SYSTEM AND METHOD TO EMULATE MOBILE LOGIC IN A COMMUNICATION SYSTEM

US 20060090205A1
Filed: 10/26/2004
Published: 04/27/2006
Est. Priority Date: 10/26/2004
Status: Active Grant

First Claim

Patent Images

1. A system to emulate mobile logic, comprising:

a first host including a client that determines a test description; and

a second host that is capable of running a virtual vulnerable service associated with the mobile logic based on the test description, wherein a control server of the second host controls whether one or more messages associated with the mobile logic are transmitted at a port associated with the virtual vulnerable service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Abstract of the Disclosure

A system includes hosts that may be infected with mobile logic. One type of mobile logic is a worm, which can be a process that is capable of causing a (possibly evolved) copy of itself to execute on one or more hosts of the system. An infected host of the system can infect other hosts based on criteria, such as targeting, visibility, vulnerability, or infectability of the other hosts. A worm can be represented as a Turing Machine whose state can be determined using computational methods. A worm can be emulated in the system to determine worm detection capabilities of the system. Emulating the worm can allow the system to be tested with less negative impact than using the actual worm.

18 Citations

View as Search Results

30 Claims

1. A system to emulate mobile logic, comprising:
- a first host including a client that determines a test description; and
  
  a second host that is capable of running a virtual vulnerable service associated with the mobile logic based on the test description, wherein a control server of the second host controls whether one or more messages associated with the mobile logic are transmitted at a port associated with the virtual vulnerable service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the mobile logic is a worm.
  - 3. The system of claim 1, further comprising a third host that is capable of running a virtual vulnerable service associated with the mobile logic based on the test description, wherein the third host transmits at least one message associated with the mobile logic in response to receiving a message of the one or more messages associated with the mobile logic from the port.
  - 4. The system of claim 1, wherein the second host stops transmitting the one or more messages in response to the control server receiving a command from the first host or the second host.
  - 5. The system of claim 1, wherein the second host stops transmitting the one or more messages in response to a lapse of a predetermined amount of time.
  - 6. The system of claim 1, wherein the first host receives information relating to an emulation of the mobile logic from the second host.
  - 7. The system of claim 1, wherein a frequency at which the one or more packets are transmitted at the port is limited to be no greater than a threshold number of packets per second.
  - 8. The system of claim 1, wherein a frequency at which the one or more packets are transmitted at the port is limited to be no greater than a threshold number of bytes per second.
  - 9. The system of claim 1, wherein the control server determines that the one or more messages are to be transmitted at the port in response to the port receiving one or more packets associated with the mobile logic.
  - 10. The system of claim 1, wherein the control server determines that the one or more messages are to be transmitted at the port in response to the second host receiving a command from the first host.
  - 11. The system of claim 1, wherein the test description indicates a range of internet protocol (IP) addresses, and wherein the second host has an IP address in the range.

12. A method of emulating mobile logic in a system, comprising:
- providing a test description to a plurality of hosts;
  
  running a virtual vulnerable service associated with the mobile logic at a first host of the plurality of hosts based on the test description; and
  
  transmitting one or more messages associated with the mobile logic at a port of the first host based on a control server of the first host.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein running the virtual vulnerable service includes running the virtual vulnerable service associated with a worm, and wherein transmitting the one or more messages includes transmitting the one or more messages associated with the worm.
  - 14. The method of claim 12, further comprising:
15. The method of claim 12, further comprising stopping a transmission of the one or more messages at the port of the first host in response to receiving a command at the control server.
16. The method of claim 12, further comprising stopping a transmission of the one or more messages at the port of the first host in response to transmitting the one or more messages at the port of the first host for a predetermined amount of time.
17. The method of claim 12, further comprising receiving information relating to an emulation of the mobile logic from the first host.
18. The method of claim 12, further comprising limiting a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of packets per second.
19. The method of claim 12, further comprising limiting a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of bytes per second.
20. The method of claim 12, further comprising determining that the one or more messages are to be transmitted at the port in response to receiving one or more packets associated with the mobile logic at the port.
21. The method of claim 12, further comprising determining that the one or more messages are to be transmitted at the port in response to the first host receiving a command from a host that provides the test description to the plurality of hosts.
22. The method of claim 12, wherein providing the test description includes providing the test description that indicates a range of internet protocol (IP) addresses, and wherein running the virtual vulnerable service includes running the virtual vulnerable service associated with the mobile logic at the first host having an IP address in the range.

23. An article of manufacture comprising a computer-readable medium for storing computer instructions that enable a processor-based system to:
- provide a test description to a plurality of hosts;
  
  run a virtual vulnerable service associated with the mobile logic at a first host of the plurality of hosts based on the test description; and
  
  transmit one or more messages associated with the mobile logic at a port of the first host based on a control server of the first host.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The article of manufacture of claim 23, wherein the mobile logic is a worm.
  - 25. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
26. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
- stop a transmission of the one or more messages at the port of the first host in response to receiving a command at the control server from the first host or a host that provides the test description to the plurality of hosts;
  
  orstop the transmission of the one or more messages at the port of the first host in response to transmitting the one or more messages at the port of the first host for a predetermined amount of time.
27. The article of manufacture of claim 23, further including instructions that enable a processor-based system to receive information relating to an emulation of the mobile logic from the first host.
28. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
- limit a frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of packets per second;
  
  orlimit the frequency at which the one or more packets are transmitted at the port to be no greater than a threshold number of bytes per second.
29. The article of manufacture of claim 23, further including instructions that enable a processor-based system to:
- determine that the one or more messages are to be transmitted at the port in response to the port receiving one or more packets associated with the mobile logic;
  
  ordetermine that the one or more messages are to be transmitted at the port in response to the first host receiving a command from a host that provides the test description to the plurality of hosts.
30. The article of manufacture of claim 23, wherein the test description indicates a range of internet protocol (IP) addresses, and wherein the first host has an IP address in the range.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitre Corporation
Original Assignee
Mitre Corporation
Inventors
Ellis, Daniel R

Granted Patent

US 7,814,550 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/562   Static detection

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

SYSTEM AND METHOD TO EMULATE MOBILE LOGIC IN A COMMUNICATION SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO EMULATE MOBILE LOGIC IN A COMMUNICATION SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links