Dynamic malware analysis based on shared library call information
US11048799B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 14, 2017 |
| Grant date | Jun 29, 2021 |
| Priority date | — |
| Expiry date | Dec 14, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A non-transitory computer-readable storage medium storing a program that causes an information processing apparatus to execute a process, the process includes executing a first program by using a system including a kernel of an operating system (OS) and shared libraries, acquiring first information on a first file group read out from the shared libraries, executing a second program by using the system, acquiring second information on a second file group read out from the shared libraries, executing similarity determination processing of determining similarity between the first program and the second program by comparing the first information and the second information that have been acquired, and outputting the similarity that has been determined.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.