SIGNAL TOKENS INDICATIVE OF MALWARE
First Claim
Patent Images
1. A computing device comprising:
- a memory and at least one processor to execute a plurality of modules including;
a static code analysis module to determine a first and second set of tokens based on a static code analysis respectively performed on a first set of known malware application code and a second set of known clean application code; and
a signal generation module to generate a set of signal tokens indicative of malware based on groupings of the tokens.
7 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments disclosed herein relate to generate signal tokens indicative of malware. A code analysis is performed on known malware application code and known clean application code to generate tokens. Signal tokens indicative of malware are generated based on groupings of the tokens.
16 Citations
15 Claims
-
1. A computing device comprising:
-
a memory and at least one processor to execute a plurality of modules including; a static code analysis module to determine a first and second set of tokens based on a static code analysis respectively performed on a first set of known malware application code and a second set of known clean application code; and a signal generation module to generate a set of signal tokens indicative of malware based on groupings of the tokens. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
performing code analysis based on rules on a first set of known malware application code and a second set of known clean application code to generate tokens; determining a set of the tokens indicative of malware; and generating a set of signal tokens based on groupings of the tokens indicative of malware. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory machine-readable storage medium storing instructions that, if executed by at least one processor of a computing device, cause the computing device to:
-
perform a static code analysis based on obfuscation tolerant rules on a first set of known malware binaries and a second set of known clean binaries to generate tokens; and generate a set of signal tokens indicative of malware based on groupings of the tokens based on machine learning. - View Dependent Claims (15)
-
Specification