Patent · US Active

Systems and methods for reverse-engineering malware protocols

US10050982B1 · kind B1 · utility

28Cited by

0References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Ruben Torres Guerra · Menlo Park, US
Gaspar Modelo-Howard · Fremont, US
Alok Tongaonkar · San Jose, US
Lorenzo De Carli · Madison, US
Somesh Jha · Toronto, CA

Key dates

Filing date	May 19, 2016
Grant date	Aug 14, 2018
Priority date	—
Expiry date	Dec 7, 2036

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The disclosed computer-implemented method for reverse-engineering malware protocols may include (1) decrypting encrypted network traffic generated by a malware program, (2) identifying at least one message type field in the decrypted network traffic, (3) identifying at least one message in the decrypted network traffic with the identified message type, and (4) inferring at least a portion of a protocol used by the malware program by analyzing the identified message to identify a field type for at least one data field of the identified message of the identified message type. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.