The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 14, 2018
Filed:
Feb. 06, 2015
Mitsubishi Electric Corporation, Tokyo, JP;
Hiroki Nishikawa, Tokyo, JP;
Takumi Yamamoto, Tokyo, JP;
MITSUBISHI ELECTRIC CORPORATION, Tokyo, JP;
Abstract
The present invention relates to a cryptographic block identification apparatus which, in order to analyze encryption logic used by malware to conceal communication, identifies a cryptographic block where encryption logic is stored within a program of the malware. The cryptographic block identification apparatus includes a block candidate extraction part and a cryptographic block identification part. The block candidate extraction part analyzes an execution trace in which an execution step of malware is recorded, calculates an evaluation value representing cipher likeliness of the execution step based on whether or not an operation type that characterizes cipher likeliness of the execution step is included in the execution step, and extracts an execution step where the evaluation value exceeds a threshold L, as a block candidate which is a candidate of a cryptographic block. The cryptographic block identification part identifies a region of the execution trace in which the block candidates are consecutive beyond a threshold M, as a cryptographic block.