Unlock instant, AI-driven research and patent intelligence for your innovation.

Fuzzy whitelisting anti-malware system and method

An anti-malware, malicious software technology, applied in the direction of transmission systems, electrical components, instruments, etc.

Active Publication Date: 2017-02-22
BITDEFENDER IPR MANAGEMENT
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Such methods are particularly effective against polymorphic malware, which is able to randomly modify its malware-identifying signatures, rendering conventional content-based methods ineffective

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fuzzy whitelisting anti-malware system and method
  • Fuzzy whitelisting anti-malware system and method
  • Fuzzy whitelisting anti-malware system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027]In the following description, it should be understood that all recited connections between structures may be direct operative connections or indirect operative connections through intermediate structures. A set of elements contains one or more elements. Any recitation of an element should be understood to mean at least one element. Multiple elements contain at least two elements. Unless otherwise required, any described method steps do not have to be performed in the specific illustrated order. A first element (eg, data) derived from a second element encompasses the first element equal to the second element as well as the first element and optionally other data resulting from processing the second element. Making a determination or decision based on a parameter encompasses making said determination or decision based on said parameter and optionally other data. Unless otherwise specified, an indicator of a quantity / data may be the quantity / data itself or an indicator d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

In some embodiments, the anti-malware system takes into account benign differences between non-malicious data objects, such as differences introduced by compilers and other polymorphisms. The target object is separated into code blocks, and a hash is calculated for each code block. Next, the obtained set of target hashes is compared to a database of hashes corresponding to code blocks extracted from the whitelisted objects. A target object may be marked as whitelisted (trusted, not malicious) if it has a significant number of hashes in common with the whitelisted object. Objects that are slightly different than known whitelisted objects can still receive whitelisted status. By allowing a certain degree of mismatch between hash sets of distinct objects, some embodiments of the invention increase the efficiency of whitelisting without reducing security to unacceptable levels.

Description

[0001] CROSS REFERENCE TO RELATED APPLICATIONS This application claims the benefit of the filing date of US Provisional Patent Application Serial No. 61 / 554,859, filed November 2, 2011, which is hereby incorporated by reference in its entirety. Background technique [0002] The present invention relates to systems and methods for protecting users from malware, and in particular to software whitelisting. [0003] Malware (also referred to as malware) affects a large number of computer systems throughout the world. In its many forms, such as computer viruses, worms, Trojan horses, and rootkits, malware presents a serious risk to millions of computer users, leaving them vulnerable to data loss, identity theft, lost productivity, and more. [0004] Computer programs dedicated to malware scanning employ various methods of detecting and eliminating malware from a user's computer system. Such approaches include behavior-based techniques as well as content-based techniques. A behavi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56
CPCG06F21/563G06F21/56H04L63/00H04L63/14H04L63/101H04L63/1408
Inventor I·弗拉德·托凡V·索林·杜代亚D·维罗埃尔·卡尼亚
Owner BITDEFENDER IPR MANAGEMENT