SYSTEM FOR AUTOMATIC DETECTION OF SPYWARE
First Claim
Patent Images
1. A method of detecting spyware on a computer comprising the steps of(a) in a computer having a known clean state, identifying a set of standard output packets generated by the computer in response to a given set of user inputs;
- (b) in a computer having an unknown state, monitoring output packets in response to the given set of user inputs to identify differences between the standard output packets and those output packets; and
(c) based on the differences, assess likelihood that the computer having an unknown state is infected with spyware.
4 Assignments
0 Petitions
Accused Products
Abstract
An automatic system for spyware detection and signature generation compares packets of output from a computer in response to standard user inputs, to packets of a standard output set derived from a known clean machine. Differences between these two packet sets are analyzed with respect to whether they relate to unknown web servers and whether they incorporate user-derived information. This analysis is used to provide an automatic detection of and signature generation for spyware infecting the machine.
37 Citations
24 Claims
-
1. A method of detecting spyware on a computer comprising the steps of
(a) in a computer having a known clean state, identifying a set of standard output packets generated by the computer in response to a given set of user inputs; -
(b) in a computer having an unknown state, monitoring output packets in response to the given set of user inputs to identify differences between the standard output packets and those output packets; and (c) based on the differences, assess likelihood that the computer having an unknown state is infected with spyware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method automatically generating signatures of spyware comprising the steps of:
-
(a) in a computer having a known clean state, identifying a set of standard output packets generated by the computer in response to a given set of user inputs; (b) in a computer having an unknown state, monitoring output packets in response to the given set of user inputs to identify differences between the standard output packets those output packets; and (c) extracting a signature based on the differences for use in a network monitor. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification