首页>
外国专利>
Classification of malware using clustering that orders events in accordance with the time of occurance
Classification of malware using clustering that orders events in accordance with the time of occurance
展开▼
机译:使用根据事件发生时间对事件进行排序的群集对恶意软件进行分类
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention is directed to a method and system for automatically classifying an application into an application group which is previously classified in a knowledge base. More specifically, a runtime behavior of an application is captured as a series of events which are monitored and recorded during the execution of the application. The series of events are analyzed to find a proper application group which shares common runtime behavior patterns with the application. The knowledge base of application groups is previously constructed based on a large number of sample applications. The construction of the knowledge base is done in such a manner that each sample application can be classified into application groups based on a set of classification rules in the knowledge base. The set of classification rules are applied to a new application in order to classify the new application into one of the application groups.
展开▼