Detecting Malware Using Stored Patterns
First Claim
1. A method comprising:
- identifying, by at least one processor, a plurality of portions of a file;
comparing, by the at least one processor, the plurality of portions of the file to a plurality of stored patterns, the plurality of stored patterns comprising portions of known malware;
determining, by at least one processor, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions, the set of matching portions comprising one or more of the plurality of portions of the file;
determining, by at least one processor, a score for each portion in the set of matching portions; and
providing, by at least one processor, information regarding the set of matching portions, the information comprising the scores determined for each portion of the set of matching portions.
12 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes identifying a plurality of portions of a file and comparing the plurality of portions of the file to a plurality of stored patterns. The plurality of stored patterns include portions of known malware. The method also includes determining, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions. The set of matching portions include one or more of the plurality of portions of the file. In addition, the method includes determining a score for each portion in the set of matching portions and providing information regarding the set of matching portions. The information includes the scores determined for each portion of the set of matching portions.
-
Citations
21 Claims
-
1. A method comprising:
-
identifying, by at least one processor, a plurality of portions of a file; comparing, by the at least one processor, the plurality of portions of the file to a plurality of stored patterns, the plurality of stored patterns comprising portions of known malware; determining, by at least one processor, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions, the set of matching portions comprising one or more of the plurality of portions of the file; determining, by at least one processor, a score for each portion in the set of matching portions; and providing, by at least one processor, information regarding the set of matching portions, the information comprising the scores determined for each portion of the set of matching portions. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
at least one computer-readable medium; and one or more processors configured to; identify a plurality of portions of a file; compare the plurality of portions of the file to a plurality of stored patterns, the plurality of stored patterns comprising portions of known malware; determine, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions, the set of matching portions comprising one or more of the plurality of portions of the file; determine a score for each portion in the set of matching portions; and provide information regarding the set of matching portions, the information comprising the scores determined for each portion of the set of matching portions. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. At least one non-transitory computer-readable medium comprising instructions that, when executed by one or more processors, are configured to:
-
identify a plurality of portions of a file; compare the plurality of portions of the file to a plurality of stored patterns, the plurality of stored patterns comprising portions of known malware; determine, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions, the set of matching portions comprising one or more of the plurality of portions of the file; determine a score for each portion in the set of matching portions; and provide information regarding the set of matching portions, the information comprising the scores determined for each portion of the set of matching portions. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification