Automatic Inline Detection based on Static Data
First Claim
1. A system comprising:
- at least one processor; and
memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method for automatic inline detection based on static data, the method comprising;
receiving input corresponding to a downloading executable file;
determining a format for the executable file;
based on the determined format, parsing the received input to identify static data;
extracting the static data;
creating one or more feature vectors using the extracted static data;
determining one or more scores from the one or more feature vectors; and
based on the one or more scores, determining whether to terminate the download of the executable file.
8 Assignments
0 Petitions
Accused Products
Abstract
Examples of the present disclosure describe systems and methods of automatic inline detection based on static data. In aspects, a file being received by a recipient device may be analyzed using an inline parser. The inline parser may identify sections of the file and feature vectors may be created for the identified sections. The feature vectors may be used to calculate a score corresponding to the malicious status of the file as the information is being analyzed. If a score is determined to exceed a predetermined threshold, the file download process may be terminated. In aspects, the received files, file fragments, feature vectors and/or additional data may be collected and analyzed to build a probabilistic model used to identify potentially malicious files.
-
Citations
20 Claims
-
1. A system comprising:
-
at least one processor; and memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method for automatic inline detection based on static data, the method comprising; receiving input corresponding to a downloading executable file; determining a format for the executable file; based on the determined format, parsing the received input to identify static data; extracting the static data; creating one or more feature vectors using the extracted static data; determining one or more scores from the one or more feature vectors; and based on the one or more scores, determining whether to terminate the download of the executable file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for automatic inline detection based on static data, the method comprising:
-
receiving, by a computing device, a set of labeled data, wherein the set of labeled data is associated with one or more executable files comprising one or more security determinations; training one or more predictive models to determine the one or more security determinations using at least a portion of the set of labeled data; receiving, by the computing device, input, the input corresponding to a downloading executable file; determining a format for the executable file; based on the determined format, parsing the received input to identify static data; extracting the static data; creating one or more feature vectors using the extracted static data; using the one or more trained predictive models to determine one or more scores from the one or more feature vectors; based on the one or more scores, generating a security determination from the downloading executable file; and based on the security determination, determining whether to terminate the download of the downloading executable file. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer-readable media storing computer executable instructions that when executed cause a computing system to perform a method for automatic inline detection based on static data, the method comprising:
-
receiving a set of labeled data, wherein the set of labeled data is associated with one or more executable files comprising one or more security determinations; training one or more predictive models to determine the one or more security determinations using at least a portion of the set of labeled data; receiving input, the input corresponding to a downloading executable file; determining a format for the executable file; based on the determined format, parsing the received input to identify static data; extracting the static data; creating one or more feature vectors using the extracted static data; using the one or more trained predictive models to determine one or more scores from the one or more feature vectors; and based on the one or more scores, determining a security determination of the executable file. - View Dependent Claims (18, 19, 20)
-
Specification