Invention Grant
US08474044B2 Attack-resistant verification of auto-generated anti-malware signatures 有权
自动生成的反恶意软件签名的防攻击验证

Attack-resistant verification of auto-generated anti-malware signatures
Abstract:
Techniques are disclosed for verifying whether payload signatures correspond to a vulnerability or exploit. Generally a security system may be configured to detect an attack on a server while the server is processing a payload. The security system generates (or obtains) a provisional signature corresponding to the vulnerability. For example, a provisional signature may be generated for a vulnerability from a group of payloads determined to correspond to that vulnerability. The effects of subsequent payloads which match the provisional signature may be monitored. If the effects of a payload duplicate the attack symptoms, a confidence metric for provisional signature may be increased. Once the confidence metric exceeds a predetermined threshold, then the provisional signature may be made active and used to block traffic from reaching an intended destination.
Information query
Patent Agency Ranking
0/0