US 12,170,679 B2
Automated malware family signature generation
Zhi Xu, Cupertino, CA (US); Jiajie Wang, San Jose, CA (US); Xiao Zhang, San Jose, CA (US); and Wenjun Hu, Santa Clara, CA (US)
Assigned to Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed by Palo Alto Networks, Inc., Santa Clara, CA (US)
Filed on May 1, 2023, as Appl. No. 18/141,789.
Application 18/141,789 is a continuation of application No. 17/336,151, filed on Jun. 1, 2021, granted, now 11,677,764.
Application 17/336,151 is a continuation of application No. 16/537,403, filed on Aug. 9, 2019, granted, now 11,057,405, issued on Jul. 6, 2021.
Application 16/537,403 is a continuation of application No. 15/688,649, filed on Aug. 28, 2017, granted, now 10,432,648, issued on Oct. 1, 2019.
Prior Publication US 2023/0269259 A1, Aug. 24, 2023
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)
CPC H04L 63/1416 (2013.01) [G06N 20/00 (2019.01); H04L 63/145 (2013.01)] 25 Claims
OG exemplary drawing
 
13. A method, comprising:
receiving a set of metadata associated with a plurality of samples;
clustering the plurality samples;
determining, for members of a first cluster, a set of similarities shared among at least a portion of the members of the first cluster, including by removing metadata that could negatively affect similarity measurements; and
identifying an outlier cluster member within the first cluster, and in response to the identifying, causing additional analysis to be performed on the outlier cluster member.