Malicious code detection technologies

Assignee

• Huawei Technologies Co., Ltd. · CN

Inventors

• Yinzhi Cao · Northfield, US
• Xiang PAN · Hong Kong, CN
• Yan Chen · Northfield, US
• Jianwei Zhuge · Northfield, US
• Xiaobin Qian · Beijing, CN
• Jian-Ming Fu · Taichung, TW

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An embodiment of the present application provides technologies for detecting malicious content embedded in a content downloaded from an external source. The downloaded content converted into an opcode sequence by a web browser in a computing device. The opcode sequence is compared with a pre-stored opcode signature. The opcode signature comprises multiple sentences, and each sentence has multiple clauses. Each clause may include a matching opcode, a condition, an instruction, and an identifier. When a matching opcode in a clause matches with an opcode of the opcode sequence, and the condition as specified in the clause is determined to be true, the instruction in the clause is taken and next sentence identified by the identifier is taken to match the opcode sequence. Eventually, the last taken clause in the opcode signature may instruct whether opcode sequence contains malicious code.