System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file

What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology for determining files at any location, applied in the field of network security

Active Publication Date: 2016-12-21

MCAFEE LLC

View PDF5 Cites 0 Cited by

Summary
Abstract
Description
Claims
Application Information

AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology

Problems solved by technology

therefore, significant challenges remain in developing innovative tools and strategies that allow malicious actors to exploit computers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Image

Smart Image Click on the blue labels to locate them in the text.

Viewing Examples

Smart Image

Examples

Experimental program

Comparison scheme

Effect test

Embodiment Construction

[0012] In one example embodiment, a method is provided that includes: identifying a file format identifier associated with the beginning of the file, parsing the file based on the file format identifier until the end of the file is identified, and going from the beginning of the file to the end of the file Finish computing the hash. The method also includes sending the hash to a reputation system, and taking a policy action based on the reputation of the hash received from the reputation system.

[0013] In a more specific embodiment, the file may be an executable file, and the format identifier may include an "MZ" string indicating the format of the executable file for a particular operating system. Parsing the file may include parsing headers in the file to determine the size of the file, which may be used to locate the end of the file.

[0014] example embodiment

[0015] go to figure 1 , figure 1 is a simplified block diagram of an example embodiment of a network env...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

PUM

Login to View More

Abstract

In one example embodiment, a method is provided that includes: identifying a file format identifier associated with the beginning of the file, parsing the file based on the file format identifier until the end of the file is identified, and calculating The hash of the end of . The method may also include sending the hash to a reputation system, and taking policy action based on the reputation of the hash received from the reputation system.

Description

technical field [0001] In general, this specification relates to the field of network security, and more specifically, to systems and methods for detecting files embedded in arbitrary locations and determining the reputation of the files. Contents of the invention [0002] According to an embodiment of the present invention, there is provided a method for detecting a file embedded in an arbitrary location and determining the reputation of the file, comprising: identifying a file format identifier associated with the beginning of the file, wherein the file is embedded in an executable file within a second file in the network stream; parsing the file based on the file format identifier to identify the end of the file, wherein only the file is parsed to identify the end of the file, and wherein the portion of the second file that does not include the file is not parsed to identify the end of the file; calculating a hash value from the beginning of the file to the end of the fil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

Application Information

Patent Timeline

Login to View More

IPC IPC(8): G06F21/56G06F21/30

CPCG06F21/562G06F21/56H04L63/145H04L63/20

Inventor D·L·H·马V·马哈迪克S·帕塔克

Owner MCAFEE LLC

System and method for detecting a file embedded in an arbitrary location and determining the reputation of the file

What is Al technical title? Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document. A technology for determining files at any location, applied in the field of network security

AI Technical Summary This helps you quickly interpret patents by identifying the three key elements: Problems solved by technologyMethod usedBenefits of technology

Problems solved by technology

Method used

Image

Examples

Embodiment Construction

PUM

Abstract

Description

Claims

Application Information

What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology for determining files at any location, applied in the field of network security

AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology