1. Field of the Invention
The present invention relates generally to the field of object clustering, especially, to the multiple fields of malware classification, spam clustering and document clustering.
2. Description of the Background Art
In the field of anti-malware (anti-virus) technology, the traditional classification approach is based on malware behaviors. However, applicants have determined that this traditional classification approach leads to a disadvantageously high rate of false positive identifications.
Other classification approaches have been based on a suffix tree, largest common substrings, and the like. However, these techniques do not scale well when there is a need to cluster a very large number of objects, such as malware variants. This is due to reasons of either slow performance or very large memory consumption.