Detecting malware based on reflection
US9594904B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 23, 2015 |
| Grant date | Mar 14, 2017 |
| Priority date | — |
| Expiry date | Apr 30, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06N20/00
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
According to one embodiment of the disclosure, a computerized method is described to detect a malicious object through its attempt to utilize reflection. The computerized method comprises receiving, by a network device, an object for analysis. Thereafter, the network device conducts a first analysis within a sandboxed environment. The first analysis determines whether the object is configured to utilize reflection. According to one embodiment, the first analysis involves analysis of the content of the object by a static analysis engine. Alternatively, or in addition to this analysis, the behavior of the object by an attempt to access a reflection API may determine that the object is utilizing reflection. Responsive to the network device determining that the object utilizes reflection, a second analysis is conducted to determine whether the object is malicious.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.