335 results about "Data-flow analysis" patented technology

Disclosed is a method and apparatus for detecting exploit code in network flows. Network data packets are intercepted by a flow monitor which generates data flows from the intercepted data packets. A content filter filters out legitimate programs from the data flows, and the unfiltered portions are provided to a code recognizer which detects executable code. Any embedded executable code in the unfiltered data flow portions is identified as a suspected exploit in the network flow. The executable code recognizer recognizes executable code by performing convergent binary disassembly on the unfiltered portions of the data flows. The executable code recognizer then constructs a control flow graph and performs control flow analysis, data flow analysis, and constraint enforcement in order to detect executable code. In addition to identifying detected executable code as a potential exploit, the detected executable code may then be used in order to generate a signature of the potential exploit, for use by other systems in detecting the exploit.

The present invention relates to a methodology for the conversion of unstructured, free text data (contained within medical reports) into standardized, structured data, and also relates to a decision support feature for use in diagnosis and treatment options.

A system, computer program product, and method provide for reason driven data analysis in a web-based system that is configurable to various types of data and environments. The computer program product provides for navigation of a report tree of reports that are hierarchically organized with respect to reasons derived from an analysis of transactional data in a database. A frame based interface provides for easy and flexible navigation and configuration of the reports and other features. A configuration file is used to rapidly develop and customize the web-based system. Case management functionality is included to allow for management of cases being reviewed using the system.

A system and method for detecting the mutability of fields and classes in an arbitrary program component written in an object oriented programming language is disclosed. A variable is considered to be mutable if a new value is stored into it, as well as if any of its reachable variables are mutable. The system and method uses a static analysis algorithm which can be applied to any software component rather than whole programs. The analysis classifies fields and classes as either mutable or immutable. In order to facilitate open-world analysis, the algorithm identifies situations that expose variables to potential modification by code outside the component, as well as situations where variables are modified by the analyzed code. An implementation of the analysis is presented which focuses on detecting mutability of class variables, so as to avoid isolation problems. The implementation incorporates intra- and inter-procedural data-flow analyses and is shown to be highly scalable. Experimental results demonstrate the effectiveness of the algorithms.

Methods and apparatus for analyzing financial data generally includes a predictive modeling system. The predictive modeling system may include an artificial agent responsive to an input data set. The artificial agent may produce an estimated data set including a market conditions data set. The market conditions data may include an estimate of at least one of liquidity of a market, strategy of a counterparty, and an effect of information leakage. The artificial agent may determine a predictability value for the estimated data set. The predictive modeling system may also include an agent factory responsive to the input data set. The agent factory may generate an artificial agent in response to the input data set.

An analysis scheduler for scheduling the automatic processing of performance data through a plurality of analysis tools is disclosed. Performance data provided to some of the tools by the analysis scheduler may be specified to be within a predetermined (but variable) look-back period. The analysis tools identify faults and anomalous conditions and also create repair recommendations, and automatically create problem cases when conditions warrant, or update existing problem cases with additional data, all under control of the analysis scheduler. The problem cases are reviewed by a human user and then forwarded to the railroad for implementation.

The invention provides a traffic flow surveying and handling method based on an unmanned aerial vehicle high-definition video. The method comprises the steps of video capture, wherein an unmanned aerial vehicle is made to hover over a selected urban road intersection for high-definition video shooting; image stabilization and pre-processing, wherein the high-definition video is copied, stabilization and pre-processing are carried out on images, and then an image sequence is output; detection and tracking, wherein detection and tracking are carried out on moving objects with the image sequence treated with image stabilization as source data; analysis and statistics, wherein traffic flow analysis and statistics are carried out on a target ID which is tracked down and the current coordinates of motion; output, wherein traffic flow statistical data are transmitted to a client-side graphical interface for display, and then data and statements are generated. The traffic flow surveying and handling method based on the unmanned aerial vehicle high-definition video is capable of obtaining various high-accuracy traffic data, reducing the workload of field survey remarkably, preventing the traffic from being affected, obtaining statistic data of all traffic flows in twelve directions of the intersection, and providing data support for congestion control such as intersection signal timing optimization and traffic channeling improvement.

