Abstract: Representative is a computer-implemented method of detecting a buffer overflow condition. In accordance with the method, a destination address for a computer process' desired right operation is received and a determination is made as to whether the destination address is within an illegitimate writable memory segment within the process' virtual address space (VAS). If so, the process is preferably alerted of the potential buffer overflow condition. A determination may also be made as to whether the destination address is legitimate, in which case the process may be informed of the memory segment which corresponds to the destination address.

Abstract: Methods are provided for categorizing input data into a selected data type category. Exemplary embodiments are directed to the categorization of binary input data, for example random input data, as either compressed or encrypted based on statistical analysis. To this end, at least a portion of the input data is analyzed to derive a statistical test result for the portion that is indicative of a degree of randomness of the data. The data is then categorized as either compressed or encrypted based on the statistical test result.

Abstract: An approach is described for the compression of input data, and particularly one which is suited for providing a lossless method for compressing random input data. Both a compression algorithm is described, as well as a decompression algorithm for restoring the original uncompressed data. The decompression algorithm allows for its parameters to be adjusted to suit one's needs as they relate, for example, to the ratio of compression as a function of the decompression speed.

Abstract: A method, computer readable medium and system for determining whether a data stream is in cyphertext format statistically analyzes the data stream to compute a resultant value indicative of a level of uniformity for a frequency distribution of the data stream's byte values. When applied to one or more files an average byte value may be computed for the data stream and a chi-square statistical analysis of the data bytes performed, with the resultant value computed based on the chi-square value. The resultant is then compared to a pre-determined threshold value to determine whether the file has been encrypted. The computer-readable medium has executable instructions for reading the data stream portions of files to compute a resultant value for each file and control an output device to display appropriate output. The encryption detection system comprises a storage device, an output device and a processor programmed in accordance with the foregoing.

Abstract: Representative is a computer-implemented method of detecting a buffer overflow condition. In accordance with the method, a destination address for a computer process' desired right operation is received and a determination is made as to whether the destination address is within an illegitimate writable memory segment within the process' virtual address space (VAS). If so, the process is preferably alerted of the potential buffer overflow condition. A determination may also be made as to whether the destination address is legitimate, in which case the process may be informed of the memory segment which corresponds to the destination address.

Abstract: A computerized method, computer-readable medium and a monitoring system are each provided for determining whether a selected computer system is a candidate relay node used to route network traffic from an origin to a destination computer system. Particularly suited for identifying relay sites used by an attacker during a relay attack, the invention in its various forms provides for monitoring inbound and outbound network traffic associated with a computer system of interest to determine if there is a recurring correlation therebetween which indicates that the system is used to repeatedly forward inbound network traffic from a particular predecessor node on a network architecture to a particular successor node on the network architecture. If such a correlation recurs with a selected frequency, the computer system of interest is identified as a candidate relay site.

Abstract: A computerized method for rating system vulnerabilities comprises assigning a risk rating to each of a plurality of risk categories associated with identified vulnerabilities, whereby each rating has a value indicative of a level of risk for its corresponding risk category. A resultant risk value is then computed for each identified vulnerability based on the risk ratings, thereby indicating a relative overall risk for each vulnerability. A respective waiting factor can also be assigned for each of the risk ratings. A computer readable medium and a vulnerability rating system for use in assessing computer system vulnerabilities are also provided.

Abstract: A method, computer readable medium and system for determining whether a data stream is in cyphertext format statistically analyzes the data stream to compute a resultant value indicative of a level of uniformity for a frequency distribution of the data stream's byte values. When applied to one or more files an average byte value may be computed for the data stream and a chi-square statistical analysis of the data bytes performed, with the resultant value computed based on the chi-square value. The resultant is then compared to a pre-determined threshold value to determine whether the file has been encrypted. The computer-readable medium has executable instructions for reading the data stream portions of files to compute a resultant value for each file and control an output device to display appropriate output. The encryption detection system comprises a storage device, an output device and a processor programmed in accordance with the foregoing.