Please download the dossier by clicking on the dossier button x
×

Systems and methods for automated generation of generic signatures used to detect polymorphic malware

  • US 9,836,603 B2
  • Filed: 02/11/2016
  • Issued: 12/05/2017
  • Est. Priority Date: 12/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for automated generation of generic signatures used to detect polymorphic malware, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • clustering a set of polymorphic file samples that share a set of static attributes in common with one another;

    computing a distance of the polymorphic file samples from a centroid that represents a reference data point with respect to the set of polymorphic file samples, wherein computing the distance comprises;

    computing, based at least in part on certain static attributes of the polymorphic file samples, a plurality of vectors that represent data points with respect to the centroid;

    calculating an average of the vectors;

    determining that the distance is below a certain threshold by determining that the average of the vectors is within a certain numerical value of the centroid;

    upon determining that the distance is below the certain threshold;

    identifying, within the set of static attributes shared in common by the polymorphic file samples, a subset of static attributes whose values are identical across all of the polymorphic file samples;

    generating a generic file-classification signature from the subset of static attributes.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×