-
公开(公告)号:US20130145466A1
公开(公告)日:2013-06-06
申请号:US13312767
申请日:2011-12-06
IPC分类号: G06F21/00
CPC分类号: G06F21/562
摘要: In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.
摘要翻译: 在一个实施例中,一种方法包括使用一个或多个处理器识别便携式文档格式(PDF)文件的多个特征。 该方法还包括使用一个或多个处理器对于多个特征中的每一个来确定对应于该特征的得分。 另外,该方法包括将所确定的分数与第一阈值进行比较。 至少基于所确定的分数与第一阈值的比较,该方法包括使用一个或多个处理器来确定该PDF文件是潜在的恶意软件。
-
公开(公告)号:US08510841B2
公开(公告)日:2013-08-13
申请号:US13312639
申请日:2011-12-06
申请人: Matthew Richard , Monty D. McDougal
发明人: Matthew Richard , Monty D. McDougal
CPC分类号: G06F21/56 , G06F21/562
摘要: In certain embodiments, a method includes receiving a first file. The method also includes accessing at least one storage module comprising a first malware pattern, a second malware pattern, and a third malware pattern. The second malware pattern is a first permutation of the first malware pattern. The third malware pattern is a second permutation of the second malware pattern and is different than the second malware pattern. The method includes comparing, by at least one processor, the first file to the third malware pattern. In addition, the method includes determining, by the at least one processor, that the first file comprises malware in response to comparing the file to the third malware pattern.
摘要翻译: 在某些实施例中,一种方法包括接收第一文件。 该方法还包括访问包括第一恶意软件模式,第二恶意软件模式和第三恶意软件模式的至少一个存储模块。 第二个恶意软件模式是第一个恶意软件模式的排列。 第三个恶意软件模式是第二个恶意软件模式的第二个排列,并且与第二个恶意软件模式不同。 该方法包括通过至少一个处理器将第一文件与第三恶意软件模式进行比较。 此外,该方法包括响应于将文件与第三恶意软件模式进行比较,由至少一个处理器确定第一文件包括恶意软件。
-
公开(公告)号:US20130145470A1
公开(公告)日:2013-06-06
申请号:US13312639
申请日:2011-12-06
申请人: Matthew Richard , Monty D. McDougal
发明人: Matthew Richard , Monty D. McDougal
IPC分类号: G06F21/00
CPC分类号: G06F21/56 , G06F21/562
摘要: In certain embodiments, a method includes receiving a first file. The method also includes accessing at least one storage module comprising a first malware pattern, a second malware pattern, and a third malware pattern. The second malware pattern is a first permutation of the first malware pattern. The third malware pattern is a second permutation of the second malware pattern and is different than the second malware pattern. The method includes comparing, by at least one processor, the first file to the third malware pattern. In addition, the method includes determining, by the at least one processor, that the first file comprises malware in response to comparing the file to the third malware pattern.
摘要翻译: 在某些实施例中,一种方法包括接收第一文件。 该方法还包括访问包括第一恶意软件模式,第二恶意软件模式和第三恶意软件模式的至少一个存储模块。 第二个恶意软件模式是第一个恶意软件模式的排列。 第三个恶意软件模式是第二个恶意软件模式的第二个排列,并且与第二个恶意软件模式不同。 该方法包括通过至少一个处理器将第一文件与第三恶意软件模式进行比较。 此外,该方法包括响应于将文件与第三恶意软件模式进行比较,由至少一个处理器确定第一文件包括恶意软件。
-
公开(公告)号:US09213837B2
公开(公告)日:2015-12-15
申请号:US13312767
申请日:2011-12-06
CPC分类号: G06F21/562
摘要: In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.
