Method and system for identifying icons
First Claim
1. A computing system implemented process for identifying Icons comprising:
- providing a known/clean file Icon database, the known/clean file Icon database including Icon image data associated with one or more Icons associated with one or more applications;
using one or more processors associated with one or more computing systems to monitor a given user computing system to detect and intercept all PE files being directed to the given user computing system;
using one or more processors associated with one or more computing systems to scan the resource section of all PE files being directed to the given user computing system to detect .ico files;
detecting a given .ico file in the resource section of a given PE file;
extracting the given .ico file from the resource section of a given PE file using one or more processors associated with one or more computing systems;
extracting relevant image data from the given .ico file;
obtaining known/clean Icon image data from the known/clean file Icon database;
defining a threshold matching level such that if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, data indicating a status of the extracted .ico file and the given file, is transformed to data indicating a status of Icon match;
comparing the relevant image data from the given .ico file and clean/known Icon image data from the known/clean file Icon database; and
if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, transforming data indicating a status of the extracted .ico file and the given PE file, to data indicating a status of Icon match.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for indentifying Icons whereby a known/clean file Icon database is created that includes Icon image data and/or .ico files associated with known icons of selected applications. The resource section of any file being transferred to, or through, a given user computing system is then stripped and scanned for .ico files and any .ico files identified are extracted. Then for each directory extracted from the identified .ico files, the relevant image data is extracted. The known/clean Icon image data is obtained from the known/clean file Icon database. The extracted relevant image data is then compared with known/clean Icon image data and, if the extracted relevant image data matches with the known/clean Icon image data to a desired level of accuracy, a status of the extracted .ico files, and/or given file, is transformed indicate a status of Icon match.
16 Citations
20 Claims
-
1. A computing system implemented process for identifying Icons comprising:
-
providing a known/clean file Icon database, the known/clean file Icon database including Icon image data associated with one or more Icons associated with one or more applications; using one or more processors associated with one or more computing systems to monitor a given user computing system to detect and intercept all PE files being directed to the given user computing system; using one or more processors associated with one or more computing systems to scan the resource section of all PE files being directed to the given user computing system to detect .ico files; detecting a given .ico file in the resource section of a given PE file; extracting the given .ico file from the resource section of a given PE file using one or more processors associated with one or more computing systems; extracting relevant image data from the given .ico file; obtaining known/clean Icon image data from the known/clean file Icon database; defining a threshold matching level such that if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, data indicating a status of the extracted .ico file and the given file, is transformed to data indicating a status of Icon match; comparing the relevant image data from the given .ico file and clean/known Icon image data from the known/clean file Icon database; and if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, transforming data indicating a status of the extracted .ico file and the given PE file, to data indicating a status of Icon match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for identifying Icons comprising:
-
a known/clean file Icon database, the known/clean file Icon database including Icon image data associated with one or more Icons associated with one or more applications; a given user computing system; a security system associated with the given user computing system; a security system provider computing system; one or more processors associated with the security system provider computing system, the one or more processors associated with the security system provider computing system executing at least part of a computing system implemented process for identifying Icons, the computing system implemented process for identifying Icons comprising; using the one or more processors associated with the security system provider computing system to monitor a given user computing system to detect and intercept all files being directed to the given user computing system; using the one or more processors associated with the security system provider computing system to scan the resource section of all files being directed to the given user computing system to detect .ico files; detecting a given .ico file in the resource section of a given file; extracting the given .ico file from the resource section of a given file using the one or more processors associated with the security system provider computing system; extracting relevant image data from the given .ico file using the one or more processors associated with the security system provider computing system; obtaining known/clean Icon image data from the known/clean file Icon database; defining a threshold matching level such that if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, data indicating a status of the extracted .ico file and the given file, is transformed to data indicating a status of Icon match; comparing the relevant image data from the given .ico file and clean/known Icon image data from the known/clean file Icon database using the one or more processors associated with the security system provider computing system; and if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, transforming data indicating a status of the extracted .ico file and the given file, to data indicating a status of Icon match using the one or more processors associated with the security system provider computing system. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system for identifying Icons comprising:
-
a known/clean file Icon database, the known/clean file Icon database including Icon image data associated with one or more Icons associated with one or more applications; a given user computing system; a security system associated with the given user computing system; one or more processors associated with the given user computing system, the one or more processors associated with the given user computing system executing at least part of a computing system implemented process for identifying Icons, the computing system implemented process for identifying Icons comprising; using the one or more processors associated with the given user computing system to monitor the given user computing system to detect and intercept all files being directed to the given user computing system; using the one or more processors associated with the given user computing system to scan the resource section of all files being directed to the given user computing system to detect .ico files; detecting a given .ico file in the resource section of a given file; extracting the given .ico file from the resource section of a given file using the one or more processors associated with the given user computing system; extracting relevant image data from the given .ico file using the one or more processors associated with the given user computing system; obtaining clean/known Icon image data from the known/clean file Icon database; defining a threshold matching level such that if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, data indicating a status of the extracted .ico file and the given file, is transformed to data indicating a status of Icon match; comparing the relevant image data from the given .ico file and clean/known Icon image data from the known/clean file Icon database using the one or more processors associated with the given user computing system; and if the extracted relevant image data from the given .ico file matches with known/clean Icon image data obtained from the known/clean file Icon database to at least the defined threshold match level, transforming data indicating a status of the extracted .ico file and the given file, to data indicating a status of Icon match using the one or more processors associated with the given user computing system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification