公开(公告)号：US08875303B2

公开(公告)日：2014-10-28

申请号：US13565304

申请日：2012-08-02

申请人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

发明人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

IPC分类号： G06F7/04 ,  G06F7/00 ,  G06F21/10 ,  G06F21/60 ,  G06Q50/18 ,  G06F21/12

CPC分类号： G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/60 ,  G06Q50/184 ,  H04L2463/101

摘要： A method includes receiving a plurality of trusted assets, generating a first signature set for a known software application, and generating a second signature set for a subject software application. Each trusted asset is associated with at least a threshold number of trusted authors. Each signature in the first signature set corresponds to a known asset that is associated with the known software application. Each signature in the second signature set corresponds to a subject asset that is associated with the subject software application. The method further includes generating first and second filtered signature set based on the first and second signature sets, respectively, by excluding signatures corresponding to the trusted assets. The method also includes generating a similarity rating for the subject application based on a comparison of the first filtered signature set and the second filtered signature set.

摘要翻译： 一种方法包括接收多个可信资产，为已知软件应用生成第一签名集，以及为主题软件应用生成第二签名集。 每个可信资产与至少一个阈值数量的可信作者相关联。 第一签名集中的每个签名对应于与已知软件应用相关联的已知资产。 第二签名集中的每个签名对应于与主题软件应用相关联的主题资产。 该方法还包括通过排除与可信资产相对应的签名，分别基于第一和第二签名集来生成第一和第二过滤签名集。 该方法还包括基于第一过滤签名集和第二过滤签名集的比较来生成针对主题应用的相似性等级。

公开(公告)号：US20140041037A1

公开(公告)日：2014-02-06

申请号：US13565304

申请日：2012-08-02

申请人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

发明人： Ashish Bhatia ,  Min Gyung Kang ,  Monirul Islam Sharif ,  Niels Provos ,  Panayiotis Mavrommatis ,  Sruthi Bandhakavi

IPC分类号： G06F21/00

CPC分类号： G06F21/10 ,  G06F21/105 ,  G06F21/121 ,  G06F21/60 ,  G06Q50/184 ,  H04L2463/101

摘要： A method includes receiving a plurality of trusted assets, generating a first signature set for a known software application, and generating a second signature set for a subject software application. Each trusted asset is associated with at least a threshold number of trusted authors. Each signature in the first signature set corresponds to a known asset that is associated with the known software application. Each signature in the second signature set corresponds to a subject asset that is associated with the subject software application. The method further includes generating first and second filtered signature set based on the first and second signature sets, respectively, by excluding signatures corresponding to the trusted assets. The method also includes generating a similarity rating for the subject application based on a comparison of the first filtered signature set and the second filtered signature set.

摘要翻译： 一种方法包括接收多个可信资产，为已知软件应用生成第一签名集，以及为主题软件应用生成第二签名集。 每个可信资产与至少一个阈值数量的可信作者相关联。 第一签名集中的每个签名对应于与已知软件应用相关联的已知资产。 第二签名集中的每个签名对应于与主题软件应用相关联的主题资产。 该方法还包括通过排除与可信资产相对应的签名，分别基于第一和第二签名集来生成第一和第二过滤签名集。 该方法还包括基于第一过滤签名集和第二过滤签名集的比较来生成针对主题应用的相似性等级。