System and method to mitigate malware
First Claim
Patent Images
1. At least one non-transitory computer readable medium comprising one or more instructions that when executed by a processor, cause the computer readable medium to:
- receive script data;
determine a checksum tree for the script data;
compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum;
assign one or more classifications to the script data, wherein the assigned classification includes a likely malware family name or a benign label; and
store the assigned classifications in memory.
10 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments described herein provide for an electronic device that can be configured to receive script data, determine a checksum tree for the script data, compare each checksum of the checksum tree to one or more subtree checksums, and assign one or more classifications to the script data. In one example, the checksum tree is an abstract syntax tree.
-
Citations
25 Claims
-
1. At least one non-transitory computer readable medium comprising one or more instructions that when executed by a processor, cause the computer readable medium to:
-
receive script data; determine a checksum tree for the script data; compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assign one or more classifications to the script data, wherein the assigned classification includes a likely malware family name or a benign label; and store the assigned classifications in memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a memory element; a processor; a tree generation module configured to; receive script data at the processor; and determine a checksum tree for the script data; and a detection module configured to; compare each checksum of the checksum tree to one or more subtree checksums stored in the memory, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; and assign one or more classifications to the script data, wherein the assigned classification includes a likely malware family name or a benign label. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
receiving script data at a processor; determining a checksum tree for the script data; comparing each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assigning one or more classifications to the script data, wherein the assigned classification includes a likely malware family name or a benign label; and storing the assigned classification in memory. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system for mitigating malware, the system comprising:
-
a memory element; communication circuitry; a hardware processor configured to; receive script data; determine a checksum tree for the script data; compare each checksum of the checksum tree to one or more subtree checksums, wherein each of the one or more subtree checksums is a malware checksum or a benign checksum; assign one or more classifications to the script data, wherein the assigned classification includes a likely malware family name or a benign label; and store the assigned classifications in memory. - View Dependent Claims (25)
-
Specification