×

System and method for generating a malware identifier

  • US 10,467,411 B1
  • Filed: 08/28/2017
  • Issued: 11/05/2019
  • Est. Priority Date: 12/26/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method for generating an identifier for use in malware detection, comprising:

  • obtaining a first plurality of indicators of compromise that correspond to a plurality of anomalous behaviors;

    performing a filtering operation on the first plurality of indicators of compromise by at least removing one or more indicators of compromise from the first plurality of indicators of compromise to create a second plurality of indicators of compromise, wherein the removing of the one or more indicators of compromises comprises (i) maintaining a count value for each of the first plurality of indicators, (ii) removing at least a first indicator of compromise of the one or more indicators of compromise when a count value of the first indicator of compromise exceeds a first threshold that corresponds to a high occurrence rate in one or more known malware families, of a plurality of known malware and (iii) removing at least a second indicator of compromise of the one or more indicators of compromise when a count value of the second indicator of compromise is less than a second threshold that corresponds to a low occurrence rate in the plurality of known malware families; and

    creating the identifier represented by the second plurality of indicators of compromise.

View all claims
  • 7 Assignments
Timeline View
Assignment View
    ×
    ×