Methods and apparatus to determine mutex entropy for malware classification
Abstract:
Methods, apparatus, systems, and articles of manufacture are disclosed to determine mutex entropy for malware classification. An example apparatus includes interface circuitry to access a mutex associated with a software application, the mutex to include a mutex identifier string, normalizer circuitry to normalize the mutex identifier string, character probability circuitry to determine character probabilities of characters within the normalized mutex identifier string, the character probabilities based on a historical mutex character distribution, entropy calculator circuitry to calculate an entropy value for the mutex based on the character probabilities, classifier circuitry to classify the mutex as clean or malicious based on the entropy value, and protector circuitry to mitigate malicious attacks based on the classification.
Information query
Patent Agency Ranking
0/0