System and method for detecting malicious compound files
US10339312B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 20, 2017 |
| Grant date | Jul 2, 2019 |
| Priority date | — |
| Expiry date | Nov 2, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/565
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and system is provided for detecting malicious compound files. An example method includes: obtaining at least one compound file; identifying a first set of features of the at least one compound file including features associated with a header of the at least one compound file; subsequent to identifying the first set of features, identifying, by the processor, a second set of features of the at least one compound file including features associated with at least one directory of the at least one compound file; determining a hash sum of the at least one compound file based on the first and second set of features; comparing the hash sum of the at least one compound file with information associated with a plurality of compound files stored in a database; and identifying the at least one compound file as being malicious, trusted or untrusted based at least on comparison results.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.