1
Tzi cker Chiueh, Fanglu Guo: Automated unpacking of executables packed by multiple layers of arbitrary packers. Symantec Corporation, Fenwick & West, August 9, 2011: US07996904 (94 worldwide citation)

The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, an ...


2
Fanglu Guo, Tzi cker Chiueh: Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code. Symantec Corporation, Fenwick & West, August 13, 2013: US08510828 (88 worldwide citation)

To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or wri ...


3
Tzi cker Chiueh, Matthew Conover: Insertion and invocation of virtual appliance agents through exception handling regions of virtual machines. Symantec Corporation, Advantedge Law Group, July 17, 2012: US08225317 (32 worldwide citation)

A method for inserting an agent of a virtual appliance into a virtual machine. The method may include inserting, into an exception handler memory location of a virtual machine, one or more computer-executable instructions configured to facilitate transfer of control from the virtual machine to an ag ...


4
Bruce Montague, Sanjay Sawhney, Matthew Conover, Tzi cker Chiueh: Security driver for hypervisors and operating systems of virtualized datacenters. Symantec Corporation, Rory D Rankin, Meyertons Hood Kivlin Kowert & Goetzel P C, February 26, 2013: US08387046 (31 worldwide citation)

A system and method for efficient security protocols in a virtualized datacenter environment are contemplated. In one embodiment, a system is provided comprising a hypervisor coupled to one or more protected virtual machines (VMs) and a security VM. Within a private communication channel, a split ke ...


5
Tzi cker Chiueh: System and method for IP handoff. Research Foundation of the State University of New York, F Chau & Associates, July 17, 2007: US07245917 (25 worldwide citation)

A seamless vertical handoff method allows the network applications and connections on a mobile node to continue without disruption as it moves within a wireless overlay network that comprises multiple possibly overlapping layers of wireless networks (e.g., a WLAN and a WWAN) with different underlyin ...


6
Kent Griffin, Tzi cker Chiueh, Scott Schneider: Systems and methods for byte-level context diversity-based automatic malware signature generation. Symantec Corporation, Advantedge Law Group, October 16, 2012: US08291497 (15 worldwide citation)

A computer-implemented method for facilitating automatic malware signature generation may comprise providing a byte sequence marked for possible inclusion within one or more malware signatures, determining a context diversity of the byte sequence within malware files each containing the byte sequenc ...


7
Tzi cker Chiueh, Kent E Griffin, Scott Schneider, Xin Hu: Selecting malware signatures based on malware diversity. Symantec Corporation, Fenwick & West, November 27, 2012: US08321942 (14 worldwide citation)

A candidate signature for a known malware entity is selected for analysis. A set of malware entities that contain the candidate signature is identified. A diversity measurement for the candidate signature is determined. The diversity measurement describes the diversity of the set of malware entities ...


8
Kent E Griffin, Tzi cker Chiueh, Scott Schneider, Xin Hu: Selecting malware signatures to reduce false-positive detections. Symantec Corporation, Fenwick & West, August 7, 2012: US08239948 (12 worldwide citation)

A set of candidate signatures for a malicious software (malware) is generated. The candidate signatures in the set are scored based on features that indicate the signatures are more unique and thus less likely to generically occur non-malicious programs. A malware signature for the malware entity is ...


9
Fanglu Guo, Tzi Cker Chiueh: Tracking memory mapping to prevent packers from evading the scanning of dynamically created code. Symantec Corporation, Fenwick & West, January 24, 2012: US08104089 (11 worldwide citation)

To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or wri ...


10
Pratyusa Manadhata, Tzi cker Chiueh: Method and apparatus for automatically optimizing a startup sequence to improve system boot time. Symantec Corporation, Wilmer Cutler Pickering Hale and Dorr, February 5, 2013: US08370613 (10 worldwide citation)

A method and apparatus for optimizing a startup sequence to improve system boot time is described. In one embodiment, a method for configuring a startup sequence stored in memory, using one or more processors, to improve system boot time including accessing necessity indicia associated with a plural ...