公开(公告)号：US11436331B2

公开(公告)日：2022-09-06

申请号：US16745230

申请日：2020-01-16

Applicant: Avast Software s.r.o.

Inventor： Peter Kovác ,  Jan Piskácek

IPC: G06F21/00 ,  G06F21/56 ,  H04L9/40

Abstract: A method of generating a similarity hash for an executable includes extracting a plurality of characteristics for one or more classes in the executable, and transforming the plurality of characteristics into a set of one or more class fingerprint strings corresponding to the one or more classes. The set of class fingerprint strings is transformed into a hash string using minwise hashing, such that a difference between hash strings for different executables is representative of the degree of difference between the executables. The hash of a target executable is compared with hashes of known malicious executables to determine whether the target executable is likely malicious.

公开(公告)号：US20210224390A1

公开(公告)日：2021-07-22

申请号：US16745230

申请日：2020-01-16

Applicant: Avast Software s.r.o.

Inventor： Peter Kovác ,  Jan Piskácek

IPC: G06F21/56

Abstract: A method of generating a similarity hash for an executable includes extracting a plurality of characteristics for one or more classes in the executable, and transforming the plurality of characteristics into a set of one or more class fingerprint strings corresponding to the one or more classes. The set of class fingerprint strings is transformed into a hash string using minwise hashing, such that a difference between hash strings for different executables is representative of the degree of difference between the executables. The hash of a target executable is compared with hashes of known malicious executables to determine whether the target executable is likely malicious.