METHOD AND APPARATUS FOR DETECTING MALICIOUS SOFTWARE USING GENERIC SIGNATURES
First Claim
Patent Images
1. A computer implemented method for determining whether a software application is likely malicious comprising:
- applying a mathematical transformation to a software application to produce a generic fingerprint;
recording the fingerprint of said software application;
applying one or more steps that can be executed on a general purpose computing device to determine if that generic signature should be deemed malicious; and
communicating information concerning whether the generic signature should be deemed malicious to a client component.
5 Assignments
0 Petitions
Accused Products
Abstract
Novel methods, components, and systems for automatically detecting malicious software are presented. More specifically, we describe methods, components, and systems for the automated deployment of generic signatures to detect malicious software. (Typically, generic signature creation and deployment require more extensive manual processes.) The disclosed invention provides a significant improvement with regard to automation compared to previous approaches.
-
Citations
2 Claims
-
1. A computer implemented method for determining whether a software application is likely malicious comprising:
-
applying a mathematical transformation to a software application to produce a generic fingerprint; recording the fingerprint of said software application; applying one or more steps that can be executed on a general purpose computing device to determine if that generic signature should be deemed malicious; and communicating information concerning whether the generic signature should be deemed malicious to a client component.
-
-
2. A computer implemented method for determining whether a software application is likely malicious, comprising:
-
computing at a client component a generic fingerprint for a software application; transmitting the generic fingerprint data to a server component; receiving at the client component information from the server component relating to the generic fingerprint of the software application; following a prescribed set of actions based on the information received from the server, said actions selected from the group consisting of ignoring the application if it is deemed safe by other methods beyond the generic fingerprint;
removing the application from the system if it is deemed unsafe; and
transmitting the application to a possibly different server-side component for further processing and analysis.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSourcefire LLC (Cisco Systems, Inc.)
-
Original AssigneeSourcefire LLC (Cisco Systems, Inc.)
-
InventorsHuger, Alfred, FRIEDRICHS, OLIVER, O'Donnell, Adam J.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/22
-
CPC Class CodesG06F 21/564 by virus signature recognitionH04L 63/1416 Event detection, e.g. attac...
