| US 7,519,998 B2 | ||
| Detection of malicious computer executables | ||
| Dongming M. Cai, Los Alamos, N. Mex. (US); and Maya Gokhale, Los Alamos, N. Mex. (US) | ||
| Assigned to Los Alamos National Security, LLC, Los Alamos, N. Mex. (US) | ||
| Filed on Jul. 28, 2004, as Appl. No. 10/900,697. | ||
| Prior Publication US 2006/0026675 A1, Feb. 02, 2006 | ||
| Int. Cl. G06F 11/00 (2006.01); G06F 11/30 (2006.01); G06F 7/58 (2006.01); G06F 12/14 (2006.01); G06F 15/16 (2006.01); G06F 13/38 (2006.01) | ||
| U.S. Cl. 726—24 [726/3; 726/23; 713/187; 713/188] | 6 Claims |
| 1. A method of detecting malicious binary executable files comprising the steps of:
inputting a binary executable file;
converting said binary executable file to byte hexadecimal text strings;
calculating the frequency of single byte patterns in said byte hexadecimal text strings;
selecting characteristic single byte pattern frequencies as discriminating features;
classifying said discriminating features as malicious or benign;
labeling said binary executable file as malicious or benign;
and outputting said labeled malicious or benign binary executable file.
|