Fuzzy hash of behavioral results
US9294501B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2013 |
| Grant date | Mar 22, 2016 |
| Priority date | — |
| Expiry date | Feb 22, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computerized method is described in which a received object is analyzed by a malicious content detection (MCD) system to determine whether the object is malware or non-malware. The analysis may include the generation of a fuzzy hash based on a collection of behaviors for the received object. The fuzzy hash may be used by the MCD system to determine the similarity of the received object with one or more objects in previously classified/analyzed clusters. Upon detection of a “similar” object, the suspect object may be associated with the cluster and classified based on information attached to the cluster. This similarity matching provides 1) greater flexibility in analyzing potential malware objects, which may share multiple characteristics and behaviors but are also slightly different from previously classified objects and 2) a more efficient technique for classifying/assigning attributes to objects.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.