US 12,261,876 B2
Combination rule mining for malware signature generation
Min Du, Santa Clara, CA (US); Wenjun Hu, Santa Clara, CA (US); and William Redington Hewlett, II, Mountain View, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on Jun. 30, 2023, as Appl. No. 18/217,273.
Application 18/217,273 is a continuation of application No. 17/364,102, filed on Jun. 30, 2021, granted, now 11,743,286.
Claims priority of provisional application 63/143,533, filed on Jan. 29, 2021.
Prior Publication US 2023/0344861 A1, Oct. 26, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01)] 25 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor configured to:
receive a set of properties associated, collectively, with a plurality of data samples, wherein a first data sample has a first set of properties and wherein a second data sample has a second set of properties;
prune at least one property combination from consideration, wherein the at least one property combination includes at least two particular properties in the received set of properties, and wherein a pruning decision is based at least in part on whether the at least one property combination hits at least a threshold minimum number of malicious samples; and
automatically generate a combination signature comprising at least a first property included in the first set of properties and a second property included in the second set of properties, wherein generating the combination signature includes adding a new property and enumerating at least one combination with a previously added and non-pruned property, and wherein the combination signature is usable to detect a malicious file;
and
a memory coupled to the processor and configured to provide the processor with instructions.