Computer virus detection
First Claim
Patent Images
1. A computer program product for controlling a computer to detecting an executable computer program containing a computer virus, said computer program product comprising:
- analysis logic operable to analyse program instructions forming said executable computer program to identify suspect program instructions being one or more of;
(i) a program instruction generating a result value not used by another portion of said executable computer program; and
(ii) a program instruction dependent upon an uninitialised variable; and
detecting logic operable to detect said executable computer program as containing a computer virus if a number of suspect program instructions identified for said executable computer program exceeds a threshold level.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer programs are analysed for the occurrence of redundant program instructions of program instruction using uninitialised variables. If the number of such instructions exceeds a threshold level, then the computer program is treated as containing a computer virus. This technique is useful in identifying new and polymorphic viruses.
-
Citations
36 Claims
-
1. A computer program product for controlling a computer to detecting an executable computer program containing a computer virus, said computer program product comprising:
-
analysis logic operable to analyse program instructions forming said executable computer program to identify suspect program instructions being one or more of;
(i) a program instruction generating a result value not used by another portion of said executable computer program; and
(ii) a program instruction dependent upon an uninitialised variable; and
detecting logic operable to detect said executable computer program as containing a computer virus if a number of suspect program instructions identified for said executable computer program exceeds a threshold level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of detecting an executable computer program containing a computer virus, said method comprising the steps of:
-
analysing program instructions forming said executable computer program to identify suspect program instructions being one or more of;
(i) a program instruction generating a result value not used by another portion of said executable computer program; and
(ii) a program instruction dependent upon an uninitialised variable; and
detecting said executable computer program as containing a computer virus if a number of suspect program instructions identified for said executable computer program exceeds a threshold level. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. Apparatus for detecting an executable computer program containing a computer virus, said apparatus comprising:
-
an analyser operable to analyse program instructions forming said executable computer program to identify suspect program instructions being one or more of;
(i) a program instruction generating a result value not used by another portion of said executable computer program; and
(ii) a program instruction dependent upon an uninitialised variable; and
a detector operable to detect said executable computer program as containing a computer virus if a number of suspect program instructions identified for said executable computer program exceeds a threshold level. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification