AUTOMATICALLY DETERMINING WHETHER MALWARE SAMPLES ARE SIMILAR
First Claim
1. A system, comprising:
- a processor configured to;
receive a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis;
compare the log files based on the automated malware analysis;
determine whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and
perform an action based on determining that at least two samples are similar; and
a memory coupled to the processor and configured to provide the processor with instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for automatically determining whether malware samples are similar are disclosed. In some embodiments, a system, process, and/or computer program product for automatically determining whether malware samples are similar includes receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; comparing the log files based on the automated malware analysis; determining whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and performing an action based on determining that at least two samples are similar.
-
Citations
20 Claims
-
1. A system, comprising:
-
a processor configured to; receive a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; compare the log files based on the automated malware analysis; determine whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and perform an action based on determining that at least two samples are similar; and a memory coupled to the processor and configured to provide the processor with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method, comprising:
-
receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; comparing the log files based on the automated malware analysis; determining whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and performing an action based on determining that at least two samples are similar. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
-
receiving a plurality of samples for performing automated malware analysis to generate log files based on the automated malware analysis; comparing the log files based on the automated malware analysis; determining whether any of the plurality of samples are similar based on the comparison of the log files based on the automated malware analysis; and performing an action based on determining that at least two samples are similar. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification