| 发明名称 |
SYSTEM AND METHOD FOR DETECTING EXECUTABLE MACHINE INSTRUCTIONS IN A DATA STREAM |
| 摘要 |
Detecting executable machine instructions in a data is accomplished by accessing a plurality of values representing data contained within a memory of a computer system and performing pre-processing on the plurality of values to produce a candidate data subset. The pre-processing may include determining whether the plurality of values meets (a) a randomness condition, (b) a length condition, and/or (c) a string ratio condition. The candidate data subset is inspected for computer instructions, characteristics of the computer instructions are determined, and a predetermined action taken based on the characteristics of the computer instructions. |
| 申请公布号 |
US2014237600(A1) |
申请公布日期 |
2014.08.21 |
| 申请号 |
US201414263827 |
申请日期 |
2014.04.28 |
| 申请人 |
Silberman Peter J;Butler James R;Harbour Nick J |
发明人 |
Silberman Peter J;Butler James R;Harbour Nick J |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of analyzing whether executable code exists within data, said method comprising:
accessing a plurality of values representing data contained within a memory of a computer system; performing pre-processing on the plurality of values to produce a candidate data subset, said pre-processing being performed by a computer and comprising determining whether the plurality of values meets at least one of (a) a randomness condition, (b) a length condition, and (c) a string ratio condition; inspecting, with the computer, the candidate data subset for computer instructions; determining one or more characteristics of the computer instructions; and taking a predetermined action based on the characteristics of the computer instructions. |
| 地址 |
Kensington MD US |
