System and method for determining data entropy to identify malware
First Claim
Patent Images
1. A malware detection method in a data processing system for determining suspicious data based on data entropy, the method comprising the steps of:
- acquiring a block of data;
calculating an entropy value for the block of data;
comparing the entropy value to a threshold value; and
recording the block of data as suspicious when the entropy value exceeds the threshold value.
11 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for performing malware detection for determining suspicious data based on data entropy are provided. The method includes acquiring a block of data, calculating an entropy value for the block of data, comparing the entropy value to a threshold value, and recording the block of data as suspicious when the entropy value exceeds the threshold value. An administrator may then investigate suspicious data.
-
Citations
20 Claims
-
1. A malware detection method in a data processing system for determining suspicious data based on data entropy, the method comprising the steps of:
-
acquiring a block of data; calculating an entropy value for the block of data; comparing the entropy value to a threshold value; and recording the block of data as suspicious when the entropy value exceeds the threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable medium having computer-executable instructions for performing a method of malware detection for determining suspicious data based on data entropy, the method comprising the steps of:
-
acquiring a block of data; calculating an entropy value for the block of data; comparing the entropy value to a threshold value; and recording the block of data as suspicious when the entropy value exceeds the threshold value. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification