-
公开(公告)号:US08863279B2
公开(公告)日:2014-10-14
申请号:US12719535
申请日:2010-03-08
申请人: Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
发明人: Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
CPC分类号: H04L63/1416 , G06F21/56
摘要: According to one embodiment, a computer-implemented method for execution on one or more processors includes receiving a first file and determining a file type of the first file. The method also includes determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file. In addition, the method includes scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy. Further, the method includes determining, in response to determining the results of applying the plurality of malware detection schemes, that the first file is malware or determining that the first file is suspected malware according to a third policy.
摘要翻译: 根据一个实施例,用于在一个或多个处理器上执行的计算机实现的方法包括接收第一文件并确定第一文件的文件类型。 该方法还包括根据第一策略确定多个恶意软件检测方案,以基于所确定的第一文件的文件类型来应用于第一文件。 此外,该方法包括根据第二策略在多个检测节点之中对所确定的多个恶意软件检测方案的应用调度到第一文件。 此外,该方法包括响应于确定应用多个恶意软件检测方案的结果,确定第一文件是恶意软件,或者根据第三策略确定第一文件是可疑的恶意软件。
-
公开(公告)号:US20110219450A1
公开(公告)日:2011-09-08
申请号:US12719535
申请日:2010-03-08
申请人: Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
发明人: Monty D. McDougal , Randy S. Jennings , Jeffrey C. Brown , Jesse J. Lee , Brian N. Smith , Darin J. De Rita , Kevin L. Cariker , William E. Sterns , Michael K. Daly
CPC分类号: H04L63/1416 , G06F21/56
摘要: According to one embodiment, a computer-implemented method for execution on one or more processors includes receiving a first file and determining a file type of the first file. The method also includes determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file. In addition, the method includes scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy. Further, the method includes determining, in response to determining the results of applying the plurality of malware detection schemes, that the first file is malware or determining that the first file is suspected malware according to a third policy.
摘要翻译: 根据一个实施例,用于在一个或多个处理器上执行的计算机实现的方法包括接收第一文件并确定第一文件的文件类型。 该方法还包括根据第一策略确定多个恶意软件检测方案,以基于所确定的第一文件的文件类型来应用于第一文件。 此外,该方法包括根据第二策略在多个检测节点之中对所确定的多个恶意软件检测方案的应用调度到第一文件。 此外,该方法包括响应于确定应用多个恶意软件检测方案的结果,确定第一文件是恶意软件,或者根据第三策略确定第一文件是可疑的恶意软件。
-
公开(公告)号:US08839434B2
公开(公告)日:2014-09-16
申请号:US13087447
申请日:2011-04-15
IPC分类号: G06F21/56
CPC分类号: G06F21/567
摘要: A computer-implemented method includes accessing, by an analysis console, information related to a first file received at a first host of a plurality of hosts. Each host is capable of running a corresponding set of malware detection processes. The information includes: an identifier of the first file; and data indicating a first result of the first host applying the set of malware detection processes to the first file. The identifier is generated by the first host and is usable by each of the hosts to determine whether a second file comprises content substantially equivalent to content of the first file. The analysis console generates a first output including: the identifier of the first file; and a second result indicating whether the first file comprises malware. The second result is usable by each of the hosts to determine whether the second file comprises malware. The first output is propagated to the hosts.
摘要翻译: 计算机实现的方法包括通过分析控制台访问与在多个主机的第一主机处接收到的第一文件相关的信息。 每个主机都能够运行相应的恶意软件检测过程。 该信息包括:第一文件的标识符; 以及指示将所述一组恶意软件检测处理应用于所述第一文件的所述第一主机的第一结果的数据。 标识符由第一主机生成,并且可由每个主机使用,以确定第二文件是否包含与第一文件的内容基本相同的内容。 分析控制台生成第一输出,包括:第一文件的标识符; 以及指示第一文件是否包括恶意软件的第二结果。 每个主机可以使用第二个结果来确定第二个文件是否包含恶意软件。 第一个输出传播到主机。
-
公开(公告)号:US20130145466A1
公开(公告)日:2013-06-06
申请号:US13312767
申请日:2011-12-06
IPC分类号: G06F21/00
CPC分类号: G06F21/562
摘要: In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.
摘要翻译: 在一个实施例中,一种方法包括使用一个或多个处理器识别便携式文档格式(PDF)文件的多个特征。 该方法还包括使用一个或多个处理器对于多个特征中的每一个来确定对应于该特征的得分。 另外,该方法包括将所确定的分数与第一阈值进行比较。 至少基于所确定的分数与第一阈值的比较,该方法包括使用一个或多个处理器来确定该PDF文件是潜在的恶意软件。
-
公开(公告)号:US08468602B2
公开(公告)日:2013-06-18
申请号:US12719614
申请日:2010-03-08
申请人: Monty D. McDougal , Brian N. Smith , Keven K. Kalkbrenner , Bradley T. Ford , Randy S. Jennings , William E. Sterns
发明人: Monty D. McDougal , Brian N. Smith , Keven K. Kalkbrenner , Bradley T. Ford , Randy S. Jennings , William E. Sterns
CPC分类号: H04L63/1416 , G06F21/562
摘要: According to one embodiment, a computer-implemented method includes: accessing a set of configuration parameters, accessing a set of identifiers of files known not to be malware, and accessing a set of identifiers of files known to be malware. Further, the method includes: comparing a first file to the set of configuration parameters, determining that a first hash of the first file is not in the set of identifiers of files known not to be malware and that the first hash is not in the set of identifiers of files known to be malware, and sending the at least one file and information related to the at least one file to be analyzed for malware. The method includes deleting the set of configuration parameters, the set of identifiers of files known not to be malware, and the set of identifiers of files known to be malware after sending the first file.
摘要翻译: 根据一个实施例,计算机实现的方法包括:访问一组配置参数,访问已知不是恶意软件的文件的一组标识符,以及访问已知为恶意软件的一组文件的标识符。 此外,该方法包括:将第一文件与配置参数集合进行比较,确定第一文件的第一散列不在已知不是恶意软件的文件的标识符集中,并且第一散列不在集合中 已知是恶意软件的文件的标识符,以及发送所述至少一个文件以及与要被分析的至少一个文件相关的恶意软件的信息。 该方法包括删除一组配置参数,已知不是恶意软件的文件的标识符集合,以及在发送第一个文件之后已知是恶意软件的文件的标识符集合。
-
公开(公告)号:US20110219451A1
公开(公告)日:2011-09-08
申请号:US12719614
申请日:2010-03-08
申请人: Monty D. McDougal , Brian N. Smith , Keven K. Kalkbrenner , Bradley T. Ford , Randy S. Jennings , William E. Sterns
发明人: Monty D. McDougal , Brian N. Smith , Keven K. Kalkbrenner , Bradley T. Ford , Randy S. Jennings , William E. Sterns
CPC分类号: H04L63/1416 , G06F21/562
摘要: According to one embodiment, a computer-implemented method includes: accessing a set of configuration parameters, accessing a set of identifiers of files known not to be malware, and accessing a set of identifiers of files known to be malware. Further, the method includes: comparing a first file to the set of configuration parameters, determining that a first hash of the first file is not in the set of identifiers of files known not to be malware and that the first hash is not in the set of identifiers of files known to be malware, and sending the at least one file and information related to the at least one file to be analyzed for malware. The method includes deleting the set of configuration parameters, the set of identifiers of files known not to be malware, and the set of identifiers of files known to be malware after sending the first file.
摘要翻译: 根据一个实施例,计算机实现的方法包括:访问一组配置参数,访问已知不是恶意软件的文件的一组标识符,以及访问已知为恶意软件的一组文件的标识符。 此外,该方法包括:将第一文件与配置参数集合进行比较,确定第一文件的第一散列不在已知不是恶意软件的文件的标识符集中,并且第一散列不在集合中 已知是恶意软件的文件的标识符,以及发送所述至少一个文件以及与要被分析的至少一个文件相关的恶意软件的信息。 该方法包括删除一组配置参数,已知不是恶意软件的文件的标识符集合,以及在发送第一个文件之后已知是恶意软件的文件的标识符集合。
-
公开(公告)号:US09213837B2
公开(公告)日:2015-12-15
申请号:US13312767
申请日:2011-12-06
CPC分类号: G06F21/562
摘要: In one embodiment, a method includes identifying, using one or more processors, a plurality of characteristics of a Portable Document Format (PDF) file. The method also includes determining, using the one or more processors, for each of the plurality of characteristics, a score corresponding to the characteristic. In addition, the method includes comparing, using the one or more processors, the determined scores to a first threshold. Based at least on the comparison of the determined scores to the first threshold, the method includes determining, using the one or more processors, that the PDF file is potential malware.
摘要翻译: 在一个实施例中,一种方法包括使用一个或多个处理器识别便携式文档格式(PDF)文件的多个特征。 该方法还包括使用一个或多个处理器对于多个特征中的每一个来确定对应于该特征的得分。 另外,该方法包括将所确定的分数与第一阈值进行比较。 至少基于所确定的分数与第一阈值的比较,该方法包括使用一个或多个处理器来确定该PDF文件是潜在的恶意软件。
-
公开(公告)号:US20120266245A1
公开(公告)日:2012-10-18
申请号:US13087447
申请日:2011-04-15
IPC分类号: G06F21/00
CPC分类号: G06F21/567
摘要: A computer-implemented method includes accessing, by an analysis console, information related to a first file received at a first host of a plurality of hosts. Each host is capable of running a corresponding set of malware detection processes. The information includes: an identifier of the first file; and data indicating a first result of the first host applying the set of malware detection processes to the first file. The identifier is generated by the first host and is usable by each of the hosts to determine whether a second file comprises content substantially equivalent to content of the first file. The analysis console generates a first output including: the identifier of the first file; and a second result indicating whether the first file comprises malware. The second result is usable by each of the hosts to determine whether the second file comprises malware. The first output is propagated to the hosts.
摘要翻译: 计算机实现的方法包括通过分析控制台访问与在多个主机的第一主机处接收到的第一文件相关的信息。 每个主机都能够运行相应的恶意软件检测过程。 该信息包括:第一文件的标识符; 以及指示将所述一组恶意软件检测处理应用于所述第一文件的所述第一主机的第一结果的数据。 标识符由第一主机生成,并且可由每个主机使用,以确定第二文件是否包含与第一文件的内容基本相同的内容。 分析控制台生成第一输出,包括:第一文件的标识符; 以及指示第一文件是否包括恶意软件的第二结果。 每个主机可以使用第二个结果来确定第二个文件是否包含恶意软件。 第一个输出传播到主机。
-
公开(公告)号:US08635700B2
公开(公告)日:2014-01-21
申请号:US13312716
申请日:2011-12-06
CPC分类号: G06F21/562 , G06F21/564
摘要: In one embodiment, a method includes identifying a plurality of portions of a file and comparing the plurality of portions of the file to a plurality of stored patterns. The plurality of stored patterns include portions of known malware. The method also includes determining, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions. The set of matching portions include one or more of the plurality of portions of the file. In addition, the method includes determining a score for each portion in the set of matching portions and providing information regarding the set of matching portions. The information includes the scores determined for each portion of the set of matching portions.
摘要翻译: 在一个实施例中,一种方法包括识别文件的多个部分并将文件的多个部分与多个存储的模式进行比较。 多个存储的图案包括已知恶意软件的部分。 该方法还包括从文件的多个部分中确定文件的多个部分与多个存储的模式的比较,一组匹配部分。 该组匹配部分包括文件的多个部分中的一个或多个部分。 此外,该方法包括确定匹配部分组中的每个部分的得分,并提供关于该匹配部分的集合的信息。 该信息包括为该组匹配部分的每个部分确定的得分。
-
公开(公告)号:US20130145471A1
公开(公告)日:2013-06-06
申请号:US13312716
申请日:2011-12-06
CPC分类号: G06F21/562 , G06F21/564
摘要: In one embodiment, a method includes identifying a plurality of portions of a file and comparing the plurality of portions of the file to a plurality of stored patterns. The plurality of stored patterns include portions of known malware. The method also includes determining, from the plurality of portions of the file and based on the comparing of the plurality of portions of the file to the plurality of stored patterns, a set of matching portions. The set of matching portions include one or more of the plurality of portions of the file. In addition, the method includes determining a score for each portion in the set of matching portions and providing information regarding the set of matching portions. The information includes the scores determined for each portion of the set of matching portions.
摘要翻译: 在一个实施例中,一种方法包括识别文件的多个部分并将文件的多个部分与多个存储的模式进行比较。 多个存储的图案包括已知恶意软件的部分。 该方法还包括从文件的多个部分中确定文件的多个部分与多个存储的模式的比较,一组匹配部分。 该组匹配部分包括文件的多个部分中的一个或多个部分。 此外,该方法包括确定匹配部分组中的每个部分的得分,并提供关于该匹配部分的集合的信息。 该信息包括为该组匹配部分的每个部分确定的得分。
-
-
-
-
-
-
-
-
-
搜索结果
23 条记录 (耗时 0.048 秒)
