| 摘要 |
The present invention relates to Internet and communication technologies, and discloses a method and apparatus for clustering portable executable (PE) files. The method comprises: extracting PE file characteristics from a PE file; generating a PE file identifier for the PE file based on the PE file characteristics; and clustering the PE file base on the PE file identifier. The apparatus comprises an extraction module, a generation module, and a clustering module. In accordance with embodiments of the present invention, a PE file identifier is generated for the PE file based on PE file characteristics extracted from the PE file, and the PE files are clustered based on the PE file identifier. Thus, random PE files are clustered into ordered classes, and the number of PE files to be processed by the antivirus clients and servers are reduced, which reduces storage costs, improves matching efficiency and the ability to detect and combat PE virus variants. |