摘要翻译: 在一个实施例中,一种方法包括使用一个或多个处理器识别便携式文档格式(PDF)文件的多个特征。 该方法还包括使用一个或多个处理器对于多个特征中的每一个来确定对应于该特征的得分。 另外,该方法包括将所确定的分数与第一阈值进行比较。 至少基于所确定的分数与第一阈值的比较,该方法包括使用一个或多个处理器来确定该PDF文件是潜在的恶意软件。
-
公开(公告)号:US08635700B2
公开(公告)日:2014-01-21
申请号:US13312716
申请日:2011-12-06
CPC分类号: G06F21/562 , G06F21/564
摘要: In one embodiment, a method includes identifying a plurality of portions of a file and comparing the plurality of portions of the file to a plurality of stored patterns. The plurality of stored patterns include portions of known malware. The method also includes determining, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions. The set of matching portions include one or more of the plurality of portions of the file. In addition, the method includes determining a score for each portion in the set of matching portions and providing information regarding the set of matching portions. The information includes the scores determined for each portion of the set of matching portions.
摘要翻译: 在一个实施例中,一种方法包括识别文件的多个部分并将文件的多个部分与多个存储的模式进行比较。 多个存储的图案包括已知恶意软件的部分。 该方法还包括从文件的多个部分中确定文件的多个部分与多个存储的模式的比较,一组匹配部分。 该组匹配部分包括文件的多个部分中的一个或多个部分。 此外,该方法包括确定匹配部分组中的每个部分的得分,并提供关于该匹配部分的集合的信息。 该信息包括为该组匹配部分的每个部分确定的得分。
-
公开(公告)号:US20130145471A1
公开(公告)日:2013-06-06
申请号:US13312716
申请日:2011-12-06
CPC分类号: G06F21/562 , G06F21/564
摘要: In one embodiment, a method includes identifying a plurality of portions of a file and comparing the plurality of portions of the file to a plurality of stored patterns. The plurality of stored patterns include portions of known malware. The method also includes determining, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions. The set of matching portions include one or more of the plurality of portions of the file. In addition, the method includes determining a score for each portion in the set of matching portions and providing information regarding the set of matching portions. The information includes the scores determined for each portion of the set of matching portions.
摘要翻译: 在一个实施例中,一种方法包括识别文件的多个部分并将文件的多个部分与多个存储的模式进行比较。 多个存储的图案包括已知恶意软件的部分。 该方法还包括从文件的多个部分中确定文件的多个部分与多个存储的模式的比较,一组匹配部分。 该组匹配部分包括文件的多个部分中的一个或多个部分。 此外,该方法包括确定匹配部分组中的每个部分的得分,并提供关于该匹配部分的集合的信息。 该信息包括为该组匹配部分的每个部分确定的得分。
-
公开(公告)号:US08787567B2
公开(公告)日:2014-07-22
申请号:US13031948
申请日:2011-02-22
IPC分类号: G06F21/00
CPC分类号: H04L63/0428 , G06F21/56 , H04L63/1441 , H04L2463/041
摘要: In accordance with particular embodiments, a computer-implemented method for execution by one or more processors includes intercepting a communication comprising a message. The method also includes identifying words from within the message. The method further includes storing in a dictionary words from within the message of the communication and one or more parameters of the communication for each of the words. The dictionary comprises a plurality of words from a plurality of intercepted text-based communications. The method also includes receiving an encrypted file that is configured to be decrypted using a password. The method additionally includes identifying words from the dictionary to be used to attempt to decrypt the encrypted file. The identified words are identified based on at least one parameter associated with the encrypted file and the one or more parameters stored in the dictionary. The method further includes attempting to decrypt the encrypted file using at least a portion of the identified words from the dictionary as the password for decrypting the encrypted attachment.
