Systems and methods for detecting malware using file clustering

摘要

The disclosed computer-implemented method for detecting malware using file clustering may include (1) identifying a file with an unknown reputation, (2) identifying at least one file with a known reputation that co-occurs with the unknown file, (3) identifying a malware classification assigned to the known file, (4) determining a probability that the unknown file is of the same classification as the known file, and (5) assigning, based on the probability that the unknown file is of the same classification as the known file, the classification of the known file to the unknown file. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for detecting malware using file clustering, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying an unknown file with an unknown reputation; identifying at least one known file with a known reputation that co-occurs with the unknown file; identifying a classification assigned to the known file; determining a probability that the unknown file is of the same classification as the known file; assigning, based on the probability that the unknown file is of the same classification as the known file, the classification of the known file to the unknown file wherein identifying the unknown file comprises: obtaining, from at least one client device, information that identifies the unknown file; querying, using the information that identifies the unknown file, a file reputation database that associates file information with file reputations; receiving, in response to querying the file reputation database, an indication that the unknown file's reputation is unknown.