SYSTEM AND METHOD FOR DETECTING MALWARE

US 20180183815A1
Filed: 10/16/2017
Published: 06/28/2018
Est. Priority Date: 10/17/2016
Status: Abandoned Application

First Claim

Patent Images

1. A method of detecting malware using non-executable file format comprising the steps of:

receiving a portable executable file from a computer software in need of analysis;

converting said portable executable file to a computer graphic image;

processing said graphic image; and

identification of said computer file as benign or malicious malware.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detecting malware. The system and method is designed to detect malware without the requirement of malware signatures. The process relies upon converting a binary code file to an image. One or more machine learning techniques are used to classify the code as benign or malicious software.

Citations

19 Claims

1. A method of detecting malware using non-executable file format comprising the steps of:
- receiving a portable executable file from a computer software in need of analysis;
  
  converting said portable executable file to a computer graphic image;
  
  processing said graphic image; and
  
  identification of said computer file as benign or malicious malware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method for detecting malware using non-executable file format according to claim 1 wherein said portable executable file of a computer software in need of analysis is categorized into a malware family or malware type.
  - 3. The method for detecting malware using non-executable file format according to claim 2 wherein at least a portion of said method being performed by a computing device comprising at least one processor.
  - 4. The method for detecting malware using non-executable file format according to claim 1 wherein said portable executable file of a computer software in need of analysis is obtained from a network.
  - 5. The method of detecting malware using non-executable file format according to claim 1 wherein said step of converting said portable executable file to a computer graphic image includes the step of reading of said portable executable file into a binary memory stream.
  - 6. The method of detecting malware using non-executable file format according to claim 1 wherein said step of converting said portable executable file to a computer graphic image includes the step of extracting file headers, file header information, or combinations thereof, from said portable executable file.
  - 7. The method of detecting malware using non-executable file format according to claim 1 wherein converting said portable executable file to a computer graphic image includes separating said binary memory stream into one or more individual sections.
  - 8. The method of detecting malware using non-executable file format according to claim 7 wherein said one or more individual sections include .data section, .idata section, .rsrc section, .edta section, .text section, or combinations thereof.
  - 9. The method of detecting malware using non-executable file format according to claim 7 wherein converting said portable executable file to a computer graphic image further including the steps of:
    - combining all said separated individual sections into a single binary stream; and
      
      converting said single binary stream into a bitmap image.
  - 10. The method of detecting malware using non-executable file format according to claim 9 wherein each byte value of said single binary stream is converted to a grayscale color value.
  - 11. The method of detecting malware using non-executable file format according to claim 1 wherein said graphic image is resized to a pre-determined size.
  - 12. The method of detecting malware using non-executable file format according to claim 1 wherein said processing said graphic image includes the step of feature extraction using histogram-of-orientated gradients feature descriptor.
  - 13. The method of detecting malware using non-executable file format according to claim 1 wherein said identification of said computer file as benign or malicious malware comprises machine learning algorithms.

14. The method of detecting malware using non-executable file format according to claim 14 wherein said machine learning algorithms are based on support vector machine (SVM) or k-nearest neighbor (kNN).

15. A system for detecting or classifying malware using a non-executable file format comprising:
- one or more processors; and
  
  memory storing instructions that, when executed by said one or more processors, cause said one or more processors to detect or classify malware using a non-executable file format located on computer device;
  
  said detecting or classifying malware using a non-executable file format located on computer device includingreceiving a portable executable file from a computer software in need of analysis;
  
  converting said portable executable file to a computer graphic image;
  
  processing said graphic image; and
  
  identifying said computer file as benign or malicious malware.
- View Dependent Claims (16, 17, 18)
- - 16. The system for detecting or classifying malware using a non-executable file format according to claim 15, wherein said computer device is linked to a second computer device or server through a network.
  - 17. The system for detecting or classifying malware using a non-executable file format according to claim 16 wherein said at least one processor, when performing said step of converting said portable executable file to a computer graphic image, reads said portable executable file into a binary memory stream.
  - 18. The system for detecting or classifying malware using a non-executable file format according to claim 16, wherein said at least one processor extracts file headers, file header information, or combinations thereof, from said portable executable file or separates said binary memory stream into one or more individual sections.

19. A non-transitory computer readable medium storing instructions comprising:
- instructions for detecting or classifying malware using a non-executable file format located on computer device by;
  
  receiving a portable executable file from a computer software in need of analysis;
  
  converting said portable executable file to a computer graphic image;
  
  processing said graphic image; and
  
  identifying said computer file as benign software or malicious malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kerry Wayne Enfinger
Original Assignee
Kerry Wayne Enfinger
Inventors
Enfinger, Kerry Wayne

Application Number

US15/784,982
Publication Number

US 20180183815A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/562   Static detection

G06N 20/00   Machine learning

G06N 20/10   using kernel methods, e.g. ...

H04L 63/145   the attack involving the pr...

SYSTEM AND METHOD FOR DETECTING MALWARE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR DETECTING MALWARE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links