×

Malware detection system and method for limited access mobile platforms

  • US 9,064,115 B2
  • Filed: 04/06/2007
  • Issued: 06/23/2015
  • Est. Priority Date: 04/06/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method of defining rules for detecting malware in a target application on a limited access platform, the method comprising:

  • extracting feature elements from non-executable portions of a plurality of applications without extracting feature elements from executable portions of the applications, wherein the non-executable portions comprise file headers of the plurality of applications, wherein the executable portions comprise portions of the applications outside of the file headers, and wherein one or more of the plurality of applications are known to be malware-infected;

    forming one or more feature sets for the plurality of applications such that each of the feature sets includes one or more of the feature elements extracted from the non-executable portions of the applications;

    characterizing each of the feature sets as either malware-infected or malware-free based on whether the applications from which the feature elements of the feature set were extracted are malware-infected;

    defining, by a computing device, one or more rules that each specify a respective combination of the feature elements that are characteristic of the feature sets characterized as malware-infected and that are not characteristic of the feature sets characterized as malware-free, wherein when applied to a non-executable portion comprising a file header of a target application, the rules identify the target application as malware-infected when the target application has a feature set including the combination of feature elements specified by the respective rule; and

    providing the rules to a mobile device comprising a limited access platform.

View all claims
  • 15 Assignments
Timeline View
Assignment View
    ×
    ×