Statistics from the RapidRx labs collection centers is showing spikes in malware activity, with thousands of new malware samples collected daily. To keep pace with analyzing these large volumes of samples, traditional human analysis which may generate 20 signatures per man simply cannot scale to provide timely analysis and generate signatures, and have to face the reality that new variants come out before their features are released.

 

 

Fig1: Traditional Malware Signature

 

 

To effectively solve the disadvantages of traditional pattern recognition and raise the adaptability of signature libraries, Anchiva researchers work diligently to make The IPR system accelerates and accurately performs malicious code analysis by breaking down and analyzing the files program structure, file content, behavior features (for example embedded registry or browser modification routines) and embedded evasion techniques. by using three classification libraries - program structure modeling library, application behavior modeling library, evasion technology modeling library - to identify the potential behavior of the code and newly active malware variants as well as provide zero-day protection.

 

By analyzing and associating the results of the three libraries, Anchiva RapidRX researchers are able to automate the classification process with a very high degree of accuracy. The result is an automated system that scales to analyze, classify and distribute tens of thousand malware samples a day.

Fig2: Anchiva Malware Signature

 

Learn more by downloading Anchiva Threat Defenses System.