International business machines corporation (20240176880). Automated Identification of Malware Families Based on Shared Evidences simplified abstract
Contents
- 1 Automated Identification of Malware Families Based on Shared Evidences
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 Automated Identification of Malware Families Based on Shared Evidences - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Unanswered Questions
- 1.11 Original Abstract Submitted
Organization Name
international business machines corporation
Inventor(s)
Yu-Siang Chen of Minxiong Township (TW)
Ying-Chen Yu of Taipei City (TW)
June-Ray Lin of Taipei City (TW)
This abstract first appeared for US patent application 20240176880 titled 'Automated Identification of Malware Families Based on Shared Evidences
Simplified Explanation
The patent application describes a malware family identification engine that uses graph data structures to identify relationships between malware instances, malware families, and detected tags. It then constructs a family tree data structure based on these relationships.
- The engine constructs a graph data structure to represent direct relationships between malware instances and malware families, as well as between malware instances and detected tags.
- It also identifies indirect relationships between detected tags and malware families within a dictionary data structure.
- The engine selects significant indirect entities (SIEs) within the detected tag entries and uses the one with the highest number of out-going links as a root node in a family tree data structure.
- It recursively connects SIEs with a lower number of out-going links to the root node in the family tree data structure.
- Each SIE name in the family tree data structure is converted to a chained family entity name.
Potential Applications
This technology can be applied in cybersecurity for malware analysis and classification, helping to identify relationships between different malware instances and families.
Problems Solved
This technology solves the problem of efficiently identifying and organizing relationships between malware instances, families, and detected tags, which can be complex and time-consuming tasks in cybersecurity.
Benefits
The benefits of this technology include improved malware analysis and classification, enhanced understanding of malware relationships, and more efficient cybersecurity processes.
Potential Commercial Applications
This technology can be commercially applied in cybersecurity software and services for threat intelligence, malware detection, and incident response, providing valuable insights into malware relationships for organizations.
Possible Prior Art
One possible prior art for this technology could be existing malware analysis tools that use graph data structures for identifying relationships between malware samples and families.
Unanswered Questions
How does this technology handle false positives in identifying relationships between malware instances and families?
The patent application does not specifically address how the engine deals with false positives in its identification of relationships between malware instances and families.
What is the scalability of this technology in handling a large volume of malware instances and families?
The patent application does not provide information on the scalability of the engine in processing a large number of malware instances and families.
Original Abstract Submitted
a malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. the engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. the engine identifies significant indirect entities (sies) within the detected tag entries of the dictionary data structure and selects a sie with a highest number of out-going links (ogls) as a root node in a family tree data structure, recursively connects sies with a number of ogls less than the highest number of ogls to the root node in the family tree data structure, and converts each sie name in the family tree data structure to a chained family entity name in the family tree data structure.
