-
公开(公告)号:US20100192222A1
公开(公告)日:2010-07-29
申请号:US12358246
申请日:2009-01-23
申请人: Jack W. Stokes , John C. Platt , Jonathan M. Keller , Joseph L. Faulhaber , Anil Francis Thomas , Adrian M. Marinescu , Marius G. Gheorghescu , George Chicioreanu
发明人: Jack W. Stokes , John C. Platt , Jonathan M. Keller , Joseph L. Faulhaber , Anil Francis Thomas , Adrian M. Marinescu , Marius G. Gheorghescu , George Chicioreanu
CPC分类号: G06F21/563
摘要: A method of identifying a malware file using multiple classifiers is disclosed. The method includes receiving a file at a client computer. The file includes static metadata. A set of metadata classifier weights are applied to the static metadata to generate a first classifier output. A dynamic classifier is initiated to evaluate the file and to generate a second classifier output. The method includes automatically identifying the file as potential malware based on at least the first classifier output and the second classifier output.
摘要翻译: 公开了使用多个分类器识别恶意软件文件的方法。 该方法包括在客户端计算机上接收文件。 该文件包括静态元数据。 将一组元数据分类器权重应用于静态元数据以生成第一个分类器输出。 启动动态分类器来评估文件并生成第二个分类器输出。 该方法包括至少基于第一分类器输出和第二分类器输出将文件自动识别为潜在的恶意软件。
-
2.发明申请Discovering Malicious Input Files and Performing Automatic and Distributed Remediation 有权发现恶意输入文件并执行自动和分布式修复公开(公告)号:US20120297488A1
公开(公告)日:2012-11-22
申请号:US13161950
申请日:2011-06-16
申请人: Vishal Kapoor , Jonathan Mark Keller , Ajith Kumar , Adrian M. Marinescu , Marc E. Seinfeld , Anil Francis Thomas , Michael Sean Jarrett , Joseph J. Johnson , Joseph L. Faulhaber
发明人: Vishal Kapoor , Jonathan Mark Keller , Ajith Kumar , Adrian M. Marinescu , Marc E. Seinfeld , Anil Francis Thomas , Michael Sean Jarrett , Joseph J. Johnson , Joseph L. Faulhaber
IPC分类号: G06F11/00
CPC分类号: G06F21/566 , G06F21/52 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/568 , G06F2221/2101 , H04L63/145
摘要: The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.
摘要翻译: 本发明涉及通过允许打开输入文件以及通过监视与可能指示恶意软件的打开文件相对应的一个或多个行为来检测输入文件中的恶意软件或可能的恶意软件。 可以监视由此引起的某些可执行文件和/或文件类型,当观察到不当的行为时,各种收集的事件数据用于反恶意软件目的。 示例行为包括将文件写入存储,生成网络流量,注入进程,运行脚本和/或编写系统注册表数据。 遥测数据和/或文件样本可以被发送到反恶意软件服务,并且可以执行恶意软件修复。 数据(例如,收集的事件)可以被分发到其他节点以用于反恶意软件检测,例如阻止类似文件的执行。
-
3.发明授权Discovering malicious input files and performing automatic and distributed remediation 有权发现恶意输入文件并执行自动和分布式修复公开(公告)号:US09436826B2
公开(公告)日:2016-09-06
申请号:US13161950
申请日:2011-06-16
申请人: Vishal Kapoor , Jonathan Mark Keller , Ajith Kumar , Adrian M. Marinescu , Marc E. Seinfeld , Anil Francis Thomas , Michael Sean Jarrett , Joseph J. Johnson , Joseph L. Faulhaber
发明人: Vishal Kapoor , Jonathan Mark Keller , Ajith Kumar , Adrian M. Marinescu , Marc E. Seinfeld , Anil Francis Thomas , Michael Sean Jarrett , Joseph J. Johnson , Joseph L. Faulhaber
CPC分类号: G06F21/566 , G06F21/52 , G06F21/552 , G06F21/554 , G06F21/56 , G06F21/568 , G06F2221/2101 , H04L63/145
摘要: The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.
摘要翻译: 本发明涉及通过允许打开输入文件以及通过监视与可能指示恶意软件的打开文件相对应的一个或多个行为来检测输入文件中的恶意软件或可能的恶意软件。 可以监视由此引起的某些可执行文件和/或文件类型,当观察到不当的行为时,各种收集的事件数据用于反恶意软件目的。 示例行为包括将文件写入存储,生成网络流量,注入进程,运行脚本和/或编写系统注册表数据。 遥测数据和/或文件样本可以被发送到反恶意软件服务,并且可以执行恶意软件修复。 数据(例如,收集的事件)可以被分发到其他节点以用于反恶意软件检测,例如阻止类似文件的执行。
-
公开(公告)号:US20100242094A1
公开(公告)日:2010-09-23
申请号:US12405252
申请日:2009-03-17
申请人: Ahmed S. Hussain , Ajith Kumar , Catalin D. Sandu , Alvin Loh , Sterling M. Reasor , Santanu Chakraborty , Joseph L. Faulhaber
发明人: Ahmed S. Hussain , Ajith Kumar , Catalin D. Sandu , Alvin Loh , Sterling M. Reasor , Santanu Chakraborty , Joseph L. Faulhaber
CPC分类号: G06F21/564
摘要: Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.
摘要翻译: 公开了用于识别遥测数据的方法,系统和计算机可读介质。 特定方法扫描文件,并将该文件与要用于遥测收集的至少一个属性进行比较。 当文件被识别为遥测候选者时,将提交文件样本的报价发送到服务器。 从服务器收到对该报价的响应。 如果对提议的响应表示接受,则将该文件的样本发送到服务器。
-
公开(公告)号:US09208315B2
公开(公告)日:2015-12-08
申请号:US12405252
申请日:2009-03-17
申请人: Ahmed S. Hussain , Ajith Kumar , Catalin D. Sandu , Alvin Loh , Sterling M. Reasor , Santanu Chakraborty , Joseph L. Faulhaber
发明人: Ahmed S. Hussain , Ajith Kumar , Catalin D. Sandu , Alvin Loh , Sterling M. Reasor , Santanu Chakraborty , Joseph L. Faulhaber
CPC分类号: G06F21/564
摘要: Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.
摘要翻译: 公开了用于识别遥测数据的方法,系统和计算机可读介质。 特定方法扫描文件,并将该文件与要用于遥测收集的至少一个属性进行比较。 当文件被识别为遥测候选者时,将提交文件样本的报价发送到服务器。 从服务器收到对该报价的响应。 如果对提议的响应表示接受,则将该文件的样本发送到服务器。
-
-
-
-
搜索结果
5 条记录 (耗时 0.043 秒)
