang, Xinran; Pan, Chi-Chun; Liu, Peng
  • IEEE Transactions on Dependable and Secure Computing, Vol. 7, Issue 1, p. 65-79
  • DOI: 10.1109/TDSC.2008.30

Toward Automated Dynamic Malware Analysis Using CWSandbox
journal, March 2007
  • Willems, Carsten; Holz, Thorsten; Freiling, Felix
  • IEEE Security and Privacy Magazine, Vol. 5, Issue 2, p. 32-39
  • DOI: 10.1109/MSP.2007.45

Similar records in DOepatents and OSTI.GOV collections: