METHOD AND SYSTEM FOR CLASSIFICATION OF SOFTWARE USING CHARACTERISTICS AND COMBINATIONS OF SUCH CHARACTERISTICS

US 20080005796A1
Filed: 06/30/2006
Published: 01/03/2008
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method for classifying software, said method comprising:

identifying at least one of a functional block and a property of said software;

identifying one or more genes in said at least one of a functional block and a property of said software;

matching said one or more genes against one or more classifications defined by a groupings of genes; and

classifying said software based on said one or more classifications.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain embodiments of the present invention provide methods and systems for software classification. Certain embodiments provide a method for identification of malware. Certain embodiments provide a method for identification of unwanted software. The method includes identifying one or more functional blocks and/or properties of software. The method further includes identifying genes in the functional blocks and/or properties. The method also includes matching the resulting list of genes against one or more combinations of classifications of groupings of genes. Additionally, the method includes classifying the software. Certain embodiments provide a method for generating classifications. The method includes identifying functional blocks and/or properties. Furthermore, the method includes combining a plurality of genes to form a classification.

Citations

33 Claims

1. A method for classifying software, said method comprising:
- identifying at least one of a functional block and a property of said software;
  
  identifying one or more genes in said at least one of a functional block and a property of said software;
  
  matching said one or more genes against one or more classifications defined by a groupings of genes; and
  
  classifying said software based on said one or more classifications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said classifying step further comprises classifying said software as malware based on said one or more classifications.
  - 3. The method of claim 1, wherein said classifying step further comprises classifying said software as unwanted software.
  - 4. The method of claim 1, further comprising unpacking said software.
  - 5. The method of claim 1, further comprising disassembling said software.
  - 6. The method of claim 1, further comprising filtering said software.
  - 7. The method of claim 1, further comprising unencrypting said software.
  - 8. The method of claim 1, further comprising generating an output based on said classifying of said software.
  - 9. The method of claim 1, further comprising disinfecting at least one of said software and a computer when said software is classified as malware.
  - 10. The method of claim 1, further comprising removing said software when said software is classified as malware or unwanted software.
  - 11. The method of claim 1, further comprising quarantining said software when said software is classified as malware or unwanted software.
  - 12. The method of claim 1, further comprising generating reports regarding said software.
  - 13. The method of claims 1, further comprising blocking access to said software when said software is classified as malware or unwanted software.
  - 14. The method of claim 1, further comprising scanning a computer for said software, wherein said scanning include user initiated scanning, scheduled scanning and on-access scanning.
  - 15. The method of claim 1, wherein said classification is based upon one or more groupings of genes.

16. A method for generating software classifications for use in classifying software, said method comprising:
- identifying one or more genes that appear in software;
  
  combining a plurality of genes to form a set of genes;
  
  testing said set of genes for false-positives against one or more reference files; and
  
  defining a software classification based on said set of genes.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein said software classification classifies malware.
  - 18. The method of claim 16, wherein said software classification classifies unwanted software.

19. A computer-readable medium having a set of instructions for execution on a computer, said set of instructions comprising:
- an identification routine configured to identify one or more functional blocks and/or properties of software;
  
  a routine configured to identify genes in said one or more functional blocks and/or properties;
  
  a matching routine configured to match genes against a list of predetermined classifications defined by groupings of genes; and
  
  a classification routine configured to classify said software.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 20. The set of instructions of claim 19, wherein said classification routine is configured to classify malware.
  - 21. The set of instructions of claim 19, wherein said classification routine is configured to classify unwanted software.
  - 22. The set of instructions of claim 19, further comprising an unpacking routine configured to unpack said software.
  - 23. The set of instructions of claim 19, further comprising a disassembly routine configured to disassemble said software.
  - 24. The set of instructions of claim 19, further comprising a filtering routine configured to filter said software.
  - 25. The set of instructions of claim 19, further comprising an unencryption routine configured to unencrypt said software.
  - 26. The set of instructions of claim 19, further comprising an output routine configured to generate an output based on a classification of said software.
  - 27. The set of instructions of claim 19, further comprising a disinfection routine configured to disinfect said software when said software is classified as malware.
  - 28. The set of instructions of claim 19, further comprising a removal routine configured to remove said software when said software is classified as malware or unwanted software.
  - 29. The set of instructions of claim 19, further comprising a quarantine routine configured to quarantine said software when said software is classified as malware or unwanted software.
  - 30. The set of instructions of claim 19, further comprising a reporting routine configured to generate reports regarding said software.
  - 31. The set of instructions of claim 19, further comprising a blocking routine configured to block access to said software when said software is classified as malware or unwanted software.
  - 32. The set of instructions of claim 19, further comprising a scanning routine configured to scan a computer for said software, said scanning including at least one of user initiated scanning, scheduled scanning and on-access scanning.
  - 33. The set of instructions of claim 19, further comprising a classification generation routine configured to generate software classifications, said classification routine executing the steps of:
    - identifying a software functionality;
      
      defining a characteristic based on said identified software functionality; and
      
      combining a plurality of characteristics to form a classification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
McCourt, William James, Godwood, Ben

Granted Patent

US 8,261,344 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/564 by virus signature recognition

METHOD AND SYSTEM FOR CLASSIFICATION OF SOFTWARE USING CHARACTERISTICS AND COMBINATIONS OF SUCH CHARACTERISTICS

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR CLASSIFICATION OF SOFTWARE USING CHARACTERISTICS AND COMBINATIONS OF SUCH CHARACTERISTICS

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links