Smarter leaders trust GlobalData

Data Insights Palo Alto Networks Inc - Company Profile

Buy the Report

Access deeper industry intelligence

Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.

Find out more

According to GlobalData’s company profile on Palo Alto Networks, IoT network security was a key innovation area identified from patents. Palo Alto Networks's grant share as of September 2023 was 62%. Grant share is based on the ratio of number of grants to total number of patents.

Automatic generation of malware signatures using fuzzy hash

A recently filed patent (Publication Number: US20230306114A1) describes a system and method for detecting malware using code analysis. The system includes a processor that parses the code of a sample, filters out standard and vendor type packages, generates a signature using a fuzzy hash, and determines whether the sample is malware based on a similarity score threshold. The system also includes a memory to provide instructions to the processor.

The code parsing process involves extracting packages and function names from a table in the sample. The filtering step classifies the packages into main type, standard type, and vendor type, and filters out the standard and vendor type packages to obtain the main type packages.

To generate the signature, the system obtains function names associated with the main type packages, concatenates them into a string, and performs a fuzzy hash on the string. The fuzzy hash used may include ssdeep.

In the determination process, the system compares the generated signature with a signature associated with a known malware to obtain a similarity score. If the similarity score is equal to or exceeds the similarity score threshold, the system determines that the sample is malware. If the similarity score fails to equal or exceed the threshold, the system determines that the sample is benign.

The patent also describes a method that follows a similar process as the system. The method involves parsing the code, filtering out standard and vendor type packages, generating a signature using a fuzzy hash, and determining whether the sample is malware based on a similarity score threshold. The method can be implemented using a processor.

Additionally, the patent includes a computer program product embodied in a non-transitory computer-readable medium. The computer program product includes instructions for parsing code, filtering packages, generating a signature, and determining whether the sample is malware.

Overall, the patent describes a system, method, and computer program product that utilize code analysis and fuzzy hashing to detect malware based on similarity scores. The system and method aim to improve malware detection capabilities by focusing on main type packages and using a fuzzy hash for signature generation.

To know more about GlobalData’s detailed insights on Palo Alto Networks, buy the report here.

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.

GlobalData Patent Analytics tracks bibliographic data, legal events data, point in time patent ownerships, and backward and forward citations from global patenting offices. Textual analysis and official patent classifications are used to group patents into key thematic areas and link them to specific companies across the world’s largest industries.