发明名称 |
Malware detection system and method for compressed data on mobile platforms |
摘要 |
A system and method for detecting malware in compressed data. The system and method identifies a set of search strings extracted from compressed executables, each of which is infected with malware from a family of malware. The search strings detect the presence of the family of malware in other compressed executables, fragments of compressed executables, or data streams. |
申请公布号 |
US9009818(B2) |
申请公布日期 |
2015.04.14 |
申请号 |
US200711697658 |
申请日期 |
2007.04.06 |
申请人 |
Pulse Secure, LLC |
发明人 |
Tuvell George;Venugopal Deepak |
分类号 |
G06F21/00;G06F21/56;H04L29/06;H04W12/12;H04W12/10 |
主分类号 |
G06F21/00 |
代理机构 |
Shumaker & Sieffert, P.A. |
代理人 |
Shumaker & Sieffert, P.A. |
主权项 |
1. A method of developing search strings for detecting malware in compressed data, the method comprising:
selecting a plurality of malware-infected executables infected with a family of malware, wherein each of the plurality of malware-infected executables comprises a respective compressed code portion; extracting a plurality of candidate strings from the compressed code portions of the plurality of malware-infected executables; identifying, by a computing device, at least one of the plurality of candidate strings that is present in each of the plurality of malware-infected executables as a search string common to the compressed code portions of the plurality of malware-infected executables; and storing the search string common to the plurality of malware-infected executables to a mobile device to cause the mobile device to determine whether target applications including compressed code portions are infected with malware based at least in part on the search string. |
地址 |
San Jose CA US |