| 发明名称 |
Method and Apparatus for Retroactively Detecting Malicious or Otherwise Undesirable Software As Well As Clean Software Through Intelligent Rescanning |
| 摘要 |
The present invention relates to the security of general purpose computing devices, such as laptop or desktop PCs, and more specifically to the detection of malicious software (malware) on a general purpose computing device. A challenge in detecting malicious software is that files are typically scanned for the presence of malicious intent only once (and subsequent rescanning is typically performed in a simplistic manner). Existing methods in the art do not address how to most effectively rescan collections of files in a way that tries to optimize performance and efficacy. Accordingly we present novel methods, components, and systems for intelligently rescanning file collections and thereby enabling retroactive detection of malicious software and also retroactive identification of clean software. These methods may also be useful if additional information is now available regarding a file that might be useful to an end-user or an administrator, even though the file's core disposition might not have changed. More specifically, we describe methods, components, and systems that perform data analytics to intelligently rescan file collections for the purpose of retroactively identifying malware and retroactively identifying clean files. The disclosed invention provides a significant improvement with regard to efficacy and performance compared to previous approaches. |
| 申请公布号 |
US2014165203(A1) |
申请公布日期 |
2014.06.12 |
| 申请号 |
US201313942360 |
申请日期 |
2013.07.15 |
| 申请人 |
Sourcefire, Inc. |
发明人 |
FRIEDRICHS Oliver;HUGER Alfred;RAMZAN Zulfikar |
| 分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for intelligently rescanning files previously identified as having a benign or malicious disposition, comprising a client component and a server component which are capable of communicating with each other either directly or indirectly; wherein the client is configured to extract meta-data from files of interest, including files that have previously been assigned a benign disposition and files that have previously been assigned a malicious disposition, and to provide the server with an identification of said files of interest as well as said meta-data for each of said files of interest, and wherein the server is configured to log said files of interest and associated meta-data, and wherein the server is configured to periodically scan file logs to identify files whose characteristics may be indicative of a disposition change; and wherein files whose characteristics may be indicative of a disposition change are identified for rescanning against the most current intelligence the server has for identifying updated file dispositions.
|
| 地址 |
Columbia MD US |
