Systems and methods for estimating confidence scores of unverified signatures

摘要

The disclosed computer-implemented method for estimating confidence scores of unverified signatures may include (1) detecting a potentially malicious event that triggers a malware signature whose confidence score is above a certain threshold, (2) detecting another event that triggers another signature whose confidence score is unknown, (3) determining that the potentially malicious event and the other event occurred within a certain time period of one another, and then (4) assigning, to the other signature, a confidence score based at least in part on the potentially malicious event and the other event occurring within the certain time period of one another. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for estimating confidence scores of unverified signatures, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
detecting a potentially malicious event that triggers a malware signature designed to detect malware, the malware signature having a confidence score that:
represents a level of confidence in the accuracy or reliability of the malware signature; andis above a certain threshold such that the malware signature's confidence score indicates a threshold level of confidence in the accuracy or reliability of the malware signature; detecting another event that triggers another signature designed to detect malware, the other signature having a confidence score that:
represents a level of confidence in the accuracy or reliability of the other signature; andis unknown such that the other signature's confidence score indicates an unknown level of confidence in the accuracy or reliability of the other signature; determining that the potentially malicious event and the other event occurred within a certain time period of one another; and assigning, to the other signature, a confidence score based at least in part on the potentially malicious event and the other event occurring within the certain time period of one another.