METHOD AND SYSTEM FOR DISCOVERING LARGE CLUSTERS OF FILES THAT SHARE SIMILAR CODE TO DEVELOP GENERIC DETECTIONS OF MALWARE

METHOD AND SYSTEM FOR DISCOVERING LARGE CLUSTERS OF FILES THAT SHARE SIMILAR CODE TO DEVELOP GENERIC DETECTIONS OF MALWARE

A computer-implemented method for determining similarities between system executable objects includes the steps of determining with one or more computing systems a plurality of subsequences of operation codes in a plurality of disassembled system executable objects, for each subsequence, determining...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: BARTRAM ANTHONY VAUGHAN, DUNBAR ADRIAN M
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A computer-implemented method for determining similarities between system executable objects includes the steps of determining with one or more computing systems a plurality of subsequences of operation codes in a plurality of disassembled system executable objects, for each subsequence, determining with the one or more computing systems a first set of system executable objects associated with the subsequence, with the computing systems, clustering the first set of system executable objects with a cluster. The cluster includes a set of system executable objects. The step of clustering the first set of system executable objects and the cluster includes the steps of determining with the computing systems the relative similarity between the first set of system executable objects and the cluster, and if the first set of system executable objects is similar to the cluster, adding with the computing systems the system executable objects to the cluster.