Detecting malicious alteration of stored computer files
US7043634B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 15, 2001 |
| Grant date | May 9, 2006 |
| Priority date | — |
| Expiry date | Aug 30, 2023 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/565
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
When a file is created on a computer, an archive copy of that file is also created and separately stored. Upon a subsequent access to the active copy of that file, a comparison between the active copy and the full archived copy is made to detect any changes. If there are not any changes, then the active copy of the file is assumed to be clean from malicious alteration and the access request is permitted. If an alteration has been made and is detected, then further countermeasures are triggered, such as full virus scanning of that file or blocking of its use. This archiving and comparison technique may be selectively applied to a subset of file types, such as executable files and dynamic link libraries, which are known to be infrequently modified during normal user operations.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.