Automated Identification of Malware Families Based on Shared Evidences

A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds...

Full description

Saved in:
Bibliographic Details
Main Authors Yu, Ying-Chen, Chen, Yu-Siang, Lin, June-Ray, Wu, Ci-Hao, Liao, Pao-Chuan
Format Patent
LanguageEnglish
Published 30.05.2024
Subjects
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.
Bibliography:Application Number: US202318536736