×

Methods for identifying malicious software

  • US 7,644,441 B2
  • Filed: 09/24/2004
  • Issued: 01/05/2010
  • Est. Priority Date: 09/26/2003
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying malicious software in an executable file, comprising:

  • dividing a portion of the executable file into a plurality of windows, each window of the plurality of windows comprising one or more bytes;

    applying to the one or more bytes of the plurality of windows a transformation function that provides a numerically comparable value for the each window;

    displaying graphically the numerically comparable value for the each window as a function of the each window;

    determining if a given numerical comparable value is a statistical outlier with respect to other numerical comparable values; and

    if the given numerical comparable value is a statistical outlier, identifying a window comprising the given numerical comparable value as the malicious software,wherein the statistical outlier has a value two standard deviations greater than the mean of the numerical comparable values.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×