System and method for computer inspection of information objects for shared malware components

Assignee

• RAYTHEON BBN TECHNOLOGIES CORP. · US

Inventors

• Daniel Wyschogrod · Newton, US
• Steven Wayne Jilcott, Jr. · Foxborough, US
• Jonathan Rubin · Beekman, US
• John O. Everett · Great Falls, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/562
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Embodiments of a system and method for computer inspection of information objects, for example, executable software applications for common components that may include elements of computer viruses, items from hacker exploit libraries, or other malware components. Information objects may contain identified sequences of instructions, each of which may be identified and hierarchically grouped based on their structural relationship(s). In the software context, programming languages may include multiple components that include functional code; these components are often shared between programmers. In some embodiments, an inspection of the hierarchical relationship of components (e.g., constituent functions) in the information objects may allow for identification of common components shared between programs. In some embodiments, authorship of objects or components in the objects may be identified by comparisons between component samples. In some embodiments, inspection of the relationship between components is limited to component groups having a specified structural size, complexity, or eccentricity.