发明名称 |
Systems and methods for detecting suspicious files |
摘要 |
A computer-implemented method for detecting suspicious files may include (1) detecting a file within incoming file traffic directed to a file recipient, (2) identifying a type of the file within the incoming file traffic directed to the file recipient, (3) determining a frequency with which the type of the file appears within the incoming file traffic directed to the file recipient, and (4) performing a security action on the file in response to the frequency of the type of the file within the incoming file traffic falling below a predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed. |
申请公布号 |
US9332025(B1) |
申请公布日期 |
2016.05.03 |
申请号 |
US201314138124 |
申请日期 |
2013.12.23 |
申请人 |
Symantec Corporation |
发明人 |
Watson Andrew;White Stephen |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
ALG Intellectual Property, LLC |
代理人 |
ALG Intellectual Property, LLC |
主权项 |
1. A computer-implemented method for detecting suspicious files, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:
detecting, by a detection module of the computing device, a file within incoming file traffic directed to a file recipient; identifying, by an identification module of the computing device, a type of the file within the incoming file traffic directed to the file recipient; determining, by a determination module of the computing device, a frequency with which the type of the file appears within the incoming file traffic directed to the file recipient in comparison to frequencies with which other types of files appear within the incoming file traffic directed to the recipient by:
tracking a number of files of each type in a plurality of file types within the incoming traffic directed to the file recipient;calculating a relative frequency for each type of file in the plurality of types of files within the incoming traffic;setting a predetermined threshold based on the relative frequency of the plurality of types of files; performing, by a security module of the computing device, a security action on the file in response to the frequency of the type of the file within the incoming file traffic falling below the predetermined threshold. |
地址 |
Mountain View CA US |