System and method for detecting a malicious file using image analysis prior to execution of the file
US11275833B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 10, 2018 |
| Grant date | Mar 15, 2022 |
| Priority date | — |
| Expiry date | Dec 5, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06V2201/10
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system and a method for analyzing files using visual cues in the presentation of the file is provided. These visual aids may be extracted using a convolutional neural network, classified, and used in conjunction with file metadata to determine if a provided document is likely to be malicious. This methodology may be extended to detect a variety of social engineering-related attacks including phishing sites or malicious emails. A method for analyzing a received file to determine if the received file comprises malicious code begins with generating an image that would be displayed if the received file is opened by the native software program. Then the image is analyzed, and object boundaries data is generated. Metadata is also extracted from the received file. Then, a maliciousness score is generated based on the object boundaries data, the metadata, and a reference dataset.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.