MITIGATING MALICIOUS FILE PROPAGATION WITH PROGRESSIVE IDENTIFIERS
First Claim
1. A computer-implemented method of interdicting a propagation of a malicious file in a computer network, said method comprising:
- a computer determining one or more segments of a first computer file and a final segment of said first file by determining a series of sizes of segments defined by a function ƒ
, wherein said first file is being transferred to a first computer system via a network;
said computer receiving said one or more segments of said first file;
said computer determining one or more signatures that identify said one or more segments of said first file by applying a hash function to each segment of said one or more segments of said first file;
said computer receiving said final segment of said first file;
said computer determining a signature that identifies said final segment of said first file by applying said hash function to said final segment of said first file;
said computer determining a complete match between a first progressive identifier (pID) of said first file and a second pID of another file (malicious file) by determining a first match between said one or more signatures that identify said one or more segments of said first file and one or more signatures that identify one or more segments of said malicious file and by determining a second match between said signature that identifies said final segment of said first file and a signature of a last segment of said malicious file, wherein said malicious file is another computer file identified as including malicious code, wherein said first pID includes a first series of signatures consisting of said one or more signatures that identify said one or more segments of said first file followed by said signature that identifies said final segment of said first file, and wherein said second pID includes a second series of signatures consisting of said one or more signatures that identify said one or more segments of said malicious file followed by said signature that identifies said final segment of said malicious file;
responsive to the step of determining said first match and prior to the step of determining said second match, said computer transferring said one or more segments of said first file to said first computer system; and
responsive to the step of determining said complete match, a processor of said computer identifying said first file as being said malicious file and interdicting a transfer of said final segment of said first file to said first computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for mitigating a propagation of a file that includes malicious code. Segments of the file are determined by a series of sizes determined by a function ƒ. Signatures identifying segments of the file are determined by applying a hash function to each segment. A complete match between the file and a malicious file is determined by determining a first match between signature(s) identifying a first set of segment(s) of the file and signature(s) identifying corresponding segment(s) of the malicious file and by determining a second match between a signature identifying a final segment of the file and a signature identifying a last segment of the malicious file. Responsive to determining the complete match, the file is identified as the malicious file and a transfer of the final segment of the file is interdicted.
-
Citations
20 Claims
-
1. A computer-implemented method of interdicting a propagation of a malicious file in a computer network, said method comprising:
-
a computer determining one or more segments of a first computer file and a final segment of said first file by determining a series of sizes of segments defined by a function ƒ
, wherein said first file is being transferred to a first computer system via a network;said computer receiving said one or more segments of said first file; said computer determining one or more signatures that identify said one or more segments of said first file by applying a hash function to each segment of said one or more segments of said first file; said computer receiving said final segment of said first file; said computer determining a signature that identifies said final segment of said first file by applying said hash function to said final segment of said first file; said computer determining a complete match between a first progressive identifier (pID) of said first file and a second pID of another file (malicious file) by determining a first match between said one or more signatures that identify said one or more segments of said first file and one or more signatures that identify one or more segments of said malicious file and by determining a second match between said signature that identifies said final segment of said first file and a signature of a last segment of said malicious file, wherein said malicious file is another computer file identified as including malicious code, wherein said first pID includes a first series of signatures consisting of said one or more signatures that identify said one or more segments of said first file followed by said signature that identifies said final segment of said first file, and wherein said second pID includes a second series of signatures consisting of said one or more signatures that identify said one or more segments of said malicious file followed by said signature that identifies said final segment of said malicious file; responsive to the step of determining said first match and prior to the step of determining said second match, said computer transferring said one or more segments of said first file to said first computer system; and responsive to the step of determining said complete match, a processor of said computer identifying said first file as being said malicious file and interdicting a transfer of said final segment of said first file to said first computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A first computer system for interdicting a propagation of a malicious file in a computer network, said first computer system comprising:
-
a processor; a computer readable memory; a computer readable storage medium; first program instructions to determine one or more segments of a first computer file and a final segment of said first file by determining a series of sizes of segments defined by a function ƒ
, wherein said first file is being transferred to a second computer system via a network;second program instructions to receive said one or more segments of said first file; third program instructions to determine one or more signatures that identify said one or more segments of said first file by applying a hash function to each segment of said one or more segments of said first file; fourth program instructions to receive said final segment of said first file; fifth program instructions to determine a signature that identifies said final segment of said first file by applying said hash function to said final segment of said first file; sixth program instructions to determine a complete match between a first progressive identifier (pID) of said first file and a second pID of another file (malicious file) by determining a first match between said one or more signatures that identify said one or more segments of said first file and one or more signatures that identify one or more segments of said malicious file and by determining a second match between said signature that identifies said final segment of said first file and a signature of a last segment of said malicious file, wherein said malicious file is another computer file identified as including said malicious code, wherein said first pID includes a first series of signatures consisting of said one or more signatures that identify said one or more segments of said first file followed by said signature that identifies said final segment of said first file, and wherein said second pID includes a second series of signatures consisting of said one or more signatures that identify said one or more segments of said malicious file followed by said signature that identifies said final segment of said malicious file; seventh program instructions to, responsive to determining said first match by said sixth program instructions and prior to determining said second match by said sixth program instructions, transfer said first set of one or more data packets of said first file to said second computer system; and eighth program instructions to, responsive to determining said complete match by said sixth program instructions, identify said first file as being said malicious file and interdict a transfer of said final segment of said first file to said second computer system, wherein said first, second, third, fourth, fifth, sixth, seventh and eighth program instructions are stored on said computer readable storage medium and are executable by said processor via said computer readable memory. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer program product for mitigating a propagation of a malicious file in a computer network, said computer program product comprising:
-
a computer readable storage medium; first program instructions to determine one or more segments of a first computer file and a final segment of said first file by determining a series of sizes of segments defined by a function ƒ
, wherein said first file is being transferred to a first computer system via a network;second program instructions to receive said one or more segments of said first file; third program instructions to determine one or more signatures that identify said one or more segments of said first file by applying a hash function to each segment of said one or more segments of said first file; fourth program instructions to receive said final segment of said first file; fifth program instructions to determine a signature that identifies said final segment of said first file by applying said hash function to said final segment of said first file; sixth program instructions to determine a complete match between a first progressive identifier (pID) of said first file and a second pID of another file (malicious file) by determining a first match between said one or more signatures that identify said one or more segments of said first file and one or more signatures that identify one or more segments of said malicious file and by determining a second match between said signature that identifies said final segment of said first file and a signature of a last segment of said malicious file, wherein said malicious file is another computer file identified as including said malicious code, wherein said first pID includes a first series of signatures consisting of said one or more signatures that identify said one or more segments of said first file followed by said signature that identifies said final segment of said first file, and wherein said second pID includes a second series of signatures consisting of said one or more signatures that identify said one or more segments of said malicious file followed by said signature that identifies said final segment of said malicious file; seventh program instructions to, responsive to determining said first match by said sixth program instructions and prior to determining said second match by said sixth program instructions, transfer said first set of one or more data packets of said first file to said first computer system; and eighth program instructions to, responsive to determining said complete match by said sixth program instructions, identify said first file as being said malicious file and interdict a transfer of said second set of one or more data packets of said first file to said first computer system, wherein said first, second, third, fourth, fifth, sixth, seventh and eighth program instructions are stored on said computer readable storage medium. - View Dependent Claims (18, 19, 20)
-
Specification