METHOD AND APPARATUS FOR DETECTING MALICIOUS SOFTWARE USING GENERIC SIGNATURES
First Claim
Patent Images
1. A computer implemented method for determining whether a software application is likely malicious comprising:
- applying a mathematical transformation to a software application to produce a generic fingerprint;
recording the fingerprint of said software application;
applying one or more steps that can be executed on a general purpose computing device to determine if that generic signature should be deemed malicious; and
communicating information concerning whether the generic signature should be deemed malicious to a client component.
5 Assignments
0 Petitions
Accused Products
Abstract
Novel methods, components, and systems for automatically detecting malicious software are presented. More specifically, we describe methods, components, and systems for the automated deployment of generic signatures to detect malicious software. (Typically, generic signature creation and deployment require more extensive manual processes.) The disclosed invention provides a significant improvement with regard to automation compared to previous approaches.
-
Citations
2 Claims
-
1. A computer implemented method for determining whether a software application is likely malicious comprising:
-
applying a mathematical transformation to a software application to produce a generic fingerprint; recording the fingerprint of said software application; applying one or more steps that can be executed on a general purpose computing device to determine if that generic signature should be deemed malicious; and communicating information concerning whether the generic signature should be deemed malicious to a client component.
-
-
2. A computer implemented method for determining whether a software application is likely malicious, comprising:
-
computing at a client component a generic fingerprint for a software application; transmitting the generic fingerprint data to a server component; receiving at the client component information from the server component relating to the generic fingerprint of the software application; following a prescribed set of actions based on the information received from the server, said actions selected from the group consisting of ignoring the application if it is deemed safe by other methods beyond the generic fingerprint;
removing the application from the system if it is deemed unsafe; and
transmitting the application to a possibly different server-side component for further processing and analysis.
-
Specification