摘要:
A method for managing rights associated with data is described. A request to access encrypted data is intercepted. Credentials associated with the request are verified. The data is decrypted if the credentials are verified. The decrypted data is marked with an identifier. Predetermined operations directed to the decrypted data are monitored.
摘要:
A system and method of automatic suggested application identification includes accessing a profile of a device, wherein the profile represents information specific to the device. From said profile, a determined pattern of use determined by the device is accessed, wherein the determined pattern is unique to the device. The profile including the determined pattern and a geo-specific data of the device and configuration information of the device and applications resident on the device is compared to similar profiles and similar determined patterns of other devices. A suggested application is identified based on said comparing.
摘要:
User-generated web content is received prior to posting by a client system, such as a web content hosting system. The user-generated web content is executed in a virtual environment and monitored for malicious behavior. Execution of the web content in the virtual environment forces code in the web content to run such that the actions the code takes, especially malicious behavior, are not obfuscated. If malicious behavior is detected, the user-generated web content is blocked from posting to the web content hosting system. Alternatively, when malicious behavior is not detected, the user-generated web content is permitted to be posted to the web content hosting system.
摘要:
A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.
摘要:
Method and apparatus for monitoring instant messaging with visual identification are described. In some examples, monitoring of instant message (IM) traffic at a node on a network is performed. Video content in the IM traffic is detected at the node. A facial recognition analysis is performed on the video content to extract at least one image having human facial features. At least one user identity is extracted from the IM traffic. The at least one image and the at least one user identity are stored in a log implemented in a memory on the network.
摘要:
An exemplary method for translating non-comparable values into comparable values for use in heuristics may include: 1) identifying a data object, 2) identifying a non-comparable value associated with the data object, 3) translating the non-comparable value into a comparable value, and then 4) processing the comparable value in a heuristic. In some examples, the heuristic may include a malware-detection heuristic, such as a decision tree.
摘要:
A method and apparatus for automatically classifying an unknown web site to improve internet browsing control is described. In one embodiment, a method for classifying an unknown web site to control internet browsing comprising processing web site control data associated with at least one user that requested access to an unknown web site, wherein the web site control data comprises a web browsing behavior history and applying at least one metric to the web browsing behavior history to classify the unknown website.
摘要:
A method and apparatus for identifying an application source from which an application is installed on a non-rooted computing device. An application source identifier of a security application that does not have root access to an operating system monitors for an application installation. The application source identifier extracts a process identifier (PID) of the application being installed from a log message associated with the application installation and determines a package name from the PID. The PID identifies an application source from which the application is installed. The application source identifier receives, based on the package name, a confidence level for the application source from a security service over a network.
摘要:
A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.
摘要:
A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.