Palo Alto Networks, Inc.
INLINE MALWARE DETECTION

Abstract:

Detection of malicious files is disclosed. A set comprising a plurality of sample classification models is received and stored. A determination is made that n-gram analysis should be performed on a sequence of received packets associated with a received file. Performing the n-gram analysis includes using a determined filetype associated with the sequence of received packets to select at least one stored sample classification model included in the set for use in performing the n-gram analysis. A determination is made that the received file is malicious based at least in part on the n-gram analysis of the sequence of received packets. In response to determining that the file is malicious, propagation of the received file is prevented.