Fuzzy scanning system and method
First Claim
Patent Images
1. A method comprising:
- randomly selecting at least one string of a virus definition file used by a scanner to locate known viruses, said virus definition file comprising;
a set of strings of said known viruses, said set of strings comprising said at least one string; and
a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings;
randomly mutating properties of said at least one string to create a mutated virus definition file; and
determining whether malicious code is detected using said mutated virus definition file.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes randomly mutating a virus definition file on a first host computer system to create a first mutated virus definition file, and randomly mutating the virus definition file on a second host computer system to create a second mutated virus definition file, the second mutated virus definition file being different than the first mutated virus definition file. Because of the differences between the first and second mutated virus definition files, a new unknown virus variant undetected on the first host computer system is detected and collected on the second host computer system thus preventing the unknown virus variant from becoming widespread.
27 Citations
27 Claims
-
1. A method comprising:
-
randomly selecting at least one string of a virus definition file used by a scanner to locate known viruses, said virus definition file comprising; a set of strings of said known viruses, said set of strings comprising said at least one string; and a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings; randomly mutating properties of said at least one string to create a mutated virus definition file; and determining whether malicious code is detected using said mutated virus definition file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
randomly mutating a virus definition file on a first host computer system to create a first mutated virus definition file, said virus definition file used by a scanner on said first host computer system to locate known viruses, said virus definition file comprising; a set of strings of said known viruses; and a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings; randomly mutating said virus definition file on a second host computer system to create a second mutated virus definition file, said second mutated virus definition file being different than said first mutated virus definition file; and wherein said scanner on said first host computer system using said first mutated virus definition file and a scanner on said second host computer system using said second mutated virus definition file are used to detect malicious code. - View Dependent Claims (18)
-
-
19. A computer system comprising:
-
a means for randomly selecting at least one string of a virus definition file used by a scanner to locate known viruses, said virus definition file comprising; a set of strings of said known viruses, said set of strings comprising said at least one string; and a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings; a means for randomly mutating properties of said at least one string to create a mutated virus definition file; and a means for determining whether malicious code is detected using said mutated virus definition file.
-
-
20. A method comprising:
-
randomly selecting strings of a virus definition file used by a scanner to locate known viruses, said strings comprising a first string, said virus definition file comprising; a set of strings of said known viruses, said set of strings comprising said first string; and a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings; and randomly mutating properties of said strings to create a mutated virus definition file, said randomly mutating comprising; selecting said first string; mutating properties of said first string; and determining whether said first string is a last string of said strings; and determining whether malicious code is detected using said mutated virus definition file. - View Dependent Claims (21, 22, 23)
-
-
24. A computer-program product comprising a computer readable medium containing computer code comprising:
-
a fuzzy scanning application for randomly selecting at least one string of a virus definition file used by a scanner to locate known viruses, said virus definition file comprising; a set of strings of said known viruses, said set of strings comprising said at least one string; and a set of properties associated with said set of strings of said known viruses, said properties defining known virus variants of said known viruses, said properties comprising a number of mismatches and skips allowed in said strings; said fuzzy scanning application further for randomly mutating properties of said at least one string to create a mutated virus definition file; and said fuzzy scanning application further for determining whether malicious code is detected using said mutated virus definition file. - View Dependent Claims (25, 26, 27)
-
Specification