Automated malware signature generation
First Claim
Patent Images
1. A method for automated malware signature generation, comprising:
- monitoring incoming unknown files for the presence of malware;
analyzing said incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content;
classifying an incoming unknown file as having a particular malware classification based on said analyzing of said incoming unknown files;
generating a malware signature for said incoming unknown file based on said particular malware classification; and
providing access to said malware signature.
2 Assignments
0 Petitions
Accused Products
Abstract
Automated malware signature generation is disclosed. Automated malware signature generation includes monitoring incoming unknown files for the presence of malware and analyzing the incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content. An incoming file is classified as having a particular malware classification based on the analyzing of incoming unknown files and a malware signature is generated for the incoming unknown file based on the particular malware classification. Access is provided to the malware signature.
-
Citations
20 Claims
-
1. A method for automated malware signature generation, comprising:
-
monitoring incoming unknown files for the presence of malware; analyzing said incoming unknown files based on both a plurality of classifiers of file behavior and a plurality of classifiers of file content; classifying an incoming unknown file as having a particular malware classification based on said analyzing of said incoming unknown files; generating a malware signature for said incoming unknown file based on said particular malware classification; and providing access to said malware signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer useable medium having computer-executable instructions for performing steps, comprising:
-
an incoming unknown file monitor for monitoring incoming unknown files for the presence of malware; an incoming unknown file analyzer for analyzing said incoming unknown files based on both a plurality of measures of file behavior and a plurality of measures of file content; an incoming unknown file classifier for classifying an incoming unknown file as having a particular malware classification based on said analyzing of said incoming unknown files; an incoming unknown file generator for generating a malware signature for said incoming unknown file based on said particular malware classification; and a malware signature access provider providing access to said malware signature. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a computer readable memory unit; and a processor coupled to said memory unit, said processor for generating a malware signature for an incoming unknown file based on a particular malware classification. - View Dependent Claims (18, 19, 20)
-
Specification