System and methods for detection of new malicious executables

  • US 7,487,544 B2
  • Filed: 07/30/2002
  • Issued: 02/03/2009
  • Est. Priority Date: 07/30/2001
  • Status: Active Grant
First Claim
Patent Images

1. A method for classifying an executable attachment in an email received at an email processing application of a computer system comprising:

  • a) filtering said executable attachment from said email;

    b) extracting a byte sequence feature from said executable attachment; and

    c) classifying said executable attachment by comparing said byte sequence feature of said executable attachment with a classification rule set derived from byte sequence features of a set of executables having a predetermined class in a set of classes to determine the probability whether said executable attachment is malicious, wherein extracting said byte sequence features from said executable attachment comprises creating a byte string representative of resources referenced by said executable attachment.

View all claims

    Thank you for your feedback