Method and system for processing a file to identify unexpected file types
US8516580B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 27, 2011 |
| Grant date | Aug 20, 2013 |
| Priority date | — |
| Expiry date | Jan 13, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/564
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.