Invention Grant
US08505099B2 Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware
有权
用于确定被分析软件是否是已知恶意软件或已知恶意软件的变体的机器实现的方法和系统
- Patent Title: Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware
- Patent Title (中): 用于确定被分析软件是否是已知恶意软件或已知恶意软件的变体的机器实现的方法和系统
-
Application No.: US13112249Application Date: 2011-05-20
-
Publication No.: US08505099B2Publication Date: 2013-08-06
- Inventor: Yi-Ta Chiang , Ying-Dar Lin , Yu-Sung Wu , Yuan-Cheng Lai
- Applicant: Yi-Ta Chiang , Ying-Dar Lin , Yu-Sung Wu , Yuan-Cheng Lai
- Applicant Address: TW Hsinchu
- Assignee: National Chiao Tung University
- Current Assignee: National Chiao Tung University
- Current Assignee Address: TW Hsinchu
- Agency: DLA Piper LLP (US)
- Priority: TW99139009A 20101112
- Main IPC: G06F11/00
- IPC: G06F11/00 ; G06F7/04 ; G08B23/00 ; G06F17/30
Abstract:
A machine-implemented method for determining whether a to-be-analyzed software is a known malware or a variant of the known malware includes the steps of: (A) configuring a processor to execute the to-be-analyzed software, and obtain a to-be-analyzed system call sequence that corresponds to the to-be-analyzed software with reference to a plurality of system calls made in sequence as a result of executing the to-be-analyzed software; (B) configuring the processor to determine a degree of similarity between the to-be-analyzed system call sequence and a reference system call sequence that corresponds to the known malware; and (C) configuring the processor to determine that the to-be-analyzed software is neither the known malware nor a variant of the known malware when the degree of similarity determined in step (B) is not greater than a predefined similarity threshold value.
Public/Granted literature
Information query
