-
1.发明授权Methods and systems for prioritizing the monitoring of malicious uniform resource locators for new malware variants 有权为恶意统一资源定位器监控新的恶意软件变体的优先级的方法和系统公开(公告)号:US08800040B1
公开(公告)日:2014-08-05
申请号:US12347641
申请日:2008-12-31
申请人: Xiao Dong Tan , Fan Bai , Yin Ming Mei
发明人: Xiao Dong Tan , Fan Bai , Yin Ming Mei
CPC分类号: G06F21/566 , G06F21/552 , H04L63/1408 , H04L63/145 , H04L67/02
摘要: A computer-implemented method for prioritizing the monitoring of malicious uniform resource locators for new malware variants may comprise: 1) identifying at least one malicious uniform resource locator, 2) collecting priority information relating to the malicious uniform resource locator, wherein the priority information comprises information relevant to prioritizing monitoring of the malicious uniform resource locator for new malware variants, 3) determining, based on the priority information, a monitoring-priority level for the malicious uniform resource locator, and then 4) allocating, based on the monitoring-priority level, a monitoring resource for monitoring the malicious uniform resource locator. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于对新的恶意软件变体的恶意统一资源定位符的监视进行优先级的计算机实现的方法可以包括:1)识别至少一个恶意统一资源定位符,2)收集与恶意统一资源定位符相关的优先级信息,其中优先级信息包括 与恶意统一资源定位器的优先级监控相关的信息与新的恶意软件变体相关的信息,3)根据优先级信息确定恶意统一资源定位器的监控优先级,然后根据监控优先级 一级监控资源,用于监控恶意统一资源定位器。 还公开了各种其它方法,系统和计算机可读介质。
-
公开(公告)号:US08806641B1
公开(公告)日:2014-08-12
申请号:US13297244
申请日:2011-11-15
申请人: Yi Li , Xiao Dong Tan , Kai Xiao
发明人: Yi Li , Xiao Dong Tan , Kai Xiao
CPC分类号: G06F21/564 , G06F21/562 , G06F21/563
摘要: A computer-implemented method for detecting malware variants may include (1) identifying an application package file including at least one class file, (2) identifying a set of metadata fields within the class file, (3) comparing the set of metadata fields within the class file with a set of metadata fields within a corresponding class file found in a known malware package to determine a similarity between the application package file and the known malware package, and (4) determining, based on the similarity between the application package file and the known malware package, that the application package file is a threat variant in a same threat family as the known malware package. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译: 用于检测恶意软件变体的计算机实现的方法可以包括(1)识别包括至少一个类文件的应用包文件,(2)识别该类文件内的一组元数据字段,(3)将该组文件中的元数据字段集合 该类文件具有在已知恶意软件包中找到的相应类文件中的一组元数据字段,以确定应用程序包文件和已知恶意软件包之间的相似性,以及(4)基于应用程序包文件 和已知的恶意软件包,应用程序包文件是与已知恶意软件包相同的威胁系列中的威胁变体。 还公开了各种其它方法,系统和计算机可读介质。
-
搜索结果
2 条记录 (耗时 0.02 秒)
