Determining duplicate objects for malware analysis using environmental/context information
US9781144B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 30, 2014 |
| Grant date | Oct 3, 2017 |
| Priority date | — |
| Expiry date | Oct 31, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A malware detection system may be configured to enhance analysis of an object when determining whether results for a previously analyzed object may be applied to the object. The enhanced analysis may employ context factors pertaining to an environment within which the objects operate. If an object identifier (ID) of the object matches the object ID of the previously analyzed object, but one or more of the context factors differ, then the results from the previously analyzed object may not be applied to the object and the object is subjected to further analysis, e.g., behavioral analysis. Yet if the context factors do not differ, then the object may be deemed a duplicate of the previously analyzed object, such that a result (such as an alert or “no action”) of the previously analyzed object may be applied to the object.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.