公开(公告)号：US12032695B2

公开(公告)日：2024-07-09

申请号：US17495185

申请日：2021-10-06

Applicant: Avast Software s.r.o.

Inventor： Peter Ková{hacek over (c)}

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/56

CPC classification number: G06F21/566 ,  G06F21/554 ,  G06F21/564 ,  G06F21/568

Abstract: Redundancy in a malware signature list is reduced by processing a plurality of pairs of records in a known malware signature list, where each pair of records comprises a file identifier and an associated malware detection. At least one of the file identifiers and the associated malware detections are mapped to symbols representing the file identifiers and the associated malware detections, the symbols taking less memory than the file identifiers and the associated malware detections. The mapped symbols representing the file identifiers and the associated malware detections are processed to remove at least some malware detections that are not needed to provide a desired degree of representation of each file identifier in the processed known malware signature list, and a processed known malware signature list is stored.

公开(公告)号：US10909179B2

公开(公告)日：2021-02-02

申请号：US15941668

申请日：2018-03-30

Applicant: Avast Software s.r.o.

Inventor： Peter Ková{hacek over (c)}

IPC: G06F16/901 ,  G06F17/11 ,  G06F21/56 ,  G06F21/55

Abstract: Analyzing a large number of files to identify malicious software including evaluating a multigraph including determining a graph having a plurality of nodes, including a source node and target nodes from a data set and merging the graph into a multigraph in response to a node score above a threshold level, for each target node; determining one or more specificity indexes for target node and determining a node score for the target node based, at least in part, on a specificity index.

公开(公告)号：US10255436B2

公开(公告)日：2019-04-09

申请号：US15275179

申请日：2016-09-23

Applicant: Avast Software s.r.o.

Inventor： Peter Ková{hacek over (c)}

IPC: G06F21/56

Abstract: Systems and methods automatically determine rules for detecting malware. A fingerprint representing a file is received. A set of nearest neighbor fingerprints from at least a set of malware fingerprints that are nearest neighbors are determined. The set of malware fingerprints are analyzed to determine a representative fingerprint. A malicious file detection rule is generated based, at least in part, on the representative fingerprint.