Method for obtaining plural valid signatures of undesired software entity and device therefor

PURPOSE: To provide an automatic procedure to be executed by a computer for operating the extraction and evaluation of a computer virus signature. CONSTITUTION: In a block A, a list is formed from all (n) grams with (n) <=a selected maximum length value included in the data of an input file. The input file is constituted of the sections of virus codes at the time of execution in an extraction mode, and constituted of candidate signatures at the time of execution in an evaluation mode. In a block B, the number of the examples of each (n) gram in the main body of a program is counted, and simple numerical calculation is used so that probability can be estimated for all the (n) grams. In a block C1 , the probability of complete coherence is estimated for each candidate signature, and in a block C2 , the probability of the incomplete coherence or 'fuzzy' coherence of the designated pair is estimated. In a block D, the synthetic evaluation of each candidate signature is obtained by combining the estimated complete coherence probability with the fuzzy coherence probability. In a block E, a result related with a subset with the candidate signatures is reported.