| 发明名称 | Similarity search and malware prioritization | ||
| 摘要 | Methods, system, and media for determining similar malware samples are disclosed. Two or more malware samples are received and analyzed to extract information from the two or more malware samples. The extracted information is converted to a plurality of sets of strings. A similarity between the two or more malware samples is determined based on the plurality of the sets of strings. | ||
| 申请公布号 | US9525702(B2) | 申请公布日期 | 2016.12.20 |
| 申请号 | US201514843148 | 申请日期 | 2015.09.02 |
| 申请人 | Cyberpoint International LLC | 发明人 | Cabot Charles;Borbely Rebecca A.;West Michael W.;Raugas Mark V. |
| 分类号 | G06F11/00;H04L29/06;G06F17/30;G06F21/56 | 主分类号 | G06F11/00 |
| 代理机构 | Fish & Richardson P.C. | 代理人 | Fish & Richardson P.C. |
| 主权项 | 1. A computer-implemented method comprising: receiving two or more malware samples; analyzing, by the one or more computer processors, the two or more malware samples to extract information from the two or more malware samples into an analyzer output, wherein the analyzer output represents relationships between portions of the extracted information in a hierarchical multi-level format; generating, by the one or more computer processors, at least one set of strings for each of the two or more malware samples from the analyzer output by expanding hierarchical multi-level formatted information in the output into a string format, wherein the relationships between portions of the extracted information are represented as sets of strings in the string format; determining, by the one or more computer processors, a similarity between the two or more malware samples based on the at least one set of strings for each of the two or more malware samples; and providing, for display to a user, an output indicating the similarity between the two or more malware samples. | ||
| 地址 | Baltimore MD US | ||