×

FUZZY HASH OF BEHAVIORAL RESULTS

  • US 20160261612A1
  • Filed: 03/21/2016
  • Published: 09/08/2016
  • Est. Priority Date: 09/30/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method for classifying objects in a malware system, comprising:

  • detecting behaviors of an object for classification after processing of the received object has started;

    collecting data associated with the detected behaviors;

    generating a fuzzy hash for the received object based on the data associated with the detected behaviors, the generating of the fuzzy hash includes;

    (i) removing a portion of the data associated with the detected behaviors to produce a remaining portion of the data associated with the detected behaviors, and(ii) performing a hash operation on the remaining portion of the data associated with the detected behaviors;

    comparing the fuzzy hash for the received object with a fuzzy hash of an object in a preexisting cluster to generate a similarity measure;

    associating the received object with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value; and

    reporting, via a communications interface, whether the received object is associated with the preexisting cluster.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×