摘要 |
A method for automatically generating a genetic signature for a set of malware, comprising parsing (step S11) the malware to identify a set of binary comparable features present in said malware, storing (step S5; step S11) all binary comparable features occurring in said set of malware, determining (step S13, S14) a subset comprising binary comparable features occurring in at least a predetermined portion of all malware in the set, and including (step S15) representations of the binary comparable features in the subset in the genetic signature. Compared to prior art systems, the genetic signature according to the present invention is unique in that it does not rely on relationships between individual features, only on their occurrence in various malware in the set. A genetic signature according to the present invention may for example consist of associations to five different features which have no relation to each other at all.
|