| 发明名称 | Systems and methods for determining malicious-attack exposure levels based on field-data analysis | ||
| 摘要 | A computer-implemented method for determining malicious-attack exposure levels based on field-data analysis may include (1) receiving a plurality of attack reports from a plurality of computing systems, wherein at least one attack report includes an identifier of a software component of a computing system within the plurality of computing systems from which the attack report was received and an indication that a malicious attack was detected at the computing system, (2) determining a number of attack reports within the plurality of attack reports that identify the software component, (3) analyzing the plurality of attack reports to determine, based at least in part on the number of attack reports, a level of exposure to malicious attacks of the software component, and (4) making, based at least in part on the level of exposure, a security determination related to the software component. Various other methods, systems, and computer-readable media are also disclosed. | ||
| 申请公布号 | US9043922(B1) | 申请公布日期 | 2015.05.26 |
| 申请号 | US201313866724 | 申请日期 | 2013.04.19 |
| 申请人 | Symantec Corporation | 发明人 | Dumitras Tudor;Efstathopoulos Petros |
| 分类号 | G06F21/00;G06F21/57 | 主分类号 | G06F21/00 |
| 代理机构 | ALG Intellectual Property, LLC | 代理人 | ALG Intellectual Property, LLC |
| 主权项 | 1. A computer-implemented method for determining malicious-attack exposure levels based on field-data analysis, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: receiving a plurality of attack reports from a plurality of computing systems, wherein at least one attack report within the plurality of attack reports comprises: an identifier of a software component of a computing system within the plurality of computing systems from which the attack report was received;an indication that a malicious attack was detected at the computing system from which the attack report was received; determining a number of attack reports within the plurality of attack reports that identify the software component; analyzing the plurality of attack reports to determine, based at least in part on the number of attack reports within the plurality of attack reports that identify the software component, a level of exposure to malicious attacks of the software component that reflects a portion of an attack surface of the software component that is actually attacked in the field; making, based at least in part on the level of exposure to malicious attacks of the software component, a security determination related to the software component. | ||
| 地址 | Mountain View CA US | ||