Systems, apparatus, and methods for detecting malware
US8312546B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 23, 2007 |
| Grant date | Nov 13, 2012 |
| Priority date | — |
| Expiry date | Jan 5, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/56
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Various embodiments, including a method comprising creating a first fuzzy fingerprint of a known malware file, the first fuzzy fingerprint including a first set of calculated complexity approximations and weightings for each of a plurality of blocks within the known malware file, creating a second fuzzy fingerprint of a file to be checked, the second fuzzy fingerprint including a second set of calculated complexity approximations and weightings for each of a plurality of blocks within the file to be checked, comparing the second fuzzy fingerprint to the first fuzzy fingerprint, calculating a similarity probability for each of the block-wise comparisons, the calculation including a respective weightings for each of the plurality of blocks within the known malware file and for each of the plurality of blocks within the file to be checked, and the calculation including a distance between the compared blocks; and calculating an overall similarity probability for the plurality of blocks compared.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.