Patent · US Active

Wavelet decomposition of software entropy to identify malware

US9465940B1 · kind B1 · utility

28Cited by

11References

16Claims

0Family size

Assignee

Cylance Inc. · US

Inventors

Michael Wojnowicz · Irvine, US
Glenn Chisholm · Irvine, US
Matthew Wolff · Laguna Niguel, US
Derek A. Soeder · Irvine, US
Xuan Zhao · Irvine, US

Key dates

Filing date	Mar 30, 2015
Grant date	Oct 11, 2016
Priority date	—
Expiry date	Mar 30, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A plurality of data files is received. Thereafter, each file is represented as an entropy time series that reflects an amount of entropy across locations in code for such file. A wavelet transform is applied, for each file, to the corresponding entropy time series to generate an energy spectrum characterizing, for the file, an amount of entropic energy at multiple scales of code resolution. It can then be determined, for each file, whether or not the file is likely to be malicious based on the energy spectrum. Related apparatus, systems, techniques and articles are also described.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.