Mitigation of malware
First Claim
Patent Images
1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor:
- determine a series of checksums for a file;
compare the series of checksums to a checksum tree, wherein the checksum tree includes a first plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known malware, and a second plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known benign files, wherein each node in the checksum tree includes a classification that indicates a specific malware family or a benign file;
assign one or more classifications to the file, wherein each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums; and
assign a percentage to each of the one or more classifications.
10 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided in example embodiments for mitigating malicious calls. The system can be configured to determine a series of checksums for a file, compare the series of checksums to a checksum tree, where the checksum tree includes a plurality of nodes that each include a fuzzy checksum of known malware, and assign one or more classifications to the file, where each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums and includes whether the file includes malware or benign checksums.
23 Citations
19 Claims
-
1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor:
-
determine a series of checksums for a file; compare the series of checksums to a checksum tree, wherein the checksum tree includes a first plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known malware, and a second plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known benign files, wherein each node in the checksum tree includes a classification that indicates a specific malware family or a benign file; assign one or more classifications to the file, wherein each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums; and assign a percentage to each of the one or more classifications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
a checksum module configured to determine a series of checksums for a file and compare the series of checksums to a checksum tree, wherein the checksum tree includes a first plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known malware, and a second plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known benign files, wherein each node in the checksum tree includes a classification that indicates a specific malware family or a benign file; and a classification module configured to assign one or more classifications to the file, wherein each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums, and assign a percentage to each of the one or more classifications. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method, comprising:
-
determining a series of checksums for a file; comparing the series of checksums to a checksum tree, wherein the checksum tree includes a first plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known malware, and a second plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known benign files, wherein each node in the checksum tree includes a classification that indicates a specific malware family or a benign file; assigning one or more classifications to the file, wherein each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums; and assigning a percentage to each of the one or more classifications. - View Dependent Claims (14, 16, 17)
-
-
15. The method of 13, further comprising:
-
determining one or more characteristics for the file; and determining, based on the one or more characteristics of the file, at least one checksum tree to compare to the file.
-
-
18. A system for mitigating malware, the system comprising:
-
a checksum module to determine a series of checksums for a file; and a classification module to compare the series of checksums to a checksum tree, wherein the checksum tree includes a first plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known malware, and a second plurality of nodes that each include a fuzzy checksum of at least a portion of one or more known benign files, wherein each node in the checksum tree includes a classification that indicates a specific malware family or a benign file, the classification module to also assign one or more classifications to the file, wherein each of the one or more classifications is based on each node of the checksum tree that matches a checksum in the series of checksums, and wherein a percentage is assigned to each of the one or more of the classifications. - View Dependent Claims (19)
-
Specification