Patent · US Active

Wavelet decomposition of software entropy to identify malware

US9946876B2 · kind B2 · utility

7Cited by

21References

30Claims

0Family size

Assignee

Cylance Inc. · US

Inventors

Michael Wojnowicz · Irvine, US
Glenn Chisholm · Irvine, US
Matthew Wolff · Laguna Niguel, US
Derek A. Soeder · Irvine, US
Xuan Zhao · Irvine, US

Key dates

Filing date	Aug 12, 2016
Grant date	Apr 17, 2018
Priority date	—
Expiry date	Aug 12, 2036

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A plurality of data files is received. Thereafter, each file is represented as an entropy time series that reflects an amount of entropy across locations in code for such file. A wavelet transform is applied, for each file, to the corresponding entropy time series to generate an energy spectrum characterizing, for the file, an amount of entropic energy at multiple scales of code resolution. It can then be determined, for each file, whether or not the file is likely to be malicious based on the energy spectrum. Related apparatus, systems, techniques and articles are also described.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.