摘要 |
<p>The method involves providing a master signature (M) comprising a number of byte sequences (A-G, S1-S5), where the arrangement of the byte sequences in the master signature is defined in an ascending order. Three partial signatures (T1, T2, T3) comprising a subset of the number of byte sequences of the master signature are generated, where the byte sequences in the partial signature are arranged in an ascending order. The partial signatures are applied to data stored in a computer memory system to recognize malicious software stored in the computer memory system. An independent claim is also included for a system for identifying malicious software in a computer memory system.</p> |