-
公开(公告)号:US11295016B2
公开(公告)日:2022-04-05
申请号:US16654434
申请日:2019-10-16
申请人: AO Kaspersky Lab
发明人: Vladimir A. Kuskov , Nikita A. Buchka , Anton A. Kivva , Oleg P. Volkov , Dmitry Y. Lukasevich , Evgeny A. Roginsky , Konstantin M. Filatov , Dmitry V. Latokhin
IPC分类号: G06F21/00 , G06F21/56 , H04W12/128
摘要: Disclosed herein are systems and methods for categorizing an application on a computing device. In one aspect, an exemplary method comprises, obtaining results of a classification of an application from a security server, when the results of the classification satisfy rules of relevance, designating the results of the classification as relevant and determining a category of the application based on the designation of the results as relevant, and when the results of the classification do not satisfy the rules of relevance, performing at least one of: terminating the categorization of the application, and updating the classification of the application based on a set of attributes of the application.
-
2.发明授权公开(公告)号:US11709938B2
公开(公告)日:2023-07-25
申请号:US17680605
申请日:2022-02-25
申请人: AO Kaspersky Lab
发明人: Vladimir A. Kuskov , Nikita A. Buchka , Anton A. Kivva , Oleg P. Volkov , Dmitry Y. Lukasevich , Evgeny A. Roginsky , Konstantin M. Filatov , Dmitry V. Latokhin
IPC分类号: G06F21/00 , G06F21/56 , H04W12/128
CPC分类号: G06F21/567 , G06F21/568 , H04W12/128 , G06F2221/033
摘要: Disclosed herein are systems and methods for categorizing an application on a computing device including gathering a set of attributes of an application. The set of attributes of the application includes at least one of: a number of files in an application package of the application; a number of executable files in the application package; numbers and types of permissions being requested; a number of classes in the executable files in the application package; and a number of methods in the executable files in the application package. sending the gathered set of attributes to a trained classification model. The application is classified, using the classification model, based on the gathered set of attributes by generating one or more probabilities of the application belonging to respective one or more categories of applications. A category of the application is determined based on the generated one or more probabilities.
-
3.发明申请公开(公告)号:US20220179957A1
公开(公告)日:2022-06-09
申请号:US17680605
申请日:2022-02-25
申请人: AO Kaspersky Lab
发明人: Vladimir A. Kuskov , Nikita A. Buchka , Anton A. Kivva , Oleg P. Volkov , Dmitry Y. Lukasevich , Evgeny A. Roginsky , Konstantin M. Filatov , Dmitry V. Latokhin
IPC分类号: G06F21/56 , H04W12/128
摘要: Disclosed herein are systems and methods for categorizing an application on a computing device including gathering a set of attributes of an application. The set of attributes of the application includes at least one of: a number of files in an application package of the application; a number of executable files in the application package; numbers and types of permissions being requested; a number of classes in the executable files in the application package; and a number of methods in the executable files in the application package. sending the gathered set of attributes to a trained classification model. The application is classified, using the classification model, based on the gathered set of attributes by generating one or more probabilities of the application belonging to respective one or more categories of applications. A category of the application is determined based on the generated one or more probabilities.
-
公开(公告)号:US09553889B1
公开(公告)日:2017-01-24
申请号:US14849044
申请日:2015-09-09
申请人: AO Kaspersky Lab
CPC分类号: G06F21/561 , G06F21/563 , H04L63/0227 , H04L67/10 , H04W12/12 , H04W88/02
摘要: Disclosed are system, method and computer program product for detecting malicious files on mobile devices. An example method includes: analyzing a file to identify classes and methods contained in said classes; identifying a bytecode array for each identified method; determining instructions contained in each method by identifying a corresponding operation code from the bytecode array of each method; dividing the determined instructions for each method into a plurality of groups based on similarity of functionality among said instructions; forming a vector for each method on the basis of the results of the division of the instructions into the plurality of groups; comparing the formed vectors with a plurality of vectors of known malicious files to determine a degree of similarity between the compared vectors; and determining whether the analyzed file is malicious or clean based on the degree of similarity between the compared vectors.
摘要翻译: 公开了用于在移动设备上检测恶意文件的系统,方法和计算机程序产品。 示例性方法包括:分析文件以识别所述类中包含的类和方法; 为每个识别的方法识别字节码数组; 通过从每个方法的字节码阵列识别相应的操作码来确定每个方法中包含的指令; 基于所述指令中的功能的相似性,将所确定的每个方法的指令划分成多个组; 基于将指令划分到多个组中的结果,为每个方法形成向量; 将形成的向量与已知恶意文件的多个向量进行比较,以确定所比较的向量之间的相似度; 并且基于所比较的向量之间的相似度来确定所分析的文件是恶意的还是干净的。
-
公开(公告)号:US20170006045A1
公开(公告)日:2017-01-05
申请号:US14849044
申请日:2015-09-09
申请人: AO Kaspersky Lab
CPC分类号: G06F21/561 , G06F21/563 , H04L63/0227 , H04L67/10 , H04W12/12 , H04W88/02
摘要: Disclosed are system, method and computer program product for detecting malicious files on mobile devices. An example method includes: analyzing a file to identify classes and methods contained in said classes; identifying a bytecode array for each identified method; determining instructions contained in each method by identifying a corresponding operation code from the bytecode array of each method; dividing the determined instructions for each method into a plurality of groups based on similarity of functionality among said instructions; forming a vector for each method on the basis of the results of the division of the instructions into the plurality of groups; comparing the formed vectors with a plurality of vectors of known malicious files to determine a degree of similarity between the compared vectors; and determining whether the analyzed file is malicious or clean based on the degree of similarity between the compared vectors.
摘要翻译: 公开了用于在移动设备上检测恶意文件的系统,方法和计算机程序产品。 示例性方法包括:分析文件以识别所述类中包含的类和方法; 为每个识别的方法识别字节码数组; 通过从每个方法的字节码阵列识别相应的操作码来确定每个方法中包含的指令; 基于所述指令中的功能的相似性,将所确定的每个方法的指令划分成多个组; 基于将指令划分到多个组中的结果,为每个方法形成向量; 将形成的向量与已知恶意文件的多个向量进行比较,以确定所比较的向量之间的相似度; 并且基于所比较的向量之间的相似度来确定所分析的文件是恶意的还是干净的。
-
-
-
-
搜索结果
5 条记录 (耗时 0.015 秒)
