Method of detecting malicious code
First Claim
1. A method of detecting malicious code in a code-executing device, the method characterised in that it includes the steps of:
- (a) generating test data which is substantially unsusceptible to compression without reducing its information content and storing the test data as image data in memory external to the device;
(b) loading the test data into memory of the device;
(c) performing a checksum calculation on the test data stored in the memory of the device to generate a first checksum value, performing a corresponding checksum calculation on the image data to generate a second checksum value, and then comparing the first value with the second value to determine whether or not the test data in the memory of the device has been corrupted;
(d) repeating step (c) until sufficient test data in the memory of the device is checksum tested to determine whether or not malicious code is present in the device.
5 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method of detecting malicious code in a code-executing device (10), the method characterised in that it includes the steps of: (a) generating test data which is substantially unsusceptible to compression without reducing its information content and storing it as image data (230) in memory external to the device (10); (b) loading the test data (R0 to Rm) into memory (30) of the device (10); (c) performing a checksum calculation on the test data (R0 to Rm) stored in the memory (30) of the device (10) to generate a first checksum value, performing a corresponding checksum calculation on the image data (230) to generate a second checksum value, and the comparing the first value with the second value to determine whether or not the test data in the memory of the device (30) has been corrupted; (d) repeating step (c) until sufficient test data in the memory (30) of the device (10) is checksum tested to determine whether or not malicious code is present in the device (10). The method makes it difficult for the malicious code to conceal itself from the checksums, hence it is possible to determine whether or not the device (10) has been compromised.
-
Citations
11 Claims
-
1. A method of detecting malicious code in a code-executing device, the method characterised in that it includes the steps of:
-
(a) generating test data which is substantially unsusceptible to compression without reducing its information content and storing the test data as image data in memory external to the device;
(b) loading the test data into memory of the device;
(c) performing a checksum calculation on the test data stored in the memory of the device to generate a first checksum value, performing a corresponding checksum calculation on the image data to generate a second checksum value, and then comparing the first value with the second value to determine whether or not the test data in the memory of the device has been corrupted;
(d) repeating step (c) until sufficient test data in the memory of the device is checksum tested to determine whether or not malicious code is present in the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification