IDENTIFICATION OF OBFUSCATED COMPUTER ITEMS USING VISUAL ALGORITHMS
First Claim
1. A method to identify one or more items associated with a computer, the method comprising the steps of:
- initiating a visual algorithm in a computer, the visual algorithm including a set of executable computer instructions configured to cause (i) consumption of a character string in the computer, and (ii) generation of a visual ID based on the character string; and
generating a first visual ID by applying the visual algorithm to a candidate character string.
8 Assignments
0 Petitions
Accused Products
Abstract
A method to identify character strings associated with potentially malicious software items. The method includes employing a visual algorithm to translate one or more characters of a character string into corresponding characters in a visual ID for use in grouping and comparing computer items having similar visual IDs, such as a reference ID for a computer item that is known to be non-malicious. The method may, among other things, elucidate an attacker'"'"'s attempt to obfuscate malicious software by using file names that are very similar to those used for harmless files.
184 Citations
20 Claims
-
1. A method to identify one or more items associated with a computer, the method comprising the steps of:
-
initiating a visual algorithm in a computer, the visual algorithm including a set of executable computer instructions configured to cause (i) consumption of a character string in the computer, and (ii) generation of a visual ID based on the character string; and generating a first visual ID by applying the visual algorithm to a candidate character string. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system to identify one or more computer items comprising:
-
a computer; a visual algorithm configured for execution via the computer; and a candidate character string. - View Dependent Claims (17, 18, 19, 20)
-
Specification