发明名称 |
Silent-mode signature testing in anti-malware processing |
摘要 |
Method and computer program product for signature testing used in anti-malware processing. Silent signatures, after being tested, are not updated into a white list and are sent directly to users instead. If the silent signature coincides with malware signature, a user is not informed. A checksum (e.g., hash value) of a suspected file is sent to a server, where statistics are kept and analyzed. Based on collected false positive statistics of the silent-signature, the silent-signature is either valid or invalid. Use of the silent signatures provides for effective signature testing and reduces response time to new malware-related threats. The silent signature method is used for turning off a signature upon first false positive occurrence. Use of silent signatures allows improving heuristic algorithms for detection of unknown malware. |
申请公布号 |
US8819835(B2) |
申请公布日期 |
2014.08.26 |
申请号 |
US201313740775 |
申请日期 |
2013.01.14 |
申请人 |
Kaspersky Lab, ZAO |
发明人 |
Nazarov Denis A. |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
Bardmesser Law Group |
代理人 |
Bardmesser Law Group |
主权项 |
1. A silent-mode method for protecting against malware, the method being performed on a client computer having a processor and a memory, the method comprising:
(a) generating a silent-signature that is applied on the client computer without informing a user of the client computer of a match with signatures of objects from a white list or a black list; (b) analyzing the matches for false positive occurrences; (c) turning off the silent-signature on the client computer and sending the matches from the client computer to a server for further analysis, if at least one false positive occurrence is detected; (d) converting the silent-signature into an active signature and subsequently utilizing the silent-signature for malicious object identification if no false positive occurrence is detected; wherein the false positives occur when the silent-signature matches a signature from the white list, wherein the silent-signature reflects heuristic data comprising behavior patterns of an executable component. |
地址 |
Moscow RU |