Detection of malicious software using byte sequence analysis
- 總結
- Lead Inventors: Salvatore J. Stolfo, Ph.D.Problem or Unmet Need:Malware and viral software is a serious problem in information technology which costs companies worldwide greater than $10 billion dollars per year. Malicious code embedded in software and/or email correspondence can cause significant disruption and loss of data for corporations and individuals that fall susceptible to an attack. Given the constant evolution and reprogramming of malicious code, techniques which can identify malicious software based upon more general pattern recognition are needed for better screening strategies and identification of culprit software. This technology demonstrates a novel data-mining method for identification of malicious code using byte sequence analysis. The strategy of this technique is to extract byte sequences from a software executable and compare those sequences to a dataset of known malicious software. The executable can then be classified using a classification rule set derived from a dataset of byte sequence features that are known to be related to malicious or benign software. Using this technique, a probability can then be assigned to the program in question on whether the byte sequences are likely to be malicious or benign. In addition, given the user defining additional executables as malicious, the dataset can be expanded and further used to refine the classification rule.
- 技術優勢
- Novel classification technique for identifying malicious code Real-time data mining Continuously updated classification rule
- 技術應用
- Virus/Malware Scan o Email attachments o Software o Data
- 詳細技術說明
- This technology demonstrates a novel data-mining method for identification of malicious code using byte sequence analysis. The strategy of this technique is to extract byte sequences from a software executable and compare those sequences to a d...
- *Abstract
-
None
- *Inquiry
- Calvin Chu Columbia Technology Ventures Tel: (212) 854-8444 Email: TechTransfer@columbia.edu
- *IR
- M01-039
- *Principal Investigation
-
- *Publications
- Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo. ``Data Mining Methods for Detection of New Malicious Executables,'' Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA: May 2001.
- *Web Links
- Patent number: US20030065926USPTO_1: US 7,487,544
- 國家/地區
- 美國
欲了解更多信息,請點擊 這裡
