Patent · US Expired

Method and apparatus for replicating and analyzing worm programs

US6981279B1 · kind B1 · utility

358Cited by

8References

46Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

William C. Arnold · Mahopac, US
David M. Chess · Potsdam, US
John Morar · Mahopac, US
Alla Segal · Mount Kisco, US
Morton Gregory Swimmer · Chappaqua, US
Ian N. Whalley · Pawling, US
Steve R. White · New York, US

Key dates

Filing date	Aug 17, 2000
Grant date	Dec 27, 2005
Priority date	—
Expiry date	Nov 2, 2022

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system and a method are disclosed for dynamically analyzing software, some of whose potentially-important behaviors (such as worm-like behavior) may only be displayed when the software is executed in an environment where it has, or appears to have, access to a production network and/or to the global Internet. The software can be executed in a real or an emulated network environment that includes a monitoring component and an emulation component. The monitoring component serves to capture and/or record the behaviors displayed by the software and/or other components of the system, and the emulation component gives the software being analyzed the impression that it is executing with access to a production network and/or to the global Internet. The software being analyzed is effectively confined to the analysis network environment, and cannot in fact read information from, or alter any information on, any production network or the global Internet.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.