Detection of viral code using emulation of operating system functions
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
Dec 25, 2012
Grant Date -
Jun 27, 2002
app pub date -
Jul 14, 2001
filing date -
Jul 14, 2000
priority date (Note) -
In Force
status (Latency Note)
Importance
Abstract
A method and apparatus for detecting viral code that uses calls to an operating system to damage computer systems, computers and/or computer files is provided. The apparatus comprises a CPU emulator, a memory manager component and a monitor component. An artificial memory region spanning one or more components of the operating system is created by the memory manager component. Execution of computer executable code in a subject file is emulated by the CPU emulator. An attempt by the emulated computer executable code to access the artificial memory region is detected by the monitor component. The apparatus optionally may comprise an auxiliary component and an analyzer component. The auxiliary component determines an operating system call that the emulated computer executable code attempted to access. The analyzer component monitors the operating system call to determine whether the computer executable code is viral.
First Claim
Family
International Classification(s)
Cited Art Landscape
Patent Citation Ranking
Advertisement
Advertisement
Advertisement
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully