| 发明名称 | System and method for detecting malware by transforming objects and analyzing different views of objects | ||
| 摘要 | A method in one example implementation includes generating a plurality of transformed views of an object in a network environment and generating a plurality of filtered information sets. The method further includes detecting a suspect correlation based on an analysis of at least some of the plurality of transformed views and of at least some of the plurality of filtered information sets. In a more specific embodiment, the analysis includes an original view of the object. Other more specific embodiments include applying filters to selected views of the object, where each of the filters is associated with a different obfuscation type. Applying the filters includes transforming obfuscation elements in the plurality of transformed views, where the object contains the one or more obfuscation elements. | ||
| 申请公布号 | US8769692(B1) | 申请公布日期 | 2014.07.01 |
| 申请号 | US201113182641 | 申请日期 | 2011.07.14 |
| 申请人 | McAfee, Inc. | 发明人 | Muttik Igor G.;Bartram Anthony Vaughan |
| 分类号 | G06F12/14;G06F11/00;G06F12/16 | 主分类号 | G06F12/14 |
| 代理机构 | Patent Capital Group | 代理人 | Patent Capital Group |
| 主权项 | 1. A method, comprising: generating a plurality of transformed views of an object in a network environment; generating a plurality of filtered information sets corresponding respectively to the plurality of transformed views, each of the filtered information sets including particular location data indicating one or more locations in the object corresponding to at least one obfuscation element, wherein a first filtered information set of the plurality of filtered information sets includes a first location data indicating one or more locations in the object corresponding to a first obfuscation element, and wherein a second filtered information set of the plurality of filtered information sets includes a second location data indicating one or more locations in the object corresponding to a second obfuscation element; and detecting a suspect correlation based on an analysis of at least some of the plurality of transformed views and of at least some of the plurality of filtered information sets, wherein the analysis includes: identifying a construct in first and second transformed views; anddetermining whether one or more criteria are satisfied based on a proximity of the one or more locations of the first location data and the one or more locations of the second location data relative to the construct in the first and second transformed views, respectively. | ||
| 地址 | Santa Clara CA US | ||