Processing

Please wait...

Settings

Settings

Goto Application

1. WO2021030593 - METHODS AND APPARATUS FOR MALWARE DETECTION USING JAR FILE DECOMPILATION

Publication Number WO/2021/030593
Publication Date 18.02.2021
International Application No. PCT/US2020/046190
International Filing Date 13.08.2020
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
G06F 21/50 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
CPC
G06F 21/562
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
G06F 21/563
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
563by source code analysis
G06F 21/565
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
562Static detection
565by checking file integrity
G06F 2221/033
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
033Test or assess software
G06F 8/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
8Arrangements for software engineering
40Transformation of program code
53Decompilation; Disassembly
G06N 20/00
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
NCOMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
20Machine learning
Applicants
  • MCAFEE, LLC [US]/[US]
Inventors
  • BURKE, Daniel
Agents
  • LENISA, Michael J.
Priority Data
16/540,92714.08.2019US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHODS AND APPARATUS FOR MALWARE DETECTION USING JAR FILE DECOMPILATION
(FR) PROCÉDÉS ET APPAREIL DE DÉTECTION DE LOGICIEL MALVEILLANT À L'AIDE D'UNE DÉCOMPILATION DE FICHIER DE JAR
Abstract
(EN)
The methods and apparatus for detecting malware using JAR file decompilation are disclosed. An apparatus for decompiling class files, the apparatus comprising a class feature unpacker to unpack a class feature from a class file included in an instruction set, a constant pool address generator to generate a constant pool address table, from the class features, including a plurality of constant pool blocks, based on constant pool type, through an iterative process, a class feature identifier to determine values for each constant pool block based on a constant pool type and store the determined values as a class file feature set, a feature value identifier to obtain raw feature values from a class file feature set and non-class file features, and a feature matrix generator to generate a matrix based on the raw features that correspond to the instruction set.
(FR)
L'invention concerne des procédés et un appareil de détection de logiciels malveillants à l'aide d'une décompilation de fichiers JAR. L'invention concerne également un appareil pour décompiler des fichiers de classe, comprenant une décondensateur d'élément de classe servant à décondenser une caractéristique de classe à partir d'un fichier de classe inclus dans un ensemble d'instructions ; un générateur d'adresse de groupe constant pour générer une table d'adresse de groupe constant, à partir des caractéristiques de classe, comprenant une pluralité de blocs de groupe constants, sur la base du type de groupe constant, par l'intermédiaire d'un processus itératif ; un identifiant de caractéristique de classe pour déterminer des valeurs pour chaque bloc de groupe constant sur la base d'un type de groupe constant et stocker les valeurs déterminées en tant qu'ensemble de caractéristiques de fichier de classe ; un identifiant de valeur de caractéristique pour obtenir des valeurs de caractéristique brutes à partir d'un ensemble de caractéristiques de fichier de classe et des caractéristiques de fichier de non-classe ; et un générateur de matrice de caractéristiques pour générer une matrice sur la base des caractéristiques brutes qui correspondent à l'ensemble d'instructions.
Also published as
Latest bibliographic data on file with the International Bureau