AsiaIPEX is a one-stop-shop for players in the IP industry, facilitating IP trade and connection to the IP world. Whether you are a patent owner interested in selling your IP, or a manufacturer looking to buy technologies to upgrade your operation, you will find the portal a useful resource.
Back to search results

Detection of malicious software using byte sequence analysis

Summary
Lead Inventors: Salvatore J. Stolfo, Ph.D.Problem or Unmet Need:Malware and viral software is a serious problem in information technology which costs companies worldwide greater than $10 billion dollars per year. Malicious code embedded in software and/or email correspondence can cause significant disruption and loss of data for corporations and individuals that fall susceptible to an attack. Given the constant evolution and reprogramming of malicious code, techniques which can identify malicious software based upon more general pattern recognition are needed for better screening strategies and identification of culprit software. This technology demonstrates a novel data-mining method for identification of malicious code using byte sequence analysis. The strategy of this technique is to extract byte sequences from a software executable and compare those sequences to a dataset of known malicious software. The executable can then be classified using a classification rule set derived from a dataset of byte sequence features that are known to be related to malicious or benign software. Using this technique, a probability can then be assigned to the program in question on whether the byte sequences are likely to be malicious or benign. In addition, given the user defining additional executables as malicious, the dataset can be expanded and further used to refine the classification rule.
Technology Benefits
Novel classification technique for identifying malicious code Real-time data mining Continuously updated classification rule
Technology Application
Virus/Malware Scan o Email attachments o Software o Data
Detailed Technology Description
This technology demonstrates a novel data-mining method for identification of malicious code using byte sequence analysis. The strategy of this technique is to extract byte sequences from a software executable and compare those sequences to a d...
*Abstract
None
*Inquiry
Calvin Chu Columbia Technology Ventures Tel: (212) 854-8444 Email: TechTransfer@columbia.edu
*IR
M01-039
*Principal Investigator
*Publications
Matthew G. Schultz, Eleazar Eskin, Erez Zadok, and Salvatore J. Stolfo. ``Data Mining Methods for Detection of New Malicious Executables,'' Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA: May 2001.
*Web Links
Patent number: US20030065926USPTO_1: US 7,487,544
Country/Region
USA

For more information, please click Here
Mobile Device