Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Behavior specification, finding main, and call graph visualizations

Inactive Publication Date: 2016-02-11
UT BATTELLE LLC
View PDF11 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

This patent describes a system that can identify and analyze the behavior of software programs without needing to fully decompile them. This is done by using a knowledge base that stores information about program behavior in a structured form. The system can detect malicious software by identifying patterns in external function call behavior. The system includes a hierarchical structure of behavior specification units that abstract program behavior as compositions or sets of lower-level behaviors. The technical effect of this patent is that it provides a more efficient and accurate way to identify and analyze malicious software.

Problems solved by technology

However, most source code is complex, making it difficult to track, identify errors, detect vulnerabilities, or detect malware.
Current design and coding methods are vulnerable to malicious software that attempts to disable or damage computer programs or the computers themselves.
Unfortunately, functional testing alone is incapable of catching many types of errors and vulnerabilities.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Behavior specification, finding main, and call graph visualizations
  • Behavior specification, finding main, and call graph visualizations
  • Behavior specification, finding main, and call graph visualizations

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028]This disclosure describes a novel compiler agnostic system that automatically identifies where the functionality of a program (that may include application software, operating system software, and / or software libraries / tools) begins and ends, and detects malicious software by analyzing program behavior. Operating system software manages computer hardware and software resources and provides common services for computer programs. Application software (an application) is a set of computer programs designed to permit the user to perform a group of coordinated functions, tasks, or activities. Application software cannot run on itself but is dependent on system or operating software to execute.

[0029]The novel compiler agnostic system recognizes specific classes of program behavior without decompiling the machine language into its original source code. The system recognizes specific program behaviors by identifying patterns in external function call behavior. The system includes reco...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.

Description

RELATED APPLICATION[0001]This application claims the benefit of priority of U.S. Provisional Pat. App. No. 62 / 034,410 filed Aug. 7, 2014 and titled “Behavior Specification and Finding Main,” which is incorporated by reference.STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH AND DEVELOPMENT[0002]This invention was made with United States government support under Contract No. DE-ACO5-00OR22725 awarded by the United States Department of Energy. The United States government has certain rights in the invention.BACKGROUND[0003]1. Technical Field[0004]This disclosure relates to systems that monitor program behavior and specifically to systems that identify patterns in external function calls, systems that find the starting execution point of a compiled program, and an interactive user interface that differentiates software call functions.[0005]2. Related Art[0006]Software controls many aspects of systems used in our daily life. However, most source code is complex, making it difficult to t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor SAYRE, KIRK D.WILLEMS, RICHARD A.LINDBERG, STEPHEN LANSE
Owner UT BATTELLE LLC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com