首页>
外国专利>
Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware
Machine-implemented method and system for determining whether a to-be-analyzed software is a known malware or a variant of the known malware
展开▼
机译:用于确定要分析的软件是已知恶意软件还是已知恶意软件的变体的机器实现的方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
A machine-implemented method for determining whether a to-be-analyzed software is a known malware or a variant of the known malware includes the steps of: (A) configuring a processor to execute the to-be-analyzed software, and obtain a to-be-analyzed system call sequence that corresponds to the to-be-analyzed software with reference to a plurality of system calls made in sequence as a result of executing the to-be-analyzed software; (B) configuring the processor to determine a degree of similarity between the to-be-analyzed system call sequence and a reference system call sequence that corresponds to the known malware; and (C) configuring the processor to determine that the to-be-analyzed software is neither the known malware nor a variant of the known malware when the degree of similarity determined in step (B) is not greater than a predefined similarity threshold value.
展开▼