Functional patching/hooking detection and prevention
First Claim
Patent Images
1. A method for preventing malicious attacks on software using a patching method, comprising the steps of:
- a) providing a database of legitimate and known patches, which database contains characteristic code paths of said legitimate patches;
b) detecting whether a first inspected patch is malicious by inspecting one or more characteristic code paths of said first inspected patch and matching said one or more characteristic code paths of said first inspected patch against said database of legitimate and known patches;
c) if a mismatch is found, determining whether said first inspected patch is a malicious patch and performing an activity needed to prevent said malicious patch from performing undesired activities by correcting or removing said malicious patch;
d) obtaining information from said database regarding where to search for a next inspected patch; and
e) repeating steps a) to d) until no match is found in said database.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for preventing malicious attacks on software, using the patching method, includes providing a database of legitimate and known patches, the database contains characteristic code paths of said legitimate patches. The method also includes detecting whether a patch is malicious by inspecting one or more characteristic paths of the patch and matching one or more code paths against the database of legitimate and known patches. An activity needed to prevent the malicious patch from performing undesired activities is then performed.
6 Citations
10 Claims
-
1. A method for preventing malicious attacks on software using a patching method, comprising the steps of:
-
a) providing a database of legitimate and known patches, which database contains characteristic code paths of said legitimate patches; b) detecting whether a first inspected patch is malicious by inspecting one or more characteristic code paths of said first inspected patch and matching said one or more characteristic code paths of said first inspected patch against said database of legitimate and known patches; c) if a mismatch is found, determining whether said first inspected patch is a malicious patch and performing an activity needed to prevent said malicious patch from performing undesired activities by correcting or removing said malicious patch; d) obtaining information from said database regarding where to search for a next inspected patch; and e) repeating steps a) to d) until no match is found in said database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeTrusteer Incorporated (International Business Machines Corporation)
-
InventorsKlein, Amit, Izmerly, Oleg, Regev, Shmuel, Ben-Haim, Eldan
-
Primary Examiner(s)Lipman, Jacob
-
Application NumberUS12/537,893Publication NumberTime in Patent Office1,096 DaysField of Search726/22US Class Current726/22CPC Class CodesG06F 21/554 involving event detection a...G06F 21/566 Dynamic detection, i.e. det...G06F 21/57 Certifying or maintaining t...G06F 9/328 for runtime instruction pat...
