Unlock instant, AI-driven research and patent intelligence for your innovation.

Malware detection

A malware, malicious technology used in the field of detection of malicious executable files, which can solve the problem of not adequately addressing malicious content

Pending Publication Date: 2020-12-04
INT BUSINESS MASCH CORP
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the prior art does not adequately address the problem of detecting malicious content present in the overlay of an executable file

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malware detection
  • Malware detection
  • Malware detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] Embodiments of the present system and method can detect malicious content present in the overlay of an executable file, which provides an improvement over current techniques. In an embodiment, a suspicious executable file may be analyzed by extracting the file's overlays (if present), analyzing the overlays, and using the analysis to determine various properties about the overlays. These attributes (and possibly other attributes of the file) can be passed to a classifier which will decide whether the file is malicious or benign.

[0019] Embodiments of the present systems and methods use automated static analysis based on supervised machine learning. Malware detection mechanisms analyze the overlay of a portable executable (PE) file separately from the rest of the executable. An attribute set of portable-executable coverage (ie, features) is extracted, a machine learning algorithm is trained based on these extracted features, and distinguishes between benign and malwar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A computer-implemented method for identifying malware in computer systems comprises receiving a plurality of executable files labeled as being malicious or benign, training a machine learning model using properties extracted from overlays associated with each of the plurality of received labeled executable files, receiving an executable file that is not labeled, determining whether the received unlabeled executable file is malicious or benign using the trained machine learning model based on properties extracted from an overlay associated with the received unlabeled executable file, and transmitting information identifying the received unlabeled executable file as malicious when the received unlabeled executable file is determined to be malicious.

Description

technical field [0001] The present invention relates to techniques for detecting malicious executable files by performing static analysis on the executable's overlay. Background technique [0002] Malicious files (malware) pose a great risk to private users and organizations. In recent years, the task of detecting malware has become a major problem with the growth of the number of malware samples and the continuous improvement of malware camouflage techniques. [0003] Currently, malicious executable programs use a variety of techniques to evade detection by anti-virus systems (AVs). These techniques, such as code packaging, polymorphism, metamorphology, encryption, etc., are usually performed "in-place", ie, on the portion of the malicious file that is loaded into memory when the file starts executing. Existing mechanisms to detect such malicious code perform with high efficiency and probability, making such attacks more difficult to succeed. As a result, malware has evo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/455
CPCG06F21/564G06N20/00G06F21/562G06F21/565G06F2221/034
Inventor A·芬克尔施泰因E·梅纳赫姆
Owner INT BUSINESS MASCH CORP