| 发明名称 |
Method and system for detection of previously unknown malware |
| 摘要 |
A system, method and computer program product for detection of the previously unknown malware, the method comprising: (a) receiving event information and file metadata from a remote computer; (b) identifying whether the event information or the file metadata are indicative of the already known malware presence, indicative of the unknown malware presence, or indicative of malware absence; (c) if the event information or the file metadata are indicative of the known malware or indicative of malware absence, filtering out the event information and the file metadata; (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata to determine if the event and the file metadata are indicative of the previously unknown malware presence; and (e) where performing a risk analysis and risk assessment includes a "parent-child" hierarchy of the files, and the risk assessed to the parent is based on the risk associated with the child.
|
| 申请公布号 |
US8572740(B2) |
申请公布日期 |
2013.10.29 |
| 申请号 |
US20090645523 |
申请日期 |
2009.12.23 |
| 申请人 |
MASHEVSKY YURY V.;NAMESTNIKOV YURY V.;DENISHCHENKO NIKOLAY V.;ZELENSKY PAVEL A.;KASPERSKY LAB, ZAO |
发明人 |
MASHEVSKY YURY V.;NAMESTNIKOV YURY V.;DENISHCHENKO NIKOLAY V.;ZELENSKY PAVEL A. |
| 分类号 |
G06F12/14;G06F21/55;G06F21/56;H04L29/06 |
主分类号 |
G06F12/14 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
