Work Files Saved Searches
   My Account                                                  Search:   Quick/Number   Boolean   Advanced   Derwent    Help   


 The Delphion Integrated View
  Buy Now:   Buy PDF- 29pp  PDF  |   File History  |   Other choices   
  Tools:  Citation Link  |  Add to Work File:    
  View:  Expand Details   |  INPADOC   |  Jump to: 
  Go to:  Derwent  
 Email this to a friend  Email this to a friend 
       
Title: US5440723: Automatic immune system for computers and computer networks
[ Derwent Title ]

Country: US United States of America

View Images High
Resolution

 Low
 Resolution

 
29 pages

 
Inventor: Arnold, William C.; Mahopac, NY
Chess, David M.; Mohegan Lake, NY
Kephart, Jeffrey O.; Yorktown Heights, NY
White, Steven R.; New York, NY

Assignee: International Business Machines Corporation, Armonk, NY
other patents from INTERNATIONAL BUSINESS MACHINES CORPORATION (280070) (approx. 44,393)
 News, Profiles, Stocks and More about this company

Published / Filed: 1995-08-08 / 1993-01-19

Application Number: US1993000004872
IPC Code: Advanced: G06F 1/00; G06F 21/00; H04L 29/06;
Core: more...
IPC-7: G06F 11/00;

ECLA Code: G06F21/00N3V6; G06F21/00N3V4S; H04L29/06S14D;

U.S. Class: Current: 714/002; 714/033; 714/038;
Original: 395/181; 395/700; 395/183.09; 395/183.14;

Field of Search: 395/575 371/16.5,19,11.2,8.2

Priority Number:
1993-01-19  US1993000004872

Abstract:     A method includes the following component steps, or some functional subset of these steps: (A) periodic monitoring of a data processing system (10) for anomalous behavior that may indicate the presence of an undesirable software entity such as a computer virus, worm, or Trojan Horse; (B) automatic scanning for occurrences of known types of undesirable software entities and taking remedial action if they are discovered; (C) deploying decoy programs to capture samples of unknown types of computer viruses; (D) identifying machine code portions of the captured samples which are unlikely to vary from one instance of the virus to another; (E) extracting an identifying signature from the executable code portion and adding the signature to a signature database; (F) informing neighboring data processing systems on a network of an occurrence of the undesirable software entity; and (G) generating a distress signal, if appropriate, so as to call upon an expert to resolve difficult cases. A feature of this invention is the automatic execution of the foregoing steps in response to a detection of an undesired software entity, such as a virus or a worm, within a data processing system. The automatic extraction of the identifying signature, the addition of the signature to a signature data base, and the immediate use of the signature by a scanner provides protection from subsequent infections of the system, and also a network of systems, by the same or an altered form of the undesirable software entity.

Attorney, Agent or Firm: Perman & Green ;

Primary / Asst. Examiners: Beausoliel, Jr., Robert W.; Palys, Joseph E.
INPADOC Legal Status: Show legal status actions

Family: None
First Claim:
Show all 46 claims		 Having thus described our invention, what we claim as new, and desire to secure by Letters Patent is:     1. A method for providing computational integrity for a digital data processing system, comprising the computer-executed steps of:
  • detecting, with a data processor, an anomalous behavior of a digital data processing system during program execution, the anomalous behavior being indicative of an undesirable informational state of the digital data processing system that may result from the presence of an undesirable software entity;
  • scanning, with the data processor, one or more portions of an informational state history of the digital data processing system to detect, if present, at least one known type of undesirable software entity;
  • in response to the detection of a known type of undesirable software entity, taking remedial action;
  • else, if a known type of undesirable software entity is not detected by the step of scanning, detecting, with the data processor, a previously unknown type of undesirable software entity;
  • extracting, with the data processor, an identifying signature from the detected undesirable software entity;
  • storing the identifying signature so as to enable a future detection of the undesirable software entity as a known type of undesirable software entity; and
  • taking remedial action; wherein
  • the step of extracting includes the data processor executed steps of obtaining at least one sequence of bytes from the detected undesirable software entity, determining likelihoods that the at least one sequence of bytes is also found in program code that may be run on a digital data processing system which is to be protected from the undesirable software entity, and selecting as the extracted identifying signature a plurality of bytes from the at least one sequence that have a high likelihood of reliably identifying a future occurrence of the undesirable software entity.
    •


