DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Methods, media, and systems for detecting attack on a digital processing device

Abstract

Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document;more » and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.

Inventors:
; ; ;
Issue Date:
Research Org.:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1496606
Patent Number(s):
10181026
Application Number:
15/400,127
Assignee:
The Trustees of Columbia University in the City of New York (New York, NY)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Patent
Resource Relation:
Patent File Date: 2017 Jan 06
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., and Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States: N. p., 2019. Web.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., & Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., and Androulaki, Elli. Tue . "Methods, media, and systems for detecting attack on a digital processing device". United States. https://www.osti.gov/servlets/purl/1496606.
@article{osti_1496606,
title = {Methods, media, and systems for detecting attack on a digital processing device},
author = {Stolfo, Salvatore J. and Li, Wei-Jen and Keromytis, Angelos D. and Androulaki, Elli},
abstractNote = {Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {1}
}

Works referenced in this record:

Anagram: A Content Anomaly Detector Resistant to Mimicry Attack
book, January 2006


Universal one-way hash functions and their cryptographic applications
conference, January 1989


The Mahalanobis distance
journal, January 2000


Systems and methods for detecting software security vulnerabilities
patent, June 2008


Optical antivirus firewall for internet, LAN, and WAN computer applications
patent-application, December 2003


RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization
conference, October 2007


A linear space algorithm for computing maximal common subsequences
journal, June 1975


System and Method for Detecting and Repairing Document-Infecting Viruses Using Dynamic Heuristics
patent-application, June 2002


System and method for controlling inter-application association through contextual policy control
patent-application, February 2006


Data mining methods for detection of new malicious executables
conference, January 2001


Space/time trade-offs in hash coding with allowable errors
journal, July 1970


Correlation engine for detecting network attacks and detection method
patent, September 2011


Countering code-injection attacks with instruction-set randomization
conference, January 2003

  • Kc, Gaurav S.; Keromytis, Angelos D.; Prevelakis, Vassilis
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 272-280
  • https://doi.org/10.1145/948109.948146

Nearest neighbor pattern classification
journal, January 1967


Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses
patent-application, April 2015


Prevention of software tampering
patent, January 2009


Content based file type detection algorithms
conference, January 2003


Anomalous Payload-Based Network Intrusion Detection
book, January 2004


System and method for detecting malicious script
patent, May 2015


Fileprints: identifying file types by n-gram analysis
conference, January 2005


Apparatus and method for detecting malicious code embedded in office document
patent-application, June 2006


N-gram-based detection of new malicious code
conference, January 2004


Instance-based learning algorithms
journal, January 1991


Thwarting Attacks in Malcode-Bearing Documents by Altering Data Sector Values
September 2008


Apparatus and method for removing malicious code inserted into file
patent, November 2013


Apparatus and method for electronic mail virus detection and elimination
patent, March 1999


Malware phylogeny generation using permutations of code
journal, September 2005


Towards Stealthy Malware Detection
book, January 2007


Document genealogy
patent-application, December 2005


Randomized instruction set emulation to disrupt binary code injection attacks
conference, January 2003

  • Barrantes, Elena Gabriela; Ackley, David H.; Palmer, Trek S.
  • CCS '03 Proceedings of the 10th ACM conference on Computer and communications security, p. 281-289
  • https://doi.org/10.1145/948109.948147