| 主权项 |
1. A computer-implemented method for processing a malware sample executed by one or more computer processors, the method comprising:
receiving two or more malware samples; analyzing, by the one or more computer processors, the two or more malware samples to extract information from the two or more malware samples; generating, by the one or more computer processors, at least one set of strings for each of the two or more malware samples using the extracted information, wherein the at least one set of strings includes a first set of strings generated from extracted information corresponding to a first malware sample and a second set of strings generated from extracted information corresponding to a second malware sample; determining, by the one or more computer processors, a similarity between the two or more malware samples based on the at least one set of strings for each of the two or more malware samples, determining the similarity comprising:
determining a similarity index associated with the first set of strings and the second set of strings by:
determining a union of a first data set associated with the first set of strings and a second data set associated with the second set of strings,determining an intersection of the first data set and the second data set, anddividing the intersection by the union,determining a distance based on the similarity index by subtracting a result of the dividing from one, anddetermining the similarity based on the distance; and providing, for display to a user, an output indicating the similarity between the two or more malware samples. |
