发明名称 |
METHOD AND SYSTEM FOR METADATA DRIVEN TESTING OF MALWARE SIGNATURES |
摘要 |
Techniques are disclosed for evaluating the effectiveness of a malware signature. A query tool translates a markup language malware signature definition into a database query. The query is then executed against a database of application features to identify software packages that the signature would identify as malware. The results of the query are compared with threat information stored in the database and classified as being true/false positives and true/false negatives. |
申请公布号 |
US2015096021(A1) |
申请公布日期 |
2015.04.02 |
申请号 |
US201314042342 |
申请日期 |
2013.09.30 |
申请人 |
Symantec Corporation |
发明人 |
USCILOWSKI BARTLOMIEJ;IONESCU COSTIN;PARSONS THOMAS |
分类号 |
G06F21/56;G06F17/30 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method for evaluating malware signatures, the method comprising:
receiving a candidate malware signature specified in a markup language; translating the candidate malware signature into a database query; executing the database query to identify a set of applications detected by the candidate malware signature as being an instance of a malware threat corresponding to the candidate malware signature; and for each application in the set of applications:
determining whether the application was correctly identified by the candidate malware signature as instance of the malware threat. |
地址 |
Mountain View CA US |