×

Document exploit detection using baseline comparison

  • US 9,239,922 B1
  • Filed: 03/11/2013
  • Issued: 01/19/2016
  • Est. Priority Date: 03/11/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method of creating a pattern for document exploit detection, said method comprising:

  • executing a software application in a computer;

    opening a document file using said executing software application, said document file known to include malware and being of a type corresponding to said software application;

    executing computer code of said document file in a software application different from said executing software application, said computer code exploiting a vulnerability in said different software application wherein said execution of said computer code of said document file in said different software application is caused by a software object embedded in said document file;

    recording behaviors in said computer caused by said computer code of said document file in a report file;

    creating a first pattern file from said report file, said first pattern file exhibiting said behaviors of said document file, which include one or more malicious behaviors;

    obtaining a second pattern file that indicates behaviors caused by execution of a different document file that is known to be normal and non-malicious; and

    comparing the first and second pattern files to help identify an expression of said first pattern file that matches with a benign behavior.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×