Invention Grant
US08474044B2 Attack-resistant verification of auto-generated anti-malware signatures
有权
自动生成的反恶意软件签名的防攻击验证
- Patent Title: Attack-resistant verification of auto-generated anti-malware signatures
- Patent Title (中): 自动生成的反恶意软件签名的防攻击验证
-
Application No.: US12348702Application Date: 2009-01-05
-
Publication No.: US08474044B2Publication Date: 2013-06-25
- Inventor: Andrew Zawadowskiy , Boris Ruchansky , Mikhail Cherepov
- Applicant: Andrew Zawadowskiy , Boris Ruchansky , Mikhail Cherepov
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc
- Current Assignee: Cisco Technology, Inc
- Current Assignee Address: US CA San Jose
- Agency: Patterson & Sheridan LLP
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F12/14 ; G06F12/16 ; G08B23/00

Abstract:
Techniques are disclosed for verifying whether payload signatures correspond to a vulnerability or exploit. Generally a security system may be configured to detect an attack on a server while the server is processing a payload. The security system generates (or obtains) a provisional signature corresponding to the vulnerability. For example, a provisional signature may be generated for a vulnerability from a group of payloads determined to correspond to that vulnerability. The effects of subsequent payloads which match the provisional signature may be monitored. If the effects of a payload duplicate the attack symptoms, a confidence metric for provisional signature may be increased. Once the confidence metric exceeds a predetermined threshold, then the provisional signature may be made active and used to block traffic from reaching an intended destination.
Public/Granted literature
- US20100175132A1 ATTACK-RESISTANT VERIFICATION OF AUTO-GENERATED ANTI-MALWARE SIGNATURES Public/Granted day:2010-07-08
Information query