18536736. Automated Identification of Malware Families Based on Shared Evidences simplified abstract (INTERNATIONAL BUSINESS MACHINES CORPORATION)
Contents
- 1 Automated Identification of Malware Families Based on Shared Evidences
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 Automated Identification of Malware Families Based on Shared Evidences - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
Organization Name
INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventor(s)
Yu-Siang Chen of Minxiong Township (TW)
Ying-Chen Yu of Taipei City (TW)
June-Ray Lin of Taipei City (TW)
This abstract first appeared for US patent application 18536736 titled 'Automated Identification of Malware Families Based on Shared Evidences
Simplified Explanation
The patent application describes a malware family identification engine that utilizes graph data structures to establish relationships between malware instances, malware families, and detected tags. The engine then constructs a dictionary data structure based on these relationships to facilitate the identification of significant indirect entities and the creation of a family tree data structure.
- The engine constructs a graph data structure to represent direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families.
- A dictionary data structure is built using detected tag entries to link each tag to one or more malware family nodes based on the graph data structure.
- Significant indirect entities (SIEs) within the detected tag entries are identified, with the SIE having the highest number of out-going links (OGLs) selected as the root node in a family tree data structure.
- SIEs with a number of OGLs less than the highest are recursively connected to the root node in the family tree data structure, and each SIE name is converted to a chained family entity name in the family tree data structure.
Potential Applications
The technology can be applied in cybersecurity for malware analysis and identification, threat intelligence, and network security.
Problems Solved
This technology helps in efficiently identifying relationships between malware instances and families, improving malware detection and analysis processes.
Benefits
The system streamlines the identification of malware families, enhances threat detection capabilities, and aids in understanding the relationships between different malware instances.
Potential Commercial Applications
Potential commercial applications include cybersecurity software development, threat intelligence platforms, and network security solutions.
Possible Prior Art
One possible prior art could be the use of graph data structures in malware analysis and identification processes, but the specific method described in the patent application appears to be novel and innovative.
Unanswered Questions
How does this technology compare to existing malware analysis tools in terms of accuracy and efficiency?
The article does not provide a direct comparison with existing tools, so it is unclear how this technology performs in relation to others in the market.
What are the potential limitations or challenges in implementing this technology in real-world cybersecurity environments?
The article does not address potential challenges or limitations that may arise when implementing this technology in practical cybersecurity settings.
Original Abstract Submitted
A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.