Patent number 8635694 is assigned to Kaspersky Lab ZAO (
The following quote was obtained by the news editors from the background information supplied by the inventors: "The growing sophistication and rapid proliferation of malicious software, also known as malware, presents an ever-increasing security threat to personal and enterprise computer systems worldwide. New types of malware emerge daily and spread rapidly through the Internet and local area networks, e-mail, Instant Messaging and file sharing services and other data communication technologies. Known malicious software can be automatically detected by anti-malware programs and classified into one of several categories, such as viruses, worms, Trojan horses and spyware, based on the software code or behavior pattern. However, there are many other types of malware with hidden code and constantly changing behavior, such as polymorphic viruses and obfuscated malware, which make automatic detection and classification difficult. As a result, the anti-malware programs may fail to automatically detect and classify these types of malware or spend such a significant amount of time and system resources on the analysis of these programs that the detection process becomes inefficient. Accordingly, there is need for new and more effective methods for automatic detection and classification of malicious software."
In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "Disclosed herein are systems, methods and computer program products for detection, classification and reporting of malicious software. One example embodiment of such a method comprises loading software code into a computer system memory and emulating the software code. In one aspect, the software code may be emulated in a software emulator or a script emulator, which provide a secure virtual runtime environment for execution of the software code. In another aspect, the software code may be emulated in a sandbox, which provides a dedicated secure runtime environment that may be specifically customized per user requirements to resemble user's native computing system. An encrypted software code may be first decrypted and then emulated. During software emulation, actions of the software code, such as application program interface (API) calls and parameters of the API calls as well as information about files created and modified by the emulated software code are recorded in an actively log.
"In one aspect, the software code and its activity log are then analyzed for presence of a malware using signature matching and/or security rating algorithms. If a malware is detected, an execution flow graph of the emulated software code may be created from the activity log. The execution flow graph is then parsed using heuristic analysis to identify one or more malicious behavior patterns therein. Then, similarity indexes between the identified malicious behavior patterns and one or more malicious behavior patterns associated with known classes of malware are computed. The emulated software code is then classified into one or more classes of malware based on the computed similarity indexes for the one or more malicious behavior patterns. Finally, a comprehensive malware report of the emulated software code may be generated based on the execution flow graph and malware classification information.
"In one example embodiment, the malware report may be used along with user localization data to generate customized malware reports for the emulated software code. The customized report may be in a human readable form, such as an HTML format. Depends on the user requirements, the customized reports may be in different languages and have different degrees of specificity and information about the emulated software code. For example, malware reports prepared for programmers and malware specialists may include detailed information about malicious actions, such as API calls and their parameters as well as files modified/created by the emulated software code. Malware reports for unsophisticated computer users may include malware classification information and general information about behavior and harm that the emulated software code causes to a computer system. Furthermore, customized malware reports may include graphic cluster diagrams of malware classifications associated with the emulated software code, which visualize the relationships between the emulated software code and other malicious programs associated with the same or related classes of malware.
"The above simplified summary of one or more example embodiments of the invention serves to provide a basic understanding of such embodiments. This summary is not an extensive overview of all contemplated aspects of the invention, and is intended to neither identify key or critical elements of all embodiments nor delineate the scope of any or all embodiments. Its sole purpose is to present some concepts of one or more aspects in a simplified form as a prelude to the more detailed description that follows. To the accomplishment of the foregoing and related ends, the one or more aspects comprise the features hereinafter fully described and particularly pointed out in the claims. The following description and the annexed drawings set forth in detail certain illustrative features of the one or more embodiments. These features are indicative, however, of but a few of the various ways in which the principles of various aspects may be employed, and this description is intended to include all such aspects and their equivalents."
URL and more information on this patent, see: Malyshev, Alexey; Biyachuev, Timur; Ilin, Dmitry. Systems and Methods for Malware Classification. U.S. Patent Number 8635694, filed
Keywords for this news article include: Software, Kaspersky Lab ZAO.
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Obama Administration Releases Proposal to Regulate For-Profit Colleges
- Elizabeth Vargas' Husband Marc Cohn Addresses Rumors
- Keurig Adds Peet's coffee, Alters Starbucks deal
- Quiznos Files for Chapter 11
- U.S. to Relinquish Gov't Control Over Internet
- Vybz Kartel Convicted of Murder
- U.S. Consumer Sentiment Falls in Early March
- SoCalGas Reaches Record Spend on Diversity Suppliers
- Is Malaysian Airlines Flight 370 in Andaman Sea?
- Koch Brothers Step up Anti-Obamacare Campaign