Malware data clustering

Assignee

• Palantir Technologies Inc. · US

Inventors

• Harkirat Singh · Santa Clara, US
• Geoffrey Stowe · San Francisco, US
• Brendan Weickert · McLean, US
• Matthew Sprague · Santa Monica, US
• Michael Kross · Palo Alto, US
• Adam Borochoff · New York, US
• Parvathy Menon · Palo Alto, US
• Michael Harris · Palo Alto, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06Q40/123
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.