Intelligent Hashes for Centralized Malware Detection
First Claim
1. A method of generating an intelligent hash for an entity, the method comprising:
- generating a sequence of metalanguage instructions based on the entity;
identifying a set of subsequences of the sequence of metalanguage instructions;
generating the intelligent hash for the entity based, at least in part, on the identified set of subsequences; and
storing the intelligent hash on a storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
A suspicious entity is identified. An intelligent hash for the suspicious entity is generated, wherein the intelligent hash includes a set of metadata that is specific to the suspicious entity and at least some of the metadata is invariant over changes to the suspicious entity. The intelligent hash is transmitted to a server for evaluation of whether the suspicious entity corresponds to the malware entity. The server is adapted to determine whether the suspicious entity corresponds to the malware entity based on the intelligent hash. A result is received from the server specifying whether the suspicious entity corresponds to the malware entity.
-
Citations
20 Claims
-
1. A method of generating an intelligent hash for an entity, the method comprising:
-
generating a sequence of metalanguage instructions based on the entity; identifying a set of subsequences of the sequence of metalanguage instructions; generating the intelligent hash for the entity based, at least in part, on the identified set of subsequences; and storing the intelligent hash on a storage device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system for determining whether a suspicious entity corresponds to a malware entity, the system comprising:
-
a reporting module adapted to receive an intelligent hash generated based on a suspicious entity encountered by a client, wherein the intelligent hash includes a set of metadata that is specific to the suspicious entity and at least some of the metadata is invariant over changes to the suspicious entity; and an evaluation module adapted to determine whether the suspicious entity corresponds to the malware entity based on the intelligent hash; wherein the reporting module is further adapted to report to the client whether the suspicious entity hash corresponds to the malware entity. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable storage medium encoded with computer program code for determining whether a suspicious entity corresponds to a malware entity, the program code comprising program code for:
-
identifying a suspicious entity; generating an intelligent hash for the suspicious entity, wherein the intelligent hash includes a set of metadata that is specific to the suspicious entity and at least some of the metadata is invariant over changes to the suspicious entity; transmitting the intelligent hash to a server for evaluation of whether the suspicious entity corresponds to the malware entity; and receiving from the server a result specifying whether the suspicious entity corresponds to the malware entity. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification