SYSTEM AND METHOD FOR PROTECTING SYSTEMS FROM MALICIOUS ATTACKS
First Claim
1. A method of disarming malicious code in a computer system having a processor, the method comprising:
- receiving, by the computer system, input content; and
automatically applying, by the processor, a data value alteration model to the input content for altering select data values within the input content, the data value alteration model being configured to disarm malicious code included in the input content without first detecting malicious code in the input content such that a location of data units including malicious code in the input content is not known;
wherein the select data values include at least a portion of a plurality of data units included in the input content, and further wherein the portion of the plurality of data units is determined, based on the data value alteration model, randomly or pseudo-randomly, and so as not to interfere with an intended use of the input content, and so that at least one of the data units of the portion is statistically likely to include any malicious code.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.
-
Citations
23 Claims
-
1. A method of disarming malicious code in a computer system having a processor, the method comprising:
-
receiving, by the computer system, input content; and automatically applying, by the processor, a data value alteration model to the input content for altering select data values within the input content, the data value alteration model being configured to disarm malicious code included in the input content without first detecting malicious code in the input content such that a location of data units including malicious code in the input content is not known; wherein the select data values include at least a portion of a plurality of data units included in the input content, and further wherein the portion of the plurality of data units is determined, based on the data value alteration model, randomly or pseudo-randomly, and so as not to interfere with an intended use of the input content, and so that at least one of the data units of the portion is statistically likely to include any malicious code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 21, 22, 23)
-
-
10. (canceled)
-
11. (canceled)
-
15. A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform operations for disarming malicious code in a computer system, the operations comprising:
-
receiving input content; and automatically applying a data value alteration model to the input content for altering select data values within the input content, the data value alteration model being configured to disarm malicious code included in the input content without first detecting malicious code in the input content, such that a location of data units including malicious code in the input content is not known, and without regard to any structure used to encapsulate the input content; wherein the select data values include at least a portion of a plurality of data units included in the input content, and further wherein the portion of the plurality of data units is determined, based on the data value alteration model, randomly or pseudo-randomly, and so as not to interfere with an intended use of the input content, and so that at least one of the data units of the portion is statistically likely to include any malicious code. - View Dependent Claims (16)
-
-
17. (canceled)
-
18. A system for disarming malicious code, the system comprising:
-
a memory device storing a set of instructions; and a processor configured to execute the set of instructions to; receive input content; and automatically apply a data value alteration model to the input content for altering select data values within the input content, the data value alteration model being configured to disarm malicious code included in the input content without first detecting malicious code in the input content, such that a location of data units including malicious code in the input content is not known; wherein the select data values include at least a portion of a plurality of data units included in the input content, and further wherein the portion of the plurality of data units is determined, based on the data value alteration model, randomly or pseudo-randomly, and so as not to interfere with an intended use of the input content, and so that at least one of the data units of the portion is statistically likely to include any malicious code. - View Dependent Claims (19, 20)
-
Specification