Patent · US Active

System and method for determining data entropy to identify malware

US8069484B2 · kind B2 · utility

353Cited by

1References

16Claims

0Family size

Assignee

Mandiant, Inc. · US

Inventors

Chad McMillan · Alexandria, US
Jason A. Garman · Ashburn, US

Key dates

Filing date	Jan 25, 2007
Grant date	Nov 29, 2011
Priority date	—
Expiry date	May 27, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/563
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems and methods for performing malware detection for determining suspicious data based on data entropy are provided. The method includes acquiring a block of data, calculating an entropy value for the block of data, comparing the entropy value to a threshold value, and recording the block of data as suspicious when the entropy value exceeds the threshold value. An administrator may then investigate suspicious data.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.