Search International and National Patent Collections

1. (WO2018178027) INTIALISATION VECTOR IDENTIFICATION FOR MALWARE FILE DETECTION

Pub. No.:    WO/2018/178027    International Application No.:    PCT/EP2018/057675
Publication Date: Fri Oct 05 01:59:59 CEST 2018 International Filing Date: Tue Mar 27 01:59:59 CEST 2018
IPC: G06F 21/56
H04L 29/06
Applicants: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
Inventors: EL-MOUSSA, Fadi
KALLOS, George
Title: INTIALISATION VECTOR IDENTIFICATION FOR MALWARE FILE DETECTION
Abstract:
A method for detecting a malware file in encrypted form comprising: receiving multiple versions of the malware file, each version encrypted using a different initialisation vector; training an autoencoder based on each version of the malware file, wherein the autoencoder includes: a set of input units each for representing information from a byte of malware file; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more offsets in the malware file in encrypted form as candidate locations for storage of an initialisation vector for encryption of the malware file, the selection being based on weights of interconnections in the autoencoder; and identifying the malware file based on an identification of an initialisation vector in an encrypted form of the malware file at one of the candidate locations.