DETECTION OF MALWARE IN DERIVED PATTERN SPACE

摘要

Systems and methods analyze input files to automatically determine malware signatures. A set of input files known to contain a particular type of malware can be provided to a file analyzer. The file analyzer can analyze the file using a sliding window to create vectors from values that are provided by multiple filters that process each window. The vectors created for a file define a response matrix. The response matrices for a set of input files can be analyzed by a classifier to determine useful vector components that can define a signature for the malware.

主权项

1. A method for classifying malware, the method comprising:
receiving, by a file analyzer, a file; iteratively analyzing the file, wherein, during the iteration, the file analyzer performs operations comprising:
applying at least one filter to a portion of the file at a position within the file indicated by a position indicator, wherein the one or more filters provide a set of one or more numeric filter results,adding the set of one or more numeric filter results to a response matrix, andadding an offset to the position indicator.