System and method for detecting harmful files executable on a virtual stack machine based on parameters of the files and the virtual stack machine
US10013555B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 14, 2016 |
| Grant date | Jul 3, 2018 |
| Priority date | — |
| Expiry date | Jun 14, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: analyzing a file executable on the virtual stack machine to identify both parameters of a file section of the file and parameters of a function of the virtual stack machine when executing the file; identifying, in a database, at least one cluster of safe files based on the identified parameters of the file section of the file and the identified parameters of the virtual stack machine; creating, using at least one clustering rule, a data cluster based on the identified at least one cluster of safe files; calculating at least one checksum of the created data cluster; and determining that the file executable on the virtual stack machine is harmful if the computed at least one checksum matches a checksum in a database of checksums of harmful files.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.