×

Encoding machine code instructions for static feature based malware clustering

  • US 8,826,439 B1
  • Filed: 01/26/2011
  • Issued: 09/02/2014
  • Est. Priority Date: 01/26/2011
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting malware, comprising:

  • extracting a machine language instruction sequence from a computer file of unknown classification, wherein the machine language instruction sequence comprises opcodes of different length and associated operand values;

    encoding the opcodes in the machine language instruction sequence into a standardized opcode sequence, the standardized opcode sequence including the opcodes without the associated operand values, wherein the opcodes in the standardized opcode sequence have a uniform length;

    generating a static feature for the computer file based on the standardized opcode sequence, wherein the static feature comprises a vector describing the standardized opcode sequence; and

    classifying the computer file as malware based at least in part on the static feature, wherein the classifying comprises;

    grouping the computer file into a cluster of computer files having similar vectors; and

    classifying the computer file as malware based on classifications of the computer files in the cluster.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×