Generation of file digests for detecting malicious executable files

A cybersecurity server receives an executable file that has bytecode and metadata of the bytecode. Strings are extracted from the metadata, sorted, and merged into data streams. The data streams are merged to form a combined data stream. A digest of the combined data stream is calculated using a fuz...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hao, Po-Han, Wang, Kuo-Cheng, Chiang, Chia-Ming
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A cybersecurity server receives an executable file that has bytecode and metadata of the bytecode. Strings are extracted from the metadata, sorted, and merged into data streams. The data streams are merged to form a combined data stream. A digest of the combined data stream is calculated using a fuzzy hashing algorithm. The similarity of the digest to another digest is determined to detect whether or not the executable file is malware or a member of a malware family.