AUTOMATIC CLUSTERING OF MALWARE VARIANTS BASED ON STRUCTURED CONTROL FLOW
First Claim
Patent Images
1. A method of detecting malware on a computerized system comprising:
- accessing a digital software from a file;
building a structured flow control that maps the software'"'"'s execution paths;
evaluating the structured flow control using a plurality of distance measures to determine if a portion of the software is malicious.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer network computer server device accesses software from a file. The device builds a structured flow control that maps the software'"'"'s execution paths. The structured flow control is evaluated using multiple distance measures to determine if a portion of the software is malicious.
17 Citations
22 Claims
-
1. A method of detecting malware on a computerized system comprising:
-
accessing a digital software from a file; building a structured flow control that maps the software'"'"'s execution paths; evaluating the structured flow control using a plurality of distance measures to determine if a portion of the software is malicious. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A networked computer server device, comprising:
-
a network connection operable to access software from a digital file; a software static module coupled to the network connection operable to build a structured flow control of the software that maps execution paths of the software; a cluster module coupled to the software static module operable to evaluate the structured flow control using a plurality of distance measures to determine if a portion of the software is malicious. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A machine-readable medium with instructions stored thereon, the instructions when executed operable to cause a computerized system to:
-
access a digital software from a file; build a structured flow control that maps the software'"'"'s execution paths; and evaluates the structured flow control using a plurality of distance measures to determine if a portion of the software is malicious. - View Dependent Claims (21, 22)
-
Specification