摘要 |
<p>In accordance with one or more embodiments of the present invention, a method of determining a suspect computer file is malicious includes parsing a suspect file to extract a byte code sequence, modeling the extracted byte code sequence using at least one entropy modeling test where each modeling test provides an entropy result based on the modeling of the extracted byte code sequence, comparing each entropy result to a table of entropy results to determine a probability value, and summing the probability values to determine a likelihood the byte code sequence is malicious.</p> |