-
1.发明授权Emulation system, method and computer program product for malware detection by back-stepping in program code 有权仿真系统,方法和计算机程序产品,用于通过程序代码中的后台程序检测恶意软件公开(公告)号:US07739100B1
公开(公告)日:2010-06-15
申请号:US11253094
申请日:2005-10-18
申请人: Igor G. Muttik , Ivan Teblyashkin
发明人: Igor G. Muttik , Ivan Teblyashkin
CPC分类号: G06F9/455 , G06F21/56 , G06F21/562 , G06F21/563 , G06F21/566
摘要: A system, method, and computer program product are provided for detecting malware. In use, a search is conducted for known elements of computer code. Upon the detection of at least one known element of computer code, various operations are performed. In particular, the present technique steps back in the computer code, and emulates the computer code. Such emulation and stepping are performed for detecting malware.
摘要翻译: 提供系统,方法和计算机程序产品来检测恶意软件。 在使用中,对计算机代码的已知元素进行搜索。 当检测到至少一个已知的计算机代码元素时,执行各种操作。 特别地,本技术在计算机代码中退步,并且模拟计算机代码。 执行这种仿真和步进以检测恶意软件。
-
2.发明授权Heuristic detection of polymorphic computer viruses based on redundancy in viral code 失效基于病毒码冗余的多态计算机病毒的启发式检测公开(公告)号:US07266844B2
公开(公告)日:2007-09-04
申请号:US09963659
申请日:2001-09-27
IPC分类号: G06F11/00
CPC分类号: G06F21/563
摘要: Computer programs are analysed for the occurrence of redundant program instructions of program instruction using uninitialised variables. If the number of such instructions exceeds a threshold level, then the computer program is treated as containing a computer virus. This technique is useful in identifying new and polymorphic viruses.
摘要翻译: 对使用未初始化变量的程序指令的冗余程序指令的发生情况分析计算机程序。 如果这些指令的数量超过阈值水平,那么计算机程序被视为包含计算机病毒。 这种技术在鉴定新型和多态性病毒方面是有用的。
-
搜索结果
2 条记录 (耗时 0.011 秒)
