Patent · US Active

Byte-distribution analysis of file security

US8087079B2 · kind B2 · utility

5Cited by

2References

21Claims

0Family size

Assignee

Finjan, Inc. · IL

Inventor

Yuval Ben-Itzhak · Brno, CZ

Key dates

Filing date	May 4, 2007
Grant date	Dec 27, 2011
Priority date	—
Expiry date	Oct 26, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/562
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method for scanning files for security, including receiving an unfamiliar file for scanning, if the determining indicates that the mime type is suitable for analysis, then processing a buffer of file data from the unfamiliar file, including generating a histogram of frequencies of occurrence of bytes within a buffer of file data from the unfamiliar file, excluding a designated set of bytes, and if the generated histogram of frequencies of occurrence of the non-excluded bytes deviates substantially from a reference distribution, then signaling that the unfamiliar file is potentially malicious. A system and a computer-readable storage medium are also described and claimed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.