Multistage system and method for analyzing obfuscated content for malware
US10657251B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 26, 2017 |
| Grant date | May 19, 2020 |
| Priority date | — |
| Expiry date | Jun 26, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malware detection system configured to detect suspiciousness in obfuscated content. A multi-stage static detection logic is utilized to detect obfuscation, make the obfuscated content accessible, identify suspiciousness in the accessible content and filter non-suspicious non-obfuscated content from further analysis. The multi-stage static detection logic includes a controller, a de-constructor, and a post-processor. The controller is configured to receive content while the de-constructor configured to receive content from the controller and deconstruct the content using the analysis technique selected by the controller. The post-processor is configured to receive the de-constructed content from the de-constructor, determine whether a specimen within the de-constructed content is suspicious, and remove non-suspicious content from further analysis.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.