System and method for detecting harmful files executable on a virtual stack machine
US9396334B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Aug 24, 2015 |
| Grant date | Jul 19, 2016 |
| Priority date | — |
| Expiry date | Aug 24, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Disclosed are method and system for detecting harmful files executed by a virtual stack machine. An example method includes: identifying data from a file executed on the virtual stack machine, the data including parameters of a file section of the file and/or parameters of a function of the file; searching in a database for at least one cluster of safe files that contains at least one of: a value of the parameters of the file section exceeding a first threshold, and a value of the parameters of the function exceeding a second threshold; creating a cluster of data of the file based on the identified cluster of safe files; calculating a checksum of the created cluster of data of the file; and determining that the file is a harmful file if the computed checksum matches a checksum in a database of checksums of harmful files.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.