최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0424584 (1995-04-14) |
발명자 / 주소 |
|
출원인 / 주소 |
|
인용정보 | 피인용 횟수 : 286 인용 특허 : 0 |
A method, and apparatus for accomplishing the method, to extract and/or evaluate a signature of a computer virus or other undesirable software entity. The method includes a first step of inputting to a digital data processor at least one portion of a undesirable software entity, the at least one por
A method, and apparatus for accomplishing the method, to extract and/or evaluate a signature of a computer virus or other undesirable software entity. The method includes a first step of inputting to a digital data processor at least one portion of a undesirable software entity, the at least one portion including a sequence of bytes of the undesirable software entity that is likely to remain substantially invariant from one instance of that entity to another instance, and it is from this portion or portions that candidate computer virus signatures are drawn. A second step constructs a list of unique n-grams from the sequence of bytes, each of the unique n-grams being comprised of from one to a specified maximum number of sequential bytes of the sequence of bytes. A third step estimates, for each of the unique n-grams, a probability of an occurrence of a unique n-gram within sequences of bytes obtained from a corpus of computer programs that are typically executed upon the digital data processor. For each candidate signature that is comprised of one or more of the unique n-grams, a fourth step estimates a probability of an occurrence of the candidate virus signature within the sequences of bytes obtained from the corpus. A fifth step accepts the candidate signature as a valid signature if the estimated probability of the occurrence of the candidate virus signature is less than a threshold probability. The threshold probabilities have values selected to reduce the possibility of an occurrence of a false positive indication during the subsequent use of the valid virus signature by a virus scanner.
A method for operating a digital data processor to obtain one or more valid signatures of an undesirable software entity, the digital data processor including a memory that is bidirectionally coupled to the digital data processor, the method comprising the steps of: storing in the memory a corpus of
A method for operating a digital data processor to obtain one or more valid signatures of an undesirable software entity, the digital data processor including a memory that is bidirectionally coupled to the digital data processor, the method comprising the steps of: storing in the memory a corpus of computer programs that are representative of computer programs that are likely to be infected by an undesirable software entity; inputting to the digital data processor at least one portion of the undesirable software entity, the at least one portion including a sequence of bytes of the undesirable software entity that are likely to remain substantially invariant from a first instance of the undesirable software entity to a second instance of the undesirable software entity; storing the at least one inputted portion in the memory; selecting at least one candidate signature of the undesirable software entity from the stored at least one portion of the undesirable software entity; constructing with the digital data processor a list of unique n-grams from the sequence of bytes, each of the unique n-grams being comprised of from one to a chosen maximal number of sequential bytes (B) of the sequence of bytes, the constructed list of unique n-grams being stored in the memory; for each of the unique n-grams of the stored list, estimating with the digital data processor a probability of an occurrence of the unique n-gram within sequences of bytes obtained from the stored corpus of computer programs; for each candidate signature that is comprised of one or more of the unique n-grams, estimating with the digital data processor a false-positive probability of an occurrence of the candidate signature within the sequences of bytes obtained from the corpus of computer programs; comparing the estimated false-positive probabilities of the candidate signatures with one another and with a set threshold probabilities, the threshold probabilities having values selected to reduce a likelihood of an occurrence of a false positive indication during the use of a signature; and outputting at least one signature for subsequent use in identifying an occurrence of the undesirable software entity or a modified version of the undesirable software entity, the outputted at least one signature being determined to exhibit a false alarm probability that is comparable to or less than a lowest false alarm probability of others of the candidate signatures.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.