DISCOVERY OF MALICIOUS STRINGS
0 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments described herein provide for an electronic device that can be configured to determine a string sample of data, determine a hash of the string sample of data, automatically cluster the hash with other hashes from other string samples of data, and automatically create a signature hash string for the string sample of data.
-
Citations
49 Claims
-
1-25. -25. (canceled)
-
26. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:
-
determine a string of a data sample; perform an Internet search for the string; compare the results of the Internet search for the string with results of an Internet search for a known clean string; cluster, based on a determination that the number of hits from the Internet search is not comparable to the number of hits from a known clean string search, the string with other strings having Internet search results that are not comparable to those of a known clean string; and populate a dirty string database with the clustered strings. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. An apparatus comprising:
-
memory; and a hardware processor configured to; determine a string of a data sample; perform an Internet search for the string; compare the results of the Internet search for the string with results of an Internet search for a known clean string; cluster, based on a determination that the number of hits from the Internet search is not comparable to the number of hits from a known clean string search, the string with other strings having Internet search results that are not comparable to those of a known clean string; and populate a dirty string database with the clustered strings. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A method comprising:
-
determining a string of a data sample; performing an Internet search for the string; comparing the results of the Internet search for the string with results of an Internet search for a known clean string; clustering, based on a determination that the number of hits from the Internet search is not comparable to the number of hits from a known clean string search, the string with other strings having Internet search results that are not comparable to those of a known clean string; and populating a dirty string database with the clustered strings. - View Dependent Claims (39, 40, 41, 42, 43)
-
-
44. A system for discovering malicious strings, the system comprising:
-
memory; and a hardware processor configured for; determining a string of a data sample; performing an Internet search for the string; comparing the results of the Internet search for the string with results of an Internet search for a known clean string; clustering, based on a determination that the number of hits from the Internet search is not comparable to the number of hits from a known clean string search, the string with other strings having Internet search results that are not comparable to those of a known clean string; and populating a dirty string database with the clustered strings. - View Dependent Claims (45, 46, 47, 48, 49)
-
Specification