The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 14, 2010
Filed:
Apr. 30, 2007
Harish Mohanan, Hyderabad, IN;
Perraju Bendapudi, Hyderabad, IN;
Rajesh Jalan, Hyderabad, IN;
Srisatya Aravind Akella, Hyderabad, IN;
Harish Mohanan, Hyderabad, IN;
Perraju Bendapudi, Hyderabad, IN;
Rajesh Jalan, Hyderabad, IN;
SriSatya Aravind Akella, Hyderabad, IN;
Microsoft Corporation, Redmond, WA (US);
Abstract
Spyware programs are detected even if their binary code is modified by normalizing the available code and comparing to known spyware patterns. Upon normalizing the known spyware code patterns, a signature of the normalized code is generated. Similar normalization techniques are employed to reduce the executable binary code as well. A match between the normalized spyware signature and the patterns in the normalized executable code is analyzed to determine whether the executable code includes a known spyware. For pattern matching, Deterministic Finite Automata (DFA) is constructed for basic blocks and simulated on the basic blocks of target executable, hash codes are generated for instructions in target code and known spyware code and compared, register usages are replaced with common variables and compared, and finally Direct Acyclic Graphs (DAGs) of all blocks are constructed and compared to catch reordering of mutually independent instructions and renamed variables.