Similar malicious code retrieval apparatus and method based on malicious code feature information

摘要

existing malware samples similarity based on the similarity with the output of similar data by retrieving the highest malware samples and analysts by providing producers the group information of the malicious samples to analysts leverage a detailed analysis It is based on feature information of the malware infection similar to that present a search device and method. Given device, but register the new malware received a new malware samples of new malware Registry to register to extract the details of the malware samples, malicious code analysis to analyze the details of new malware samples wealth, malware analysis based malware analysis information in the sub-malware to extract the malicious code DNA information, including malware feature information DNA extractor, extracted malicious code DNA information-based malware DNA information of malicious code samples by DNA type is stored Compare malware DNA for performing a similarity comparison unit, and malicious code with the DNA based on the similarity calculated in the comparison section to calculate the total similarity between new malware samples and pre-stored malicious code samples similar malware search for malicious code samples a certain number of includes a similar malicious code that extracts a search result.