Patent attributes
A method and a system for identifying malware are provided. The method comprises: during a training phase: receiving a given sample of training malware; analyzing the given sample of training malware; generating a respective behavioral report including indications of actions executed thereby in the isolated environment; determining, by analyzing the actions, for each one of the plurality of samples of training malware, a respective malware family thereof; identifying, within the respective behavioral reports associated with each one of the plurality of samples of training malware, a report group of behavioral reports associated with the samples of training malware of a given malware family; generating, for the given malware family, sets of training feature vectors; training a given classifier of an ensemble of classifiers, based on a respective set of training feature vectors to determine if a given in-use sample of malware is of the given malware family.