Work Files Saved Searches
   My Account                                                  Search:   Quick/Number   Boolean   Advanced   Derwent    Help   


 The Delphion Integrated View
  Buy Now:   Buy PDF- 19pp  PDF  |   File History  |   Other choices   
  Tools:  Citation Link  |  Add to Work File:    
  View:  Expand Details   |  INPADOC   |  Jump to: 
  Go to:  Derwent  
 Email this to a friend  Email this to a friend 
       
Title: US5485575: Automatic analysis of a computer virus structure and means of attachment to its hosts
[ Derwent Title ]

Country: US United States of America

View Images High
Resolution

 Low
 Resolution

 
19 pages

 
Inventor: Chess, David M.; Mohegan Lake, NY
Kephart, Jeffrey O.; Yorktown Heights, NY
Sorkin, Gregory B.; New York, NY

Assignee: International Business Machines Corporation, Armonk, NY
other patents from INTERNATIONAL BUSINESS MACHINES CORPORATION (280070) (approx. 44,393)
 News, Profiles, Stocks and More about this company

Published / Filed: 1996-01-16 / 1994-11-21

Application Number: US1994000342949
IPC Code: Advanced: G06F 1/00; G06F 21/00;
Core: more...
IPC-7: G06F 11/34;

ECLA Code: G06F21/00N3V4S;

U.S. Class: Current: 714/038; 713/188;
Original: 395/183.14; 380/004;

Field of Search: 395/575 371/019 380/004,25

Priority Number:
1994-11-21  US1994000342949

Abstract:     Information pertaining to the verification of the identity of, and reversal of, a transformation of computer data is derived automatically based on a set of samples. The most important class of transformations is computer viruses. The process extracts this information for a large, fairly general class of viruses. Samples consisting of host programs infected with the virus and sample pairs consisting of an infected host and the corresponding original, uninfected host are obtained. A description of how the virus attaches to the host program, including locations within uninfected host of components of both the original host and the virus is generated. Viral code is matched across samples to obtain a description of "invariant" regions of the virus. Host bytes embedded within the virus are located. A description of the original host locations permits ant-virus software on a user's machine to restore the bulk of a program that has been infected. Characterization of the correspondence between invariable portions of the virus and destroyed parts of the host enables anti-virus software to complete the repair.

Attorney, Agent or Firm: Whitham, Curtis, Whitham & McGinn ; Tassinari, Robert ;

Primary / Asst. Examiners: Beausoliel, Jr., Robert W.; Chung, Phung My
Maintenance Status: E2 Expired  Check current status

INPADOC Legal Status: Show legal status actions

Family: None
First Claim:
Show all 23 claims		 Having thus described our invention, what we claim as new and desire to secure by Letters Patent is as follows:     1. A method for automatically deriving verification and removal information for a function-preserving transformation of computer data from a set of untransformed data samples and corresponding transformed data samples, comprising the steps of:
  • obtaining a set of "sample pairs", each sample pair consisting of a transformed data sample and a corresponding original, untransformed data sample;
  • locating one or more fragments of each original data sample within a corresponding transformed data sample to obtain a generalized description, applicable to each of the sample pairs, of locations of fragments of each original data sample and locations of new data regions added by the function-preserving transformation that applies to each of the sample pairs;
  • matching new data regions added by the function-preserving transformation across different samples to obtain a description of portions of the new data regions that are "invariant" across different samples;
  • locating within other, variable portions of the new data regions any data from an original data sample embedded there;
  • generating a prescription for verifying with high confidence that any given data sample has resulted from an application of the function-preserving transformation; and
  • generating a prescription for restoring a data sample that has been transformed by the function-preserving transformation to a form functionally equivalent to that prior to the transformation.
    •


Background / Summary: Show background / summary

Drawing Descriptions: Show drawing descriptions

Description: Show description

Forward References: Show 80 U.S. patent(s) that reference this one

       
U.S. References: Go to Result Set: All U.S. references   |  Forward references (80)   |   Backward references (2)   |   Citation Link

Buy
PDF		 Patent  Pub.Date  Inventor Assignee   Title
Buy PDF- 17pp US5349655  1994-09 Mann  Symantec Corporation Method for recovery of a computer program infected by a computer virus
Buy PDF- 17pp US5359659  1994-10 Rosenthal   Method for securing software against corruption by computer viruses
       
Foreign References: None

Other Abstract Info: DERABS G1996-087392 DERABS G1996-087392

Other References:
  • Chess, David, "Virus Verification and Removal--Tools and Techniques", Virus Bulletin, dtd Nov. 1991, pp. 1-7.


    • Inquire Regarding Licensing

    Powered by Verity
    Plaques from Patent Awards      Gallery of Obscure PatentsNominate this for the Gallery...

    Thomson Reuters Copyright © 1997-2010 Thomson Reuters 
    Subscriptions  |  Web Seminars  |  Privacy  |  Terms & Conditions  |  Site Map  |  Contact Us  |  Help