Invention Grant
US07900258B2 Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
有权
用于检测在虚拟机内执行的P代码或部分编译的本地代码程序中的不需要的代码的计算机免疫系统和方法
- Patent Title: Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
- Patent Title (中): 用于检测在虚拟机内执行的P代码或部分编译的本地代码程序中的不需要的代码的计算机免疫系统和方法
-
Application No.: US12072295Application Date: 2008-02-25
-
Publication No.: US07900258B2Publication Date: 2011-03-01
- Inventor: Peter A. J. van der Made
- Applicant: Peter A. J. van der Made
- Applicant Address: US NY Armonk
- Assignee: International Business Machines Corporation
- Current Assignee: International Business Machines Corporation
- Current Assignee Address: US NY Armonk
- Agency: King & Spalding LLC
- Agent Arthur J. Samodovitz
- Main IPC: G06F11/00
- IPC: G06F11/00
Abstract:
An automated analysis system identifies the presence of malicious P-code or N-code programs in a manner that limits the possibility of the malicious code infecting a target computer. The target computer system initializes an analytical virtual P-code engine (AVPE). As initialized, the AVPE comprises software simulating the functionality of a P-code or intermediate language engine as well as machine language facilities simulating the P-code library routines that allow the execution of N-code programs. The AVPE executes a target program so that the target program does not interact with the target computer. The AVPE analyzes the behavior of the target program to identify occurrence of malicious code behavior and to indicate in a behavior pattern the occurrence of malicious code behavior. The AVPE is terminated at the end of the analysis process, thereby removing from the computer system the copy of the target program that was contained within the AVPE.
Public/Granted literature
Information query
