Malware Detection System and Method for Mobile Platforms
First Claim
Patent Images
1. A method of detecting malware, comprising:
- selecting one or more first hash values hashed from a first-portion-sized string of one or more malware signatures;
hashing a plurality of first-portion-sized strings of a target application to create a plurality of second hash values; and
,comparing said plurality of second hash values to said first hash values to determine if there is a match, wherein if there is no said match then said target application is malware-free.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting malware optimized for mobile platforms. The system and method compares hashed portions of one or more malware signatures to hashes hashed from a suspect application, to determine whether the suspect application is malware-free. A second stage robust hash and splatter set of pseudorandomly selected blocks of the malware signatures reduce false positives allowing for improved detection of malware.
587 Citations
29 Claims
-
1. A method of detecting malware, comprising:
-
selecting one or more first hash values hashed from a first-portion-sized string of one or more malware signatures; hashing a plurality of first-portion-sized strings of a target application to create a plurality of second hash values; and
,comparing said plurality of second hash values to said first hash values to determine if there is a match, wherein if there is no said match then said target application is malware-free. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system of detecting malware, comprising:
-
a data store, said data store comprising a plurality of hash values hashed from a plurality of first-portion-sized strings of a plurality of malware signatures; a hash selecting means for selecting one or more first hash values from said plurality of hash values; a hashing means for hashing a plurality of first-portion-sized strings of a target application to create a plurality of second hash values; and
,a hash comparing means for comparing said plurality of second hash values to said first hash values to determine if there is a match, wherein if there is no said match then said target application is malware-free. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system for creating search strings to detect malware, comprising:
a hashing means for hashing a plurality of hash values from a plurality of first-portion-sized strings of a plurality of malware signatures. - View Dependent Claims (25, 26, 27, 28, 29)
Specification