Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020108760 - APPARATUS AND METHOD FOR MALWARE DETECTION

Publication Number WO/2020/108760
Publication Date 04.06.2020
International Application No. PCT/EP2018/083014
International Filing Date 29.11.2018
IPC
G06F 21/56 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
G06F 21/56
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/564
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
564by virus signature recognition
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
H04L 63/145
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
145the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Applicants
  • HUAWEI TECHNOLOGIES CO., LTD. [CN]/[CN]
  • KOGAN, Olga [IL]/[DE] (US)
Inventors
  • KOGAN, Olga
  • TZOREFF, Elad
  • MEYTIN, Dmitry
Agents
  • KREUZ, Georg
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) APPARATUS AND METHOD FOR MALWARE DETECTION
(FR) APPAREIL ET PROCÉDÉ DE DÉTECTION DE LOGICIEL MALVEILLANT
Abstract
(EN)
The disclosure relates to an apparatus and a method for malware detection. The method for malware detection comprises: generating an image from a file; generating a signature of the image, wherein the signature of the image indicates local feature descriptors of the image; comparing the signature of the image to at least one pre-determined signature in a malware signature repository; and determining, based on the comparison result, if the file is malicious. Local feature descriptors used in the embodiments of the invention as signature for detecting malware in a file are more robust in detecting the same feature in the image independent of scaling, shifting and noise with high accuracy and repeatability. The robustness of the method for malware detection is thus improved.
(FR)
L'invention concerne un appareil et un procédé de détection de logiciel malveillant. Le procédé de détection de logiciel malveillant consiste à : générer une image à partir d'un fichier ; générer une signature de l'image, la signature de l'image indiquant des descripteurs de caractéristiques locales de l'image ; comparer la signature de l'image à au moins une signature prédéterminée dans un référentiel de signatures de logiciel malveillant ; et déterminer, d’après le résultat de comparaison, si le fichier est malveillant. Les descripteurs de caractéristiques locales utilisés dans les modes de réalisation de l'invention en tant que signature pour détecter des logiciels malveillants dans un fichier sont plus efficaces pour détecter la même caractéristique dans l'image indépendamment de la mise à l'échelle, du décalage et du bruit avec une précision et une répétabilité élevées. L'efficacité du procédé de détection de logiciel malveillant est ainsi améliorée.
Latest bibliographic data on file with the International Bureau