| 发明名称 | Malware detection system and method for mobile platforms | ||
| 摘要 | A system and method for detecting malware optimized for mobile platforms. The system and method compares hashed portions of one or more malware signatures to hashes hashed from a suspect application, to determine whether the suspect application is malware-free. A second stage robust hash and splatter set of pseudorandomly selected blocks of the malware signatures reduce false positives allowing for improved detection of malware. | ||
| 申请公布号 | US9104871(B2) | 申请公布日期 | 2015.08.11 |
| 申请号 | US200711697647 | 申请日期 | 2007.04.06 |
| 申请人 | Juniper Networks, Inc. | 发明人 | Tuvell George;Venugopal Deepak |
| 分类号 | G06F12/14;G06F21/56;H04L29/06;H04W12/12;H04W12/10 | 主分类号 | G06F12/14 |
| 代理机构 | Shumaker & Sieffert, P.A. | 代理人 | Shumaker & Sieffert, P.A. |
| 主权项 | 1. A method of detecting malware, comprising: selecting, by a mobile device, a first set of hash values hashed from prefixes of a set of malware signatures, each of the prefixes having a first-portion-size, wherein the malware signatures have lengths greater than the first-portion-size; hashing, by the mobile device, a plurality of strings of a target application to create a plurality of second hash values, each of the strings having the first-portion-size, the target application comprising a downloaded application having a size greater than the first-portion size; comparing, by the mobile device, the plurality of second hash values to the first hash values to determine if there is a match; determining, by the mobile device, that the target application is malware-free when there is no match between the plurality of second hash values and the first hash values; and when there is a match between one of the first set of hash values and one of the second set of hash values: determining the malware signature of the set of malware signatures from which the one of the first set of hash values was hashed that matched the one of the second set of hash values;comparing a hash of the entire determined malware signature to hashes of one or more strings of the target application, each of the strings having lengths equal to the length of the determined malware signature; anddetermining that the target application is malware-infected when there is a match between the hash of the entire determined malware signature and at least one of the strings of the target application having the lengths equal to the length of the determined malware signature. | ||
| 地址 | Sunnyvale CA US | ||