| 发明名称 | Systems and methods for identifying malicious files | ||
| 摘要 | The disclosed computer-implemented method for identifying malicious files may include (1) identifying different instances of a file that is subject to a security evaluation, (2) identifying, within a field for each of the different instances, an attribute of the different instance that associates the different instance with a respective application, (3) determining that the respective applications to which the different instances of the file are associated are distinct applications and are known to be safe, (4) adjusting a security policy for the file, by increasing an estimation that the file is malicious, based on the determination that the respective applications are distinct applications and are known to be safe, and (5) classifying, in a software security system, the file as malicious based on the adjusted security policy that increased the estimation that the file is malicious. Various other methods, systems, and computer-readable media are also disclosed. | ||
| 申请公布号 | US9245123(B1) | 申请公布日期 | 2016.01.26 |
| 申请号 | US201414301985 | 申请日期 | 2014.06.11 |
| 申请人 | Symantec Corporation | 发明人 | Satish Sourabh |
| 分类号 | G06F21/56 | 主分类号 | G06F21/56 |
| 代理机构 | ALG Intellectual Property, LLC | 代理人 | ALG Intellectual Property, LLC |
| 主权项 | 1. A computer-implemented method for identifying malicious files, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying different instances of a file that is subject to a security evaluation; identifying, within a field for each of the different instances, an attribute of the different instance that associates the different instance with a respective application; determining that the respective applications to which the different instances of the file are associated are distinct applications and are known to be safe by determining that at least a threshold number of the respective applications are distinct applications and are known to be safe; adjusting a security policy for the file, by increasing an estimation that the file is malicious, based on the determination that the respective applications are distinct applications and are known to be safe; classifying, in a software security system, the file as malicious based on the adjusted security policy that increased the estimation that the file is malicious. | ||
| 地址 | Mountain View CA US | ||