公开(公告)号：US10437997B2

公开(公告)日：2019-10-08

申请号：US15648610

申请日：2017-07-13

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Zulfikar Ramzan

IPC: G06F21/56 ,  G06F16/13 ,  G06F16/23 ,  G06F21/55

Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.

公开(公告)号：US09747445B2

公开(公告)日：2017-08-29

申请号：US14971168

申请日：2015-12-16

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Zulfikar Ramzan

IPC: G06F12/14 ,  G06F21/56 ,  G06F17/30 ,  G06F21/55

CPC classification number: G06F21/565 ,  G06F17/30091 ,  G06F17/30368 ,  G06F21/552 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06F2221/033

Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.

公开(公告)号：US20160098560A1

公开(公告)日：2016-04-07

申请号：US14971168

申请日：2015-12-16

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Zulfikar Ramzan

IPC: G06F21/56 ,  G06F21/55 ,  G06F17/30

CPC classification number: G06F21/565 ,  G06F17/30091 ,  G06F17/30368 ,  G06F21/552 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06F2221/033

Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.

Abstract translation: 提供技术用于检测通用计算设备上的恶意软件（恶意软件）。 检测恶意软件的一个挑战是通常只扫描文件一次存在恶意意图（后来的重新扫描通常以简单的方式执行）。 本领域中现有的方法并不涉及如何以尝试优化性能和功效的方式最有效地重新扫描文件集合。 如果有关可能对最终用户或管理员可能有用的文件的附加信息，即使该文件的核心配置可能没有更改，这些方法也可能很有用。 更具体地说，我们描述执行数据分析以智能地重新扫描文件集合的方法，组件和系统，目的是追溯识别恶意软件和追溯识别干净的文件。

公开(公告)号：US08978137B2

公开(公告)日：2015-03-10

申请号：US13781434

申请日：2013-02-28

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F11/00 ,  G06F12/14 ,  G08B23/00 ,  G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system for retroactively detecting malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy is found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract translation: 用于在终端用户系统上追溯地检测恶意软件的系统，而不直接在端点设备上执行昂贵的交叉引用。 客户端向服务器提供有关其上的文件的信息以及它们对这些文件的了解。 服务器跟踪这些信息，并将其与引用干净或恶意文件的新智能交叉引用。 如果发现差异（即被称为恶意文件但实际上是良性的文件，反之亦然），则服务器通知客户端，该客户端又根据该信息进行适当的操作。

公开(公告)号：US09639697B2

公开(公告)日：2017-05-02

申请号：US14610429

申请日：2015-01-30

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

公开(公告)号：US20150205959A1

公开(公告)日：2015-07-23

申请号：US14610429

申请日：2015-01-30

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Adam J. O'Donnell ,  Zulfikar Ramzan

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/567 ,  G06F2221/034 ,  G06F2221/2115

Abstract: A system retroactively detects malicious software on an end user system without performing expensive cross-referencing directly on the endpoint device. A client provides a server with information about files that are on it together with what it knows about these files. The server tracks this information and cross-references it against new intelligence it gathers on clean or malicious files. If a discrepancy in found (i.e., a file that had been called malicious, but that is actually benign or vice versa), the server informs the client, which in turn takes an appropriate action based on this information.

Abstract translation: 系统追溯地在最终用户系统上检测恶意软件，而不直接在端点设备上执行昂贵的交叉引用。 客户端向服务器提供有关其上的文件的信息以及它们对这些文件的了解。 服务器跟踪这些信息，并将其与引用干净或恶意文件的新智能交叉引用。 如果找到的差异（即被称为恶意文件但实际上是良性的文件或反之亦然），则服务器通知客户端，该客户端又根据该信息进行适当的操作。

公开(公告)号：US20170308700A1

公开(公告)日：2017-10-26

申请号：US15648610

申请日：2017-07-13

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Zulfikar Ramzan

IPC: G06F21/56 ,  G06F17/30 ,  G06F21/55

CPC classification number: G06F21/565 ,  G06F16/13 ,  G06F16/2358 ,  G06F21/552 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06F2221/033

Abstract: Techniques are provided for the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files.

公开(公告)号：US09245120B2

公开(公告)日：2016-01-26

申请号：US13942360

申请日：2013-07-15

Applicant: Cisco Technology, Inc.

Inventor： Oliver Friedrichs ,  Alfred Huger ,  Zulfikar Ramzan

IPC: G06F12/14 ,  G06F21/56

CPC classification number: G06F21/565 ,  G06F17/30091 ,  G06F17/30368 ,  G06F21/552 ,  G06F21/56 ,  G06F21/562 ,  G06F21/564 ,  G06F2221/033

Abstract: The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. Accordingly we present novel methods, components, and systems for intelligently rescanning file collections and thereby enabling retroactive detection of malicious software and also retroactive identification of clean software. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files. The disclosed invention provides a significant improvement with regard to efficacy and performance compared to previous approaches.

Abstract translation: 本发明涉及通用计算设备（例如膝上型或台式PC）的安全性，更具体地涉及在通用计算设备上检测恶意软件（恶意软件）。 检测恶意软件的一个挑战是通常只扫描文件一次存在恶意意图（后来的重新扫描通常以简单的方式执行）。 本领域中现有的方法并不涉及如何以尝试优化性能和功效的方式最有效地重新扫描文件集合。 因此，我们提出了用于智能重新扫描文件集合的新方法，组件和系统，从而实现恶意软件的追溯检测，以及清理软件的追溯识别。 如果有关可能对最终用户或管理员可能有用的文件的附加信息，即使该文件的核心配置可能没有更改，这些方法也可能很有用。 更具体地说，我们描述执行数据分析以智能地重新扫描文件集合的方法，组件和系统，目的是追溯识别恶意软件和追溯识别干净的文件。 与先前的方法相比，所公开的发明提供了关于功效和性能的显着改进。