Suspicious program detection

Number of patents in Portfolio can not be more than 2000

United States of America Patent

PATENT NO 9747447
APP PUB NO 20160055337A1
SERIAL NO

14779620

Stats

ATTORNEY / AGENT: (SPONSORED)

Importance

Loading Importance Indicators... loading....

Abstract

See full text

A processing device (10) includes a processor (12), an interface (14) and a memory (100). The memory (100) is formed from system Random Access Memory (RAM) and one or more other storage devices. The memory (100) can be considered as comprising working memory (110) and persistent storage (120). The working memory includes the system RAM but may also use memory from one or more other storage devices and when certain suspicious program detection modules are operating also stores a comparison table (112) discussed below. Contained within the persistent storage are several executable program files as follows: an Absolute Memory Address Calculator executable program (121) which is responsible for causing the system (10) to inspect a copy of a persistently stored (and compiled) executable program (e.g. an executable program (125, 126, 127, . . . as stored in the persistent storage 120) and to calculate expected absolute memory locations for the various functions or helper programs that it makes calls to and to store these in a table (112) that it creates in the working memory (110) for this purpose; a Loaded Program Accessor executable program (122) which is responsible for causing the system (10) to inspect a copy of an executable program as loaded in the working memory (110) of the system after loading and linking of the program have been completed, to determine the actual memory locations stored in the Import Address Table (IAT) of the loaded program, and to store these actual memory locations in the comparison table (112); a Memory Location Comparator executable program (123) which is responsible for causing the system (10) during execution of this program to compare the calculated expected absolute memory locations with their respective actual accessed memory locations as stored in the comparison table of memory locations (112); and a Corroborator executable program (124) which is responsible for causing the system (10) during execution of this program to perform a corroboration of any mismatches of memory locations detected in the memory location pairs stored in the table (112) of memory locations, by, in the present embodiment, inspecting the contents of any executable instructions contained at the actually accessed memory location to look for the presence of an instruction causing a new thread of execution to be instantiated.

Loading the Abstract Image... loading....

First Claim

See full text

Family

Loading Family data... loading....

Patent Owner(s)

  • BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY

International Classification(s)

  • [Classification Symbol]
  • [Patents Count]

Inventor(s)

Inventor Name Address # of filed Patents Total Citations
El-Moussa, Fadi London, GB 90 1432

Cited Art Landscape

Load Citation

Patent Citation Ranking

Forward Cite Landscape

Load Citation

Maintenance Fees

Fee Large entity fee small entity fee micro entity fee due date
7.5 Year Payment $3600.00 $1800.00 $900.00 Feb 28, 2025
11.5 Year Payment $7400.00 $3700.00 $1850.00 Feb 28, 2029
Fee Large entity fee small entity fee micro entity fee
Surcharge - 7.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge - 11.5 year - Late payment within 6 months $160.00 $80.00 $40.00
Surcharge after expiration - Late payment is unavoidable $700.00 $350.00 $175.00
Surcharge after expiration - Late payment is unintentional $1,640.00 $820.00 $410.00