標題: | Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware |
作者: | Chiang Yi-Ta Lin Ying-Dar Wu Yu-Sung Lai Yuan-Cheng |
公開日期: | 6-Aug-2013 |
摘要: | A machine-implemented method for determining whether a to-be-analyzed software is a known malware or a variant of the known malware includes the steps of: (A) configuring a processor to execute the to-be-analyzed software, and obtain a to-be-analyzed system call sequence that corresponds to the to-be-analyzed software with reference to a plurality of system calls made in sequence as a result of executing the to-be-analyzed software; (B) configuring the processor to determine a degree of similarity between the to-be-analyzed system call sequence and a reference system call sequence that corresponds to the known malware; and (C) configuring the processor to determine that the to-be-analyzed software is neither the known malware nor a variant of the known malware when the degree of similarity determined in step (B) is not greater than a predefined similarity threshold value. |
官方說明文件#: | G06F011/00 G06F007/04 G08B023/00 G06F017/30 |
URI: | http://hdl.handle.net/11536/104455 |
專利國: | USA |
專利號碼: | 08505099 |
Appears in Collections: | Patents |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.