skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Software classification using phylogenetic techniques

Abstract

Software, such as malware, may be classified using phylogenetic techniques. An evolutionary history of a representative set of software programs may be reconstructed to generate a reference phylogeny. Dynamic traces of the representative software programs may be obtained. The dynamic traces may include time-ordered sequences of execution commands extracted from running software binaries. Metrics may be developed using the dynamic traces. One or more unknown software programs may then be classified against the reference phylogeny using the metrics developed using the dynamic traces of the representative set of software programs.

Inventors:
; ; ;
Issue Date:
Research Org.:
Los Alamos National Lab. (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1735296
Patent Number(s):
10783247
Application Number:
15/841,408
Assignee:
Triad National Security, LLC (Los Alamos, NM)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
DOE Contract Number:  
AC52-06NA25396
Resource Type:
Patent
Resource Relation:
Patent File Date: 12/14/2017
Country of Publication:
United States
Language:
English

Citation Formats

Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, and Kyle, Michael. Software classification using phylogenetic techniques. United States: N. p., 2020. Web.
Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, & Kyle, Michael. Software classification using phylogenetic techniques. United States.
Steinfadt, Shannon, Immonen, Taina, Leitner, Thomas, and Kyle, Michael. Tue . "Software classification using phylogenetic techniques". United States. https://www.osti.gov/servlets/purl/1735296.
@article{osti_1735296,
title = {Software classification using phylogenetic techniques},
author = {Steinfadt, Shannon and Immonen, Taina and Leitner, Thomas and Kyle, Michael},
abstractNote = {Software, such as malware, may be classified using phylogenetic techniques. An evolutionary history of a representative set of software programs may be reconstructed to generate a reference phylogeny. Dynamic traces of the representative software programs may be obtained. The dynamic traces may include time-ordered sequences of execution commands extracted from running software binaries. Metrics may be developed using the dynamic traces. One or more unknown software programs may then be classified against the reference phylogeny using the metrics developed using the dynamic traces of the representative set of software programs.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2020},
month = {9}
}

Patent:

Save / Share:

Works referenced in this record:

Automated malware signature generation
patent, June 2018


APE: Analyses of Phylogenetics and Evolution in R language
journal, January 2004


Thread scanning and patching to disable injected malware threats
patent, February 2013


Rapid phylogenetic and functional classification of short genomic fragments with signature peptides
journal, January 2012


Methods, systems, and media for detecting covert malware
patent, September 2013


System and methods for digital artifact genetic modeling and forensic analysis
patent, December 2015


Malware phylogeny generation using permutations of code
journal, September 2005


Scalable network security with fast response protocol
patent, December 2014


Phylogeny generation
patent, January 2011