-
公开(公告)号:US07730040B2
公开(公告)日:2010-06-01
申请号:US11190749
申请日:2005-07-27
IPC分类号: G07F17/30
CPC分类号: G06F21/565
摘要: Embodiments of a feedback-driven malware detector are directed to protecting a computer from programs that perform actions that are malicious or not expected by a user. In one embodiment, the feedback-driven malware detector performs a method that initially determines whether the state of an application program scheduled to be added to an extensibility point on a computer is already known. If the state of the object is not already known, the user is informed that an application program is being installed on the computer and that the application program is being added to an extensibility point. Then, input is obtained from the user that assists in determining whether the application program is malware.
摘要翻译: 反馈驱动的恶意软件检测器的实施例旨在保护计算机不执行由用户恶意或不期望的动作的程序。 在一个实施例中,反馈驱动的恶意软件检测器执行一种方法,该方法最初确定计划添加到计算机上的可扩展点的应用程序的状态是否已知。 如果对象的状态尚未知道,则通知用户计算机上正在安装应用程序,并将应用程序添加到可扩展点。 然后,从用户获得有助于确定应用程序是否是恶意软件的输入。
-
公开(公告)号:US08769673B2
公开(公告)日:2014-07-01
申请号:US11680324
申请日:2007-02-28
CPC分类号: G06F21/31 , G06F21/6218 , G06F2221/2149 , H04L63/145
摘要: Methods for identifying potentially harmful, malicious, or unwanted content based upon associations with known offenders are provided. Executable content associated with a domain is identified. The executable content URL and the domain are compared to URLs/domains known to be associated with malicious content. If the URL and/or the domain has been identified as associated with offending code, the remaining domain contents and any available associated information are examined to identify any referencing domains, referenced domains, linking domains, affiliated entities, etc. Each identified domain, affiliate, etc. is subsequently examined in a similar manner to identify any domain, entity, etc. having an association with malicious content. Each identified domain, entity, etc. is assigned a suspicion level based upon proximity to the source of the offending code. If desired, relationships among the domains, entities, and the like may be relationally mapped to render associations easier to identify.
摘要翻译: 提供了基于与已知违规者的关联来识别潜在有害的,恶意的或不需要的内容的方法。 识别与域相关联的可执行内容。 将可执行内容URL和域与已知与恶意内容相关联的URL /域进行比较。 如果URL和/或域已经被识别为与违规代码相关联,则检查剩余的域内容和任何可用的关联信息以识别任何引用域,引用域,链接域,附属实体等。每个识别的域,关联公司 随后以类似的方式检查以识别具有与恶意内容相关联的任何域,实体等。 基于与违规代码的来源的接近度,每个被识别的域,实体等被分配怀疑级别。 如果需要,域,实体等之间的关系可以被关联地映射以使关联更容易识别。
-
公开(公告)号:US20080209552A1
公开(公告)日:2008-08-28
申请号:US11680324
申请日:2007-02-28
IPC分类号: G06F11/00
CPC分类号: G06F21/31 , G06F21/6218 , G06F2221/2149 , H04L63/145
摘要: Methods for identifying potentially harmful, malicious, or unwanted content based upon associations with known offenders are provided. Executable content associated with a domain is identified. The executable content URL and the domain are compared to URLs/domains known to be associated with malicious content. If the URL and/or the domain has been identified as associated with offending code, the remaining domain contents and any available associated information are examined to identify any referencing domains, referenced domains, linking domains, affiliated entities, etc. Each identified domain, affiliate, etc. is subsequently examined in a similar manner to identify any domain, entity, etc. having an association with malicious content. Each identified domain, entity, etc. is assigned a suspicion level based upon proximity to the source of the offending code. If desired, relationships among the domains, entities, and the like may be relationally mapped to render associations easier to identify.
摘要翻译: 提供了基于与已知违规者的关联来识别潜在有害的,恶意的或不需要的内容的方法。 识别与域相关联的可执行内容。 将可执行内容URL和域与已知与恶意内容相关联的URL /域进行比较。 如果URL和/或域已经被识别为与违规代码相关联,则检查剩余的域内容和任何可用的关联信息以识别任何引用域,引用域,链接域,附属实体等。每个识别的域,关联公司 随后以类似的方式检查以识别具有与恶意内容相关联的任何域,实体等。 基于与违规代码的来源的接近度,每个被识别的域,实体等被分配怀疑级别。 如果需要,域,实体等之间的关系可以被关联地映射以使关联更容易识别。
-
-
搜索结果
3 条记录 (耗时 0.011 秒)
