The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 12, 2013
Filed:
Oct. 05, 2009
Jonathan James Oliver, Victoria, AU;
Cheng-lin Hou, Cupertino, CA (US);
Lili Diao, Nanjing, CN;
Yifun Liang, Milpitas, CA (US);
Jennifer Rihn, Mountain View, CA (US);
Jonathan James Oliver, Victoria, AU;
Cheng-Lin Hou, Cupertino, CA (US);
Lili Diao, Nanjing, CN;
YiFun Liang, Milpitas, CA (US);
Jennifer Rihn, Mountain View, CA (US);
Trend Micro, Inc., Tokyo, JP;
Abstract
A training model for malware detection is developed using common substrings extracted from known malware samples. The probability of each substring occurring within a malware family is determined and a decision tree is constructed using the substrings. An enterprise server receives indications from client machines that a particular file is suspected of being malware. The suspect file is retrieved and the decision tree is walked using the suspect file. A leaf node is reached that identifies a particular common substring, a byte offset within the suspect file at which it is likely that the common substring begins, and a probability distribution that the common substring appears in a number of malware families. A hash value of the common substring is compared (exact or approximate) against the corresponding substring in the suspect file. If positive, a result is returned to the enterprise server indicating the probability that the suspect file is a member of a particular malware family.