09294501 is referenced by 42 patents and cites 526 patents.

A computerized method is described in which a received object is analyzed by a malicious content detection (MCD) system to determine whether the object is malware or non-malware. The analysis may include the generation of a fuzzy hash based on a collection of behaviors for the received object. The fuzzy hash may be used by the MCD system to determine the similarity of the received object with one or more objects in previously classified/analyzed clusters. Upon detection of a “similar” object, the suspect object may be associated with the cluster and classified based on information attached to the cluster. This similarity matching provides 1) greater flexibility in analyzing potential malware objects, which may share multiple characteristics and behaviors but are also slightly different from previously classified objects and 2) a more efficient technique for classifying/assigning attributes to objects.

Title
Fuzzy hash of behavioral results
Application Number
14/42454
Publication Number
9294501 (B2)
Application Date
September 30, 2013
Publication Date
March 22, 2016
Inventor
Paul L Westin III
San Jose
CA, US
Ali Mesdaq
San Jose
CA, US
Agent
William W Schaal
Rutan & Tucker
Assignee
FireEye
CA, US
IPC
G06F 21/56
H04L 29/06
G08B 23/00
G06F 12/16
G06F 12/14
G06F 11/00
View Original Source