Patent · US Active

Systems and methods for detecting malware variants

US8806641B1 · kind B1 · utility

38Cited by

1References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Yi Li · Sichuan, CN
Xiao Tan · Beijing, CN
Kai Xiao · Lo Wu, CN

Key dates

Filing date	Nov 15, 2011
Grant date	Aug 12, 2014
Priority date	—
Expiry date	Mar 28, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/563
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer-implemented method for detecting malware variants may include (1) identifying an application package file including at least one class file, (2) identifying a set of metadata fields within the class file, (3) comparing the set of metadata fields within the class file with a set of metadata fields within a corresponding class file found in a known malware package to determine a similarity between the application package file and the known malware package, and (4) determining, based on the similarity between the application package file and the known malware package, that the application package file is a threat variant in a same threat family as the known malware package. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.