Background / Summary: Show background / summary

Drawing Descriptions: Show drawing descriptions

Description: Show description

Forward References: Show 181 U.S. patent(s) that reference this one

       
U.S. References: Go to Result Set: All U.S. references   |  Forward references (181)   |   Backward references (12)   |   Citation Link

Buy
PDF		 Patent  Pub.Date  Inventor Assignee   Title
Buy PDF- 8pp US5062045  1991-10 Janis et al.  International Business Machines Corporation System for maintaining a document and activity selective alterable document history log in a data processing system
Buy PDF- 38pp US5084816  1992-01 Boese et al.  Bell Communications Research, Inc. Real time fault tolerant transaction processing system
Buy PDF- 5pp US5121345  1992-01 Lentz   System and method for protecting integrity of computer data and software
Buy PDF- 19pp US5200958  1993-04 Hamilton et al.  Xerox Corporation Method and apparatus for recording and diagnosing faults in an electronic reprographic printing system
Buy PDF- 22pp US5218605  1993-01 Low et al.  Hewlett-Packard Company Software modules for testing computer hardware and software
Buy PDF- 14pp US5255208  1993-10 Thakore et al.  AEG Westinghouse Transportation Systems, Inc. On-line processor based diagnostic system
Buy PDF- 25pp US5278901  1994-01 Shieh et al.  International Business Machines Corporation Pattern-oriented intrusion-detection system and method
Buy PDF- 12pp US5291590  1994-03 Ohnishi et al.  Fujitsu Limited Method of detecting and processing abnormal message output from computer system and detecting and processing apparatus therefor
Buy PDF- 12pp US5297150  1994-03 Clark  International Business Machines Corporation Rule-based method for testing of programming segments
Buy PDF- 15pp US5319776  1994-06 Hile et al.  Hilgraeve Corporation In transit detection of computer virus with safeguard
Buy PDF- 17pp US5359659  1994-10 Rosenthal   Method for securing software against corruption by computer viruses
Buy PDF- 22pp US5361359  1994-11 Tajallie et al.  Trusted Information Systems, Inc. System and method for controlling the use of a computer
       
Foreign References: None

Other Abstract Info: DERABS G1995-283461 DERABS G1995-283461

Other References:
  • Qasem et al. "AI Trends in Virus Control" 1991 IEEE Proc. of Southeaston pp. 99-103 vol. 1.
  • Crocker et al. "A Proposal for a Verification-Based Virus Filler" 1989 IEEE Symposium on Security & Privacy pp. 319-324.
  • Kephort et al. "Directed Graph Epidemiological Module of Computer Viruses" 1991 IEEE Computer Society Symposium on Research in Security & Privacy pp. 343-359.
  • Kumor et al. "A Generic Virus Scanner in C++" 1992 8th Ann. Computer Security Applications Proceedings pp. 210-219.
  • Shoutkov et al. "Computer Viruses: Ways of Reproduction in MS DOS" 25th Ann. 1991 IEEE International Carnahan Conf. on Security Tech. pp. 168-176.
  • S. W. Shieh et al. "A Pattern-Oriented Intrusion-Detection Model and its Applications", Proceedings of the 1991 IEEE Computer Society Symposium on Reserach and Privacy, pp. 327-342.
  • H. S. Javitz et al. "The SRI IDES Statistical Anomaly Detector", Proceedings of the 1991 IEEE Computer Symposium on Research in Security and Privacy, pp. 316-326.
  • W. Arnold et al. "System for Detecting Undesired Alteration of Software", IBM TDB, vol. 32, No. 11, Apr. 1990, pp. 48-50.
  • S. M. Katz, "Estimation of Probabilities from Sparse Data for the Language Model Component of a Speech Recognizer", IEEE Trans. ASSP-35, No. 3, Mar. 1987, pp. 400-401. (2 pages) Cited by 5 patents
  • F. Cohen, A Short Course on Computer Viruses, ASP Press, Pittsburg, 1990, pp. 9-15.


    • Inquire Regarding Licensing

    Powered by Verity
    Plaques from Patent Awards      Gallery of Obscure PatentsNominate this for the Gallery...

    Thomson Reuters Copyright © 1997-2010 Thomson Reuters 
    Subscriptions  |  Web Seminars  |  Privacy  |  Terms & Conditions  |  Site Map  |  Contact Us  |  Help