A method and apparatus for detecting polymorphic viral code in a computer program is provided. The apparatus comprises an emulator, an operational code analyzer and an heuristic analyzer. The emulator emulates a selected number of instructions of the computer program. The operational code analyzer collects and stores information corresponding to operands and operators used in the instructions and the state of registers/flags after each emulated instruction execution. The heuristic analyzer determines a probability that the computer program contains viral code based on an heuristic analysis of register/flag state information supplied by the operational code analyzer.

A method and apparatus are provided for analyzing software programs. The invention combines data flow analysis and symbolic execution with a new constraint solver to create a more efficient and accurate static software analysis tool. The disclosed constraint solver combines rewrite rules with arithmetic constraint solving to provide a constraint solver that is efficient, flexible and capable of satisfactorily expressing semantics and handling arithmetic constraints. The disclosed constraint solver comprises a number of data structures to remember existing range, equivalence and inequality constraints and incrementally add new constraints. The constraint solver returns an inconsistent indication only if the range constraints, equivalence constraints, and inequality constraints are mutually inconsistent.

Methods and systems for creation, processing, and use of compound features during data analysis and feature recognition are disclosed herein. In a preferred embodiment, the present invention functions to apply a new level of data discrimination during data analysis and feature recognition events such that features are more easily discerned from the remainder of the data pool using processing techniques that are more conducive to human visualizations, perceptions, and/or interpretations of data. This is accomplished using an example tool that allows previously processed and identified features (hereafter “known features”) to be aggregated so as to aid the system in recognizing abstract data features, preferably using Boolean operators and user-assigned hit weight values across desired cluster ranges surrounding analyzed data elements.

The invention discloses a static taint analysis and symbolic execution-based Android application vulnerability discovery method, and mainly aims at solving the problems that the analysis range is fixed, the memory consumption is huge and the analysis result is mistakenly reported in the process of discovering vulnerabilities by using the existing static taint analysis method. The method is realized through the following steps of: 1) configuring an analysis target and decompiling a program source code; 2) carrying out control flow analysis on the decompilation result; 3) selecting a source function by a user according to the control flow analysis result, so as to narrow an analysis target; 4) carrying out data flow analysis according to the control flow analysis result, so as to generate a vulnerability path; and 5) filtering the data flow analysis result by adoption of a static symbolic execution technology, taking the residual parts after the filtration as discovered vulnerabilities, warning the user and printing the vulnerability path. On the basis of the existing static taint analysis technology, the method disclosed by the invention has the advantages of extending the vulnerability discovery range, decreasing the memory consumption of vulnerability discovery and improving the accuracy of vulnerability discovery results, and can be applied to the discovery and research of Android application program vulnerabilities.

A method and apparatus for datastream analysis and blocking. According to one embodiment of the invention, a network access device, analyzes (without proxying) each of a stream of packets traversing a single connection through the network access device from an external host to a protected host. In addition, the network access device forwards each allowed packet of the stream of packets as long as the connection is active. However, if one of the stream of packets is determined to be disallowed as a result of the analyzing, then the network access device discards the disallowed packet and terminates the connection, causing the protected host to discard those packets received on the terminated connection.

The invention discloses a realization method for the parallelization of the single-threading program based on the analysis of data flow. In the invention, by analyzing the data dependence among the instructions in the single-thread program, the single-threading program is transformed to a multi-threading program, the dependence among the instructions in the single-thread program includes a data dependence and a control dependence, wherein the control dependence is a dependence for the control condition value and a special data dependence. In the process of thread analyzing, the invention can take regard of the balance of the thread communication expense and the thread after analyzing. The invention has the advantage that the different parts of the single-threading program are executed in parallel, thus reducing the program executing time and improving the program executing efficiency. The method for the parallelization of the single-threading program is in particular suitable for the current multi-core structure.

A system and method for dataflow analysis includes inputting a concurrent program comprised of threads communicating via synchronization primitives and shared variables. Synchronization constraints imposed by the primitives are captured as an intersection problem for bounded languages. A transaction graph is constructed to perform dataflow analysis. The concurrent program is updated in accordance with the dataflow analysis.

A compiler implemented software cache apparatus and method in which non-aliased explicitly fetched data are excluded are provided. With the mechanisms of the illustrative embodiments, a compiler uses a forward data flow analysis to prove that there is no alias between the cached data and explicitly fetched data. Explicitly fetched data that has no alias in the cached data are excluded from the software cache. Explicitly fetched data that has aliases in the cached data are allowed to be stored in the software cache. In this way, there is no runtime overhead to maintain the correctness of the two copies of data. Moreover, the number of lines of the software cache that must be protected from eviction is decreased. This leads to a decrease in the amount of computation cycles required by the cache miss handler when evicting cache lines during cache miss handling.

Systems and methods perform super-region instruction scheduling that increases the instruction level parallelism for computer programs. A compiler performs data flow analysis and memory interference analysis on the code to determine data dependencies between entities such as registers and memory locations. A region tree is constructed, where the region tree contains a single entry block and a single exit block, with potential intervening blocks representing different control flows through the region. Instructions within blocks are moved to predecessor blocks when there are no dependencies on the instruction to be moved, and when the move results in greater opportunity for instruction level parallelism. Redundant instructions from multiple paths can be merged into a single instruction during the process of scheduling. In addition, if a dependency can be removed the method transforms the instruction into an instruction that can be moved to a block having available resources.

A computer-implemented method, computer program product and computing system for defining a model that includes a plurality of variables. At least one variable of the plurality of variables is conditioned based, at least in part, upon a conditioning command received from a user, thus defining a conditioned variable. The model is inferenced based, at least in part, upon the conditioned variable.

A code, which may be a post-link binary or a pre-link object file, can be transformed to optimize code fragments that implement loading a constant from memory. A constant loading code fragment includes address computing operations that compute (or copy) an address representation of a constant for consumption by a memory access operation, and the memory access operation that loads the constant. Information from control flow analysis, data flow analysis, and binary structure/configuration analysis are examined to identify code fragments of a code that implement constant loading. A tool transforms the code to convert the identified code fragments. To optimize, the tool may convert operations, eliminate operations, convert indirect calls to direct calls, inline functions called indirectly, eliminate unused constant data, modify relocations, etc. This optimization can also be applied recursively. The same tool or another tool can subsequently analyze the transformed code one more times to identify additional opportunities for optimizations revealed by the transformation or to apply the transformation for a different profile of the application.

A XLANG/s compilation method is provided that uses data flow analysis of a program's flow graph to determine lifetimes of a data object. A flowgraph is created according to abstract computer instructions. A depth-first order is assigned to basic blocks and a dominance relationship between the basic blocks is determined. A determination is made as to whether any loops are present within the flowgraph and, if so, the loops are identified. A creation point, destruction point and lock point for the data object is determined. Instructions are inserted into the computer code to create the at least one data object at the creation point, to destroy the data object at the destruction point and to lock the data object at the lock point.

Malware feature extraction derives semantic summaries of executable malware using global, inter-procedural program analysis techniques. A combination of global, inter-procedural program analysis techniques constructs semantic summaries of malware which automatically detect and discard any noise introduced by transformations and capture the essence of the underlying computations in a succinct form. This is achieved in two ways. First, global control flow analysis techniques are used to derive a high level representation of malware code that, for instance, removes the effects of subroutine calls. Second, global data flow analysis techniques are employed to detect and remove all spurious elements of malware that do not contribute towards its underlying computation, thereby preventing the resulting summaries from being “corrupted” with unnecessary, extraneous elements.

This disclosure provides for a signal flow analysis-based exploration of security knowledge represented in a graph structure comprising nodes and edges. “Conductance” values are associated to each of a set of edges. Each node has an associated “toxicity” value representing a degree of maliciousness associated with the node. The conductance value associated with an edge is a function of at least the toxicity values of the nodes to which the edge is incident. A signal flow analysis is conducted with respect to an input node representing an observable associated with an offense. The flow analysis seeks to identify a subset of the nodes that, based on their conductance values, are reached by flow of a signal representing a threat, wherein signal flow over a path in the graph continues until a signal threshold is met. Based on the analysis, nodes within the subset are designated as hypothesis nodes for further examination.