公开(公告)号：WO2004010269A2

公开(公告)日：2004-01-29

申请号：PCT/GB0303112

申请日：2003-07-17

Applicant: IBM ,  IBM UK

Inventor： ARNOLD WILLIAM CARLISLE ,  CHESS DAVID MICHAEL ,  MORAR JOHN FREDERICK ,  SEGAL ALLA ,  WHALLEY IAN NICHOLAS ,  WHITE STEVE RICHARD

IPC: G06F21/22 ,  G06F21/00 ,  G06F1/00

CPC classification number: G06F21/51

Abstract: A method and system for the automatic determination of the behavioural profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behaviour of the program in the non-network environment. A logged record of the observed behaviour is analyzed to determine if the behaviour is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract translation: 用于自动确定怀疑具有蠕虫状特征的程序的行为概况的方法和系统包括分析程序所需的数据处理系统资源，并且如果所需资源不表示该程序具有蠕虫状特征， 在受控的非网络环境中运行程序，同时监视和记录对系统资源的访问以确定程序在非网络环境中的行为。 分析观察到的行为的记录以确定行为是否表示程序具有蠕虫状特征。 非网络环境可以模拟网络到程序的外观，而不模拟网络的操作。

公开(公告)号：AT353452T

公开(公告)日：2007-02-15

申请号：AT03738350

申请日：2003-07-17

Applicant: IBM

Inventor： ARNOLD WILLIAM CARLISLE ,  CHESS DAVID MICHAEL ,  MORAR JOHN FREDERICK ,  SEGAL ALLA ,  WHALLEY IAN NICHOLAS ,  WHITE STEVE RICHARD

IPC: G06F21/22 ,  G06F21/00 ,  G06F1/00

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

公开(公告)号：AU2003244875A1

公开(公告)日：2004-02-09

申请号：AU2003244875

申请日：2003-07-17

Applicant: IBM

Inventor： ARNOLD WILLIAM CARLISLE ,  CHESS DAVID MICHAEL ,  MORAR JOHN FREDERICK ,  SEGAL ALLA ,  WHALLEY IAN NICHOLAS ,  WHITE STEVE RICHARD

IPC: G06F21/22 ,  G06F21/00 ,  G06F1/00

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.