"Instead of determining whether suspicious code matches known viruses, Columbia's researchers developed a solution to this drawback by evaluating whether the suspicious code performed anomalously. Specifically, an emulator would execute suspicious code, and the function calls made during that emulation would be compared against a model of how those function calls were expected to behave; any sequence of anomalous function calls would be an early indication of previously-unidentified viruses."
"But the key to Columbia's innovation was a "combined model," which was built from data gathered across many computers simultaneously. Instead of requiring a single machine to run and observe a program for days or weeks before developing a behavioral baseline, the system would instead use thousands of interconnected computers to perform the observation function simultaneously. This yielded a faster, more robust model that was difficult for sophisticated attackers to undermine through mimicry attacks."
Columbia University developed an innovative anomaly-detection system for identifying previously-unknown viruses by analyzing suspicious code behavior rather than matching known signatures. The system used a "combined model" built from data collected across thousands of interconnected computers simultaneously, enabling faster and more robust virus detection than traditional single-machine approaches. This distributed computing method prevented attackers from fooling standardized models through mimicry attacks. After over a decade of litigation, multiple successful appeals, and IPR proceedings, Columbia won a $185 million jury verdict against cybersecurity company Gen Digital. However, a recent Federal Circuit opinion reversed this decision, addressing subject matter eligibility under Section 101 and damages issues with implications extending beyond this specific case.
#patent-litigation #subject-matter-eligibility #cybersecurity-technology #federal-circuit #anomaly-detection
Read at Global IP & Technology Law Blog
Unable to calculate read time
Collection
[
|
...
]