Fuzzy hash of behavioral results
US9912691B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 21, 2016 |
| Grant date | Mar 6, 2018 |
| Priority date | — |
| Expiry date | Aug 10, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computerized method for classifying objects in a malware system is described. The method includes detecting behaviors of an object for classification after processing of the object has begun. Data associated with the detected behaviors is collected, and a fuzzy hash for the received object is generated. The generation of the fuzzy hash may include (i) removing a portion of the data associated with the detected behaviors, and (ii) performing a hash operation on a remaining portion of the data associated with the detected behaviors. Thereafter, the fuzzy hash for the received object is compared to a fuzzy hash of an object in a preexisting cluster to generate a similarity measure. The received object is associated with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value. Thereafter, the results are reported.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.