摘要翻译: 根据特定实施例,用于由一个或多个处理器执行的计算机实现的方法包括拦截包括消息的通信。 该方法还包括从消息内识别单词。 该方法还包括在通信消息内的词典中存储词,并且为每个单词存储通信的一个或多个参数。 字典包括来自多个截取的基于文本的通信中的多个单词。 该方法还包括接收被配置为使用密码解密的加密文件。 该方法还包括识别要用于尝试解密加密文件的字典中的字。 基于与加密文件相关联的至少一个参数和存储在字典中的一个或多个参数来识别所识别的词。 该方法还包括尝试使用来自字典的所识别的字的至少一部分来解密加密文件作为用于解密加密附件的密码。
-
公开(公告)号:US08621223B2
公开(公告)日:2013-12-31
申请号:US12164814
申请日:2008-06-30
IPC分类号: H04L9/32
CPC分类号: H04L9/3236 , H04L9/3247
摘要: A method of verifying integrity of a digital file includes receiving the digital file subsequent to exposure to a foreign environment and validating the digital file. The received digital file has an appended signature label that includes one or both of a first hash value and a digital signature. Validating the digital file includes hashing the digital file to obtain a second hash value, retrieving the first hash value from the signature label, and comparing the first hash value and second hash value.
摘要翻译: 验证数字文件的完整性的方法包括在暴露于外部环境之后接收数字文件并验证数字文件。 所接收的数字文件具有包括第一哈希值和数字签名中的一个或两者的附加签名标签。 验证数字文件包括散列数字文件以获得第二散列值,从签名标签中检索第一散列值,以及比较第一散列值和第二散列值。
-
公开(公告)号:US20120330801A1
公开(公告)日:2012-12-27
申请号:US13169574
申请日:2011-06-27
CPC分类号: G06F21/577 , G06F21/56
摘要: According to one embodiment, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware. Each of the plurality of files corresponds to a respective remote client of a plurality of remote clients. Further, the method includes: processing, using the one or more processing units, an analysis of the first file for malware; and generating an output comprising an indication of whether the first file comprises malware. The method also includes accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients. The first remote client is the respective remote client corresponding to the first file. In addition, the method includes: sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.
摘要翻译: 根据一个实施例,计算机实现的方法包括使用一个或多个处理单元访问请求分析恶意软件的多个文件的第一文件。 多个文件中的每一个对应于多个远程客户端的相应的远程客户端。 此外,该方法包括:使用所述一个或多个处理单元处理第一文件的恶意软件的分析; 以及生成包括所述第一文件是否包括恶意软件的指示的输出。 该方法还包括使用一个或多个处理单元访问多个远程客户端中的第一远程客户端的地址。 第一个远程客户端是对应于第一个文件的相应的远程客户端。 此外,该方法包括:使用一个或多个处理单元,在与第一文件相对应的通向寻址到第一远程客户端的通信中发送输出。
-
公开(公告)号:US08875293B2
公开(公告)日:2014-10-28
申请号:US13240567
申请日:2011-09-22
CPC分类号: G06F21/554 , G06F21/56
摘要: In accordance with particular embodiments, a method includes intercepting a communication and extracting metadata associated with the communication. The extracted metadata comprises a plurality of different fields from communication metadata and file metadata. The method further includes determining a score, based on previous communications, for each field of the extracted metadata. The score is indicative of a likelihood that the communication is a malicious communication. The method additionally includes combining the scores to generate a combined score for the communication based on an algorithm developed from the previous communications. The method also includes generating, based on the combined score at a first time, a predicted classification as to whether the communication is a malicious communication. The method further includes receiving, at a second time subsequent to the first time, an indication of whether the communication is a malicious communication and updating the algorithm based on the indication.
摘要翻译: 根据特定实施例,一种方法包括拦截通信并提取与通信相关联的元数据。 所提取的元数据包括来自通信元数据和文件元数据的多个不同的字段。 该方法还包括基于先前的通信确定所提取的元数据的每个字段的得分。 该分数表示通信是恶意通信的可能性。 该方法还包括组合分数以基于从先前通信开发的算法生成用于通信的组合分数。 该方法还包括基于第一次的组合得分,生成关于通信是恶意通信的预测分类。 该方法还包括在第一次之后的第二时间接收关于通信是恶意通信的指示,还是基于该指示来更新算法。
-
-
-
-
-
-
-
-
-
搜索结果
36 条记录 (耗时 0.02 秒)
