TAXONOMIC MALWARE DETECTION AND MITIGATION

TAXONOMIC MALWARE DETECTION AND MITIGATION

In an example, a classification engine compares two binary objects to determine whether they can be classified as belonging to a common family. As an example application, the classification engine may be used to detect malware objects derived from a common ancestor. To classify the object, the binar...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: HUNT, Simon, MANKIN, Jennifer Eligius, ZIMMERMAN, Jeffrey, MOHANKUMAR, Saravanan, MISHRA, Ashish, TRIPATHI, Anand, KUMAR, Bharath, SUBRAMANIAN, Sakthikumar, LU, Lixin, MOHANDAS, Rahul
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In an example, a classification engine compares two binary objects to determine whether they can be classified as belonging to a common family. As an example application, the classification engine may be used to detect malware objects derived from a common ancestor. To classify the object, the binary is disassembled and the resulting assembly code is normalized. Known "clean" functions, such as compiler-generated library code, are filtered out. Normalized blocks of assembly code may then be characterized, such as by forming N-grams, and checksumming each N-gram. These may be compared to known malware routines.