Detecting malicious program code using similarity of hashed parsed trees
US10528731B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 21, 2017 |
| Grant date | Jan 7, 2020 |
| Priority date | — |
| Expiry date | Dec 6, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/565
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Techniques are described herein for detecting malicious program code stored on computer devices before the code can be executed to potentially compromise a computer network. In an embodiment, a method comprises receiving, at a computer device, a file containing instructions in a programming language; based on a syntax of the programming language, parsing the file to generate parsed information, and based on the parsed information, generating a syntax tree for the file; identifying one or more alphanumeric strings in the syntax tree, and based on the alphanumeric strings, generating a syntax string for the syntax tree; generating a hash digest by applying a piecewise hashing to the alphanumeric strings in the syntax string; determining whether the hash digest indicates that the file contains potentially malicious code; in response to determining that the hash digest indicates that the file contains the potentially malicious code, performing a responsive action.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.