Methods, media, and systems for detecting attack on a digital processing device
Abstract
Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document;more »
- Inventors:
- Issue Date:
- Research Org.:
- Pacific Northwest National Laboratory (PNNL), Richland, WA (United States); Columbia Univ., New York, NY (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1805432
- Patent Number(s):
- 10902111
- Application Number:
- 16/215,976
- Assignee:
- The Trustees of Columbia University in the City of New York (New York, NY)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- AC05-76RL01830
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 12/11/2018
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., and Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States: N. p., 2021.
Web.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., & Androulaki, Elli. Methods, media, and systems for detecting attack on a digital processing device. United States.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., and Androulaki, Elli. Tue .
"Methods, media, and systems for detecting attack on a digital processing device". United States. https://www.osti.gov/servlets/purl/1805432.
@article{osti_1805432,
title = {Methods, media, and systems for detecting attack on a digital processing device},
author = {Stolfo, Salvatore J. and Li, Wei-Jen and Keromytis, Angelos D. and Androulaki, Elli},
abstractNote = {Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2021},
month = {1}
}
Works referenced in this record:
System and method for detecting malicious executable code
patent, October 2011
- Maloof, Marcus A.
- US Patent Document 8,037,535
Apparatus and method for electronic mail virus detection and elimination
patent, March 1999
- Ji, Shuang; Chen, Eva; Liang, Yung Chang
- US Patent Document 5,889,943
System and Method for Detecting and Repairing Document-Infecting Viruses Using Dynamic Heuristics
patent-application, June 2002
- Chess, David M.; Kephart, Jeffreyo; Ford, Richard A.
- US Patent Application 09/163250; 20020073055
Systems and methods for detecting software security vulnerabilities
patent, June 2008
- Weber, Michael; Shah, Viren R.; Ren, Chuangang
- US Patent Document 7,392,545
Optical antivirus firewall for internet, LAN, and WAN computer applications
patent-application, December 2003
- Bango, Joseph J.
- US Patent Application 10/455826; 20030229810
Apparatus and method for detecting malicious code embedded in office document
patent-application, June 2006
- Park, Jae Woo; Kim, Won Ho; Moon, Jung Hwan
- US Patent Application 11/211057; 20060129603
Methods, media, and systems for detecting attack on a digital processing device
patent-application, March 2010
- Stolfo, Salvatore J.; Li, Wei-Jen; Keromylis, Angelos D.
- US Patent Application 12/406814; 20100064369
System and method for detecting malicious script
patent, May 2015
- Kim, Tae Ghyoon; Choi, Young Han; Choi, Seok Jin
- US Patent Document 9,032,516
Prevention of software tampering
patent, January 2009
- Olson, Erik B.; Zinda, Eric K.
- US Patent Document 7,478,233
Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses
patent-application, April 2015
- Vincent, Michael; Mesdaq, Ali; Thioux, Emmanuel
- US Patent Application 14/042420; 20150096022
Method and apparatus for detecting a macro computer virus using static analysis
patent, February 2004
- Ko, Cheuk W.
- US Patent Document 6,697,950
Method of identifying data type and locating in a file
patent, November 1999
- Shaner, Richard
- US Patent Document 5,991,714
Apparatus and method for removing malicious code inserted into file
patent, November 2013
- Kim, Won Ho; Moon, Jung-Hwan; Sohn, Ki Wook
- US Patent Document 8,590,016
Document genealogy
patent-application, December 2005
- Smith, Mark D.; Simmons, John D.
- US Patent Application 11/132182; 20050273698
Correlation engine for detecting network attacks and detection method
patent, September 2011
- Shulman, Amichai; Boodaei, Mickey; Kremer, Shlomo
- US Patent Document 8,024,804
System and method for controlling inter-application association through contextual policy control
patent-application, February 2006
- Schafer, Stuart; Sheehan, John
- US Patent Application 11/191595; 20060036570