Method of detecting malicious code

Assignee

• Marconi UK Intellectual Property Ltd. · GB

Inventors

• Stuart Wray · Broadstone, GB
• Icarus Sparry · San Jose, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/56
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Malicious code in a code-executing device is detected by generating test data, which is substantially unsusceptible to compression without reducing its information content, and storing it as image data in memory external to the device. The test data is stored into memory of the device. A checksum calculation is performed on the test data stored in the memory of the device to generate a first checksum value. A corresponding checksum calculation is performed on the image data to generate a second checksum value. The first value is compared with the second value to determine whether or not the test data in the memory of the device has been corrupted. These steps are repeated until sufficient test data in the memory of the device is checksum tested to determine whether or not malicious code is present in the device. The malicious code is difficult to conceal itself from the checksums. Hence, it is possible to determine whether or not the device has been compromised.