| 发明名称 | Malicious software detection in a computing system | ||
| 摘要 | A computer system identifies malicious Uniform Resource Locator (URL) data items from a plurality of unscreened data items that have not been previously identified as associated with malicious URLs. The system can execute a number of pre-filters to identify a subset of URLs in the plurality of data items that are likely to be malicious. A scoring processor can score the subset of URLs based on a plurality of input vectors using a suitable machine learning model. Optionally, the system can execute one or more post-filters on the score data to identify data items of interest. Such data items can be fed back into the system to improve machine learning or can be used to provide a notification that a particular resource within a local network is infected with malicious software. | ||
| 申请公布号 | US9558352(B1) | 申请公布日期 | 2017.01.31 |
| 申请号 | US201514698432 | 申请日期 | 2015.04.28 |
| 申请人 | Palantir Technologies Inc. | 发明人 | Dennison Drew;Stowe Geoff;Anderson Adam |
| 分类号 | G06F11/00;G06F12/14;G06F12/16;G08B23/00;G06F21/55;G06N99/00 | 主分类号 | G06F11/00 |
| 代理机构 | Knobbe, Martens, Olson & Bear LLP | 代理人 | Knobbe, Martens, Olson & Bear LLP |
| 主权项 | 1. A computer-implemented method to identify connection records associated with malicious locational references, the method comprising: as implemented by one or more computer readable storage devices configured to store one or more software modules including computer executable instructions, and by one or more hardware computer processors in communication with the one or more computer readable storage devices configured to execute the one or more software modules, identifying connection records, stored in the one or more computer readable storage devices, indicating communications involving a local network, each of the connection records associated with a respective device identifier for a computerized device within the local network, a respective locational reference to a resource external to the local network, and a respective time of communication, performing one or more filtering operations on the connection records to identify, within the connection records, first connection records more likely to be associated with malicious locational references than connection records not included in the first connection records, such that, once initiated, the one or more filtering operations are performed with the one or more computer readable storage devices and the one or more hardware computer processors and without the need for manually performing the filtering operations; numerically scoring at least some of the first connection records using a machine learning model incorporating a plurality of factors relating to the locational references associated with the first connection records; filtering the scored first connection records to identify, within the first connection records, second connection records more likely to be associated with malicious locational references than first connection records not included in the second connection records; receiving a disposition generated by a user regarding one or more of the second connection records; and applying the disposition to the machine learning model. | ||
| 地址 | Palo Alto CA US | ||