Patent · US Expired

Dynamic heuristic method for detecting computer viruses using decryption exploration and evaluation phases

US6357008B1 · kind B1 · utility

513Cited by

7References

31Claims

0Family size

Assignee

Symantec Corporation · US

Inventor

Carey Nachenberg · San Fernando, US

Key dates

Filing date	Sep 23, 1997
Grant date	Mar 12, 2002
Priority date	—
Expiry date	Sep 23, 2017

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method for detecting computer viruses comprising three phases: a decryption phase, an exploration phase, and an evaluation phase. A purpose of the decryption phase is to emulate a sufficient number of instructions to allow an encrypted virus to decrypt its viral body. A purpose of the exploration phase is to emulate at least once all sections of code within a region deemed likely to contain any virus present in the target program. A purpose of the evaluation phase is to analyze any suspicious behavior observed during the decryption and exploration phases to determine whether the target appears to be infected.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.