| CPC G06F 21/565 (2013.01) [G06F 16/285 (2019.01); G06F 2221/034 (2013.01)] | 6 Claims |
|
1. A system for malware detection for an unknown file in a computing environment with at least one processor, an unknown file, a malware file collection, and a safe file collection, the system comprising:
a static analyzer and a first file attributes filter, under program control by the at least one micro-processor, the static analyzer configured to receive as input the unknown file, the malware collection, or the safe file collection;
a dynamic analyzer and a second file attributes filter, under program control by the at least one micro-processor, the dynamic analyzer configured to receive as input the unknown file, the malware collection, or the safe collection;
wherein the at least one micro-processor is further configured for program control of:
a first clustering component, in communication with the static analyzer comprising a first clustering model and a first attributes weights module;
a second clustering component in combination with the n-gram builder comprising a second clustering model and a second attribute weights module;
a classifier for receiving the results of the first and second clustering components; and
a library, in communication with the classifier, comprising a plurality of machine learning or detection rules;
wherein the unknown file is a packed file and the classifier identifies the unknown file as packed or not packed; and wherein the dynamic analyzer operates only on files identified as packed files.
|