Processing

Please wait...

Settings

Settings

Goto Application

1. US20030159090 - Method of detecting malicious code

Office
United States of America
Application Number 10312303
Application Date 02.07.2001
Publication Number 20030159090
Publication Date 21.08.2003
Grant Number 7131036
Grant Date 31.10.2006
Publication Kind B2
IPC
G06F 11/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
G06F 11/10
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
11Error detection; Error correction; Monitoring
07Responding to the occurrence of a fault, e.g. fault tolerance
08Error detection or correction by redundancy in data representation, e.g. by using checking codes
10Adding special bits or symbols to the coded information, e.g. parity check, casting out nines or elevens
G06F 1/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
1Details not covered by groups G06F3/-G06F13/82
G06F 12/14
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
12Accessing, addressing or allocating within memory systems or architectures
14Protection against unauthorised use of memory
G06F 21/00
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/22
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
22by restricting access to, or manipulation of, programmes or processes
CPC
G06F 21/56
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
Applicants Marconi UK Intellectual Property Ltd.
Inventors Wray Stuart C
Sparry Icarus W. J.
Agents Kirschstein, et al.
Priority Data 0016273 01.07.2000 GB
Title
(EN) Method of detecting malicious code
Abstract
(EN)

Malicious code in a code-executing device is detected by generating test data, which is substantially unsusceptible to compression without reducing its information content, and storing it as image data in memory external to the device. The test data is stored into memory of the device. A checksum calculation is performed on the test data stored in the memory of the device to generate a first checksum value. A corresponding checksum calculation is performed on the image data to generate a second checksum value. The first value is compared with the second value to determine whether or not the test data in the memory of the device has been corrupted. These steps are repeated until sufficient test data in the memory of the device is checksum tested to determine whether or not malicious code is present in the device. The malicious code is difficult to conceal itself from the checksums. Hence, it is possible to determine whether or not the device has been compromised.