1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and systems for generating patterns for malware detection.
2. Description of the Background Art
Various types of malware, such as computer viruses, worms, Trojans, rootkits, and other malicious codes, have plagued computer systems throughout the world. Malware may be detected by antivirus programs or other computer security software. An antivirus program may include malware patterns that contain signatures of known malware. The antivirus program may employ a pattern matching algorithm to scan files or other data format for content that match one or more malware signatures. Pattern matching is a relatively effective algorithm for detecting malware. However, pattern matching is reliant on having access to up-to-date and accurate malware patterns.
Malware signatures may be extracted from sample data that contain malware. The malware signatures may be formed into patterns that are distributed to computers that employ compatible antivirus programs. A malware pattern may comprise a hash (e.g., a cyclic redundancy check), a manually-created script, or an automatically-created script (e.g., based on binary similarity). A major challenge facing today's antivirus researchers is how to generate effective malware patterns efficiently and quickly given the large number of sample data that potentially contain malware.