System and method to mitigate malware
First Claim
Patent Images
1. At least one non-transitory computer readable medium comprising one or more instructions that when executed by a processor, cause the computer readable medium to:
- receive script data;
determine a checksum tree for the script data;
associate each checksum of the checksum tree with a Bayesian score;
compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum;
assign one or more probability classifications to the script data, wherein the assigned probability classification includes the associated Bayesian score for each checksum; and
store the assigned probability classifications in memory.
2 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.
-
Citations
25 Claims
-
1. At least one non-transitory computer readable medium comprising one or more instructions that when executed by a processor, cause the computer readable medium to:
-
receive script data; determine a checksum tree for the script data; associate each checksum of the checksum tree with a Bayesian score; compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assign one or more probability classifications to the script data, wherein the assigned probability classification includes the associated Bayesian score for each checksum; and store the assigned probability classifications in memory. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
memory; and a hardware processor configured to; receive script data; determine a checksum tree for the script data; associate each checksum of the checksum tree with a Bayesian score; compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assign one or more probability classifications to the script data, wherein the assigned probability classification includes the associated Bayesian score for each checksum; and store the assigned probability classifications in memory. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving script data; determining a checksum tree for the script data; associating each checksum of the checksum tree with a Bayesian score; comparing each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assigning one or more probability classifications to the script data, wherein the assigned probability classification includes the associated Bayesian score for each checksum; and storing the assigned probability classifications in memory. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A system for mitigating malware, the system comprising:
-
a memory element; communication circuitry; a hardware processor configured to; receive script data; determine a checksum tree for the script data; associate each checksum of the checksum tree with a Bayesian score; compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assign one or more probability classifications to the script data, wherein the assigned probability classification includes the associated Bayesian score for each checksum; and store the assigned probability classifications in memory. - View Dependent Claims (23, 24, 25)
-
Specification