Proactive exploit detection
US8402541B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 12, 2009 |
| Grant date | Mar 19, 2013 |
| Priority date | — |
| Expiry date | May 27, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/563
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Malware detection systems and methods for determining whether a collection of data not expected to include executable code is suspected of containing malicious executable code. In some embodiments, a malware detection system may disassemble a collection of data to obtain a sequence of possible instructions and determine whether the collection of data is suspected of containing malicious executable code based, at least partially, on an analysis of the sequence of possible instructions. In one embodiment, the analysis of the sequence of possible instructions may comprise determining whether the sequence of possible instructions comprises an execution loop. In a further embodiment, a control flow of the sequence of possible instructions may be analyzed. In a further embodiment, the analysis of the sequence of possible instructions may comprise assigning a weight that is indicative of a level of suspiciousness of the sequence of possible instructions. In a further embodiment, the sequence of possible instructions may begin with a possible instruction that comprises at least one candidate operation code (opcode) that has been determined to occur frequently in executable code.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.