Automatic signature generation for malicious PDF files
First Claim
Patent Images
1. A system, comprising:
- a processor configured to;
receive a Portable Document Format (PDF) file that is known to include malicious content;
parse the PDF file to identify a cross-reference table included in the PDF file; and
generate a signature associated with the PDF file from the identified cross-reference table; and
a memory coupled to the processor and configured to provide the processor with instructions.
0 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, automatic signature generation for malicious PDF files includes: parsing a PDF file to extract script stream data embedded in the PDF file; determining whether the extracted script stream data within the PDF file is malicious; and automatically generating a signature for the PDF file.
73 Citations
20 Claims
-
1. A system, comprising:
-
a processor configured to; receive a Portable Document Format (PDF) file that is known to include malicious content; parse the PDF file to identify a cross-reference table included in the PDF file; and generate a signature associated with the PDF file from the identified cross-reference table; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
receiving a Portable Document Format (PDF) file that is known to include malicious content; parsing, using a processor, the PDF file to identify a cross-reference table included in the PDF file; and generating a signature associated with the PDF file from the identified cross-reference table. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
receiving a Portable Document Format (PDF) file that is known to include malicious content; parsing the PDF file to identify a cross-reference table included in the PDF file; and generating a signature associated with the PDF file from the identified cross-reference table. - View Dependent Claims (20)
-
Specification