Malware Patent Application
I recently came across this patent from Network Associates by Igor Muttik. Here's the abstract:
"One embodiment of the present invention provides a system for determining whether software is likely to exhibit malicious behavior by analyzing patterns of system calls made during emulation of the software. The system operates by emulating the software within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the software. During the emulation process, the system records a pattern of system calls directed to an operating system of the computer system. The system compares the pattern of system calls against a database containing suspect patterns of system calls. Based upon this comparison, the system determines whether the software is likely to exhibit malicious behavior. In one embodiment of the present invention, if the software is determined to be likely to exhibit malicious behavior, the system reports this fact to a user of the computer system. In one embodiment of the present invention, the process of comparing the pattern of system calls is performed on-the-fly as the emulation generates system calls."
Reading through the claims it appears that they have patented much of what was the state of the art of academic research in the early 2000's. I'm shocked with how loosely the patent is written. Comparing system calls might have been novel at the time, but the real magic is finding a matching algorithm for them. That algorithm, I would think, would be the real patentable material. Then again that's why I'm not a patent lawyer.