Some embodiments described herein relate generally to generation of signatures for malware detection.
Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software and/or program code. Malware presents security risks and/or issues for computer systems.
The problem of identifying malware is difficult because a small fraction of files on computing devices, either at rest or in motion, are actually malware, let alone malware that are similar to any other kind or form of malware sample. Accordingly, even detection techniques that have a very low false positive rate typically generate large volumes of false positives when tasked with analyzing millions of files.
Accordingly, a need exists for automatic malware capability identification using on a signature, the signature generated based on specified malware sample(s), which can detect similar malware samples.