摘要 |
<p>A method for implementing malware signature builder and detection for executable codes, according to which the op-codes of the executables are inspected, while disregarding other parameters of the executables-Signatures are generated from common engines of executable codes and a large number of malwares of the same family are represented by a small number of signatures. Then known and unknown malwares are identified using the small number of signatures.</p> |