首页>
外国专利>
Encoding machine code instructions for static feature based malware clustering
Encoding machine code instructions for static feature based malware clustering
展开▼
机译:编码基于静态功能的恶意软件群集的机器代码说明
展开▼
页面导航
摘要
著录项
相似文献
摘要
Machine language instruction sequences of computer files are extracted and encoded into standardized opcode sequences. The standardized opcodes in the sequences are of the same length and do not include operands. A multi-dimension vector is generated as a static feature for each computer file, where each element in the vector corresponds to the number of occurrences of a unique N-gram (i.e., unique sequence of N consecutive standardized opcodes) in the standardized opcode sequence for that computer file. The computer files are clustered into clusters of similarly classified files based on similarities of their static features. An unknown computer file can be classified by first grouping the file into a cluster of files with similar static features (e.g., into the cluster with the shortest average distance), and then determining the classification of that file based on the classifications of other files that belong to the same cluster.
展开▼