INTEGRATING MULTIPLE DATA SOURCES FOR MALWARE CLASSIFICATION
First Claim
1. A method, implemented at least in part by one or more computing devices, the method comprising:
- generating at least one graph representation of at least one dynamic data source of at least one program;
generating at least one graph representation of at least one static data source of the at least one program; and
at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, classifying the at least one program.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are representative embodiments of tools and techniques for classifying programs. According to one exemplary technique, at least one graph representation of at least one dynamic data source of at least one program is generated. Also, at least one graph representation of at least one static data source of the at least one program is generated. Additionally, at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, the at least one program is classified.
170 Citations
20 Claims
-
1. A method, implemented at least in part by one or more computing devices, the method comprising:
-
generating at least one graph representation of at least one dynamic data source of at least one program; generating at least one graph representation of at least one static data source of the at least one program; and at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, classifying the at least one program. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
2. One or more computer readable storage media storing computer-executable instructions which when executed cause a computing device to perform a method, the method comprising:
-
generating at least one graph representation of at least one dynamic data source of at least one program; generating at least one graph representation of at least one static data source of the at least one program; and at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, classifying the at least one program.
-
-
18. A computing system comprising one or more processors and one or more computer-readable media storing computer executable instructions that cause the computing system to perform a method, the method comprising:
-
generating at least one graph representation of at least one dynamic data source of at least one program; generating at least one graph representation of at least one static data source of the at least one program; and at least using the at least one graph representation of the at least one dynamic data source and the at least one graph representation of the at least one static data source, classifying the at least one program. - View Dependent Claims (19, 20)
-
Specification