Systems and methods for detecting obfuscated malware

A malware and malicious technology, applied in the field of malware detection, which can solve the problems of inefficient detection process, difficult software code analysis, and inability to detect obfuscated malware.

Inactive Publication Date: 2010-12-01
AO KASPERSKY LAB
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these techniques often fail when applied to obfuscated malware, in which software code is modified (or obfuscated) to make analysis difficult
As a result, the detection process becomes extremely inefficient as anti-malware programs fail to detect obfuscated malware, or spend a lot of time and system resources analyzing obfuscated software

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Systems and methods for detecting obfuscated malware
  • Systems and methods for detecting obfuscated malware
  • Systems and methods for detecting obfuscated malware

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] Exemplary embodiments are described herein in the context of systems and methods for analyzing, optimizing, and detecting obfuscated malicious software (also known as malware). Those of ordinary skill in the art will recognize that the following description is illustrative only and is not intended to be limiting in any way. Other embodiments will readily occur to those skilled in the art having the benefit of this invention. Implementations of the exemplary embodiments shown in the drawings will now be described in detail. Wherever possible, the same reference numbers will be used throughout the drawings and the following description to refer to the same or like items.

[0025] In the interest of clarity, not all of the routine features of the implementations described herein are shown and described. It should be appreciated that in the development of any such actual implementation, a number of implementation-specific decisions must be made in order to achieve the dev...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Disclosed are systems, methods and computer program products for efficient and reliable analysis, optimization and detection of obfuscated malware. One disclosed example method for malware detection includes loading an executable software code on a computer system and disassembling the software code into an assembly language or other low-level programming language. The method then proceeds to simplifying complex assembly instructions and constructing a data flow model of the simplified software code. The dependencies and interrelations of code elements of the data flow model are analyzed to identify obfuscated software codes therein. The identified obfuscated codes are then optimized. Based on the results of optimization, determination is made whether the software code is malicious and/or whether further antimalware analysis of the optimized software code is necessary.

Description

technical field [0001] The present invention generally relates to the field of malware detection, and more particularly, to systems and methods for analyzing, optimizing and detecting obfuscated malware. Background technique [0002] The increasing sophistication and rapid proliferation of malicious software (ie, malware) presents an increasing security threat to personal and enterprise computer systems worldwide. In order to prevent the spread of malware such as viruses, worms, Trojan horses, etc., the anti-malware industry has developed various malware detection techniques. These technologies are generally based on the principles of signature matching or heuristic analysis, the signature matching is to compare software codes with known virus code dictionaries, and the heuristic analysis is to simulate and analyze software according to malicious behavior patterns. However, these techniques often fail when applied to obfuscated malware, in which software code is modified (o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/22
CPCG06F21/563
Inventor 马克西姆Y·戈洛夫金
Owner AO KASPERSKY LAB
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap