| 发明名称 |
Lineage-based reputation system |
| 摘要 |
A computer generates a reputation score for a file based at least in part on the lineage of the file. A security module on a client monitors file creations on the client and identifies a parent file creating a child file. The security module provides a lineage report describing the lineage relationship to a security server. The security server uses lineage reports from the client to generate one or more lineage scores for the files identified by the reports. The security server aggregates the lineage scores for files reported by multiple clients. The aggregated lineage scores are used by the security server to generate reputation scores for files. The reputation score for a file indicates a likelihood that the file is malicious. The security server reports the reputation scores to the clients, and the clients use the reputation scores to determine whether files detected at the clients are malicious.
|
| 申请公布号 |
US8510836(B1) |
申请公布日期 |
2013.08.13 |
| 申请号 |
US20100831004 |
申请日期 |
2010.07.06 |
| 申请人 |
NACHENBERG CAREY S.;SYMANTEC CORPORATION |
发明人 |
NACHENBERG CAREY S. |
| 分类号 |
G06F21/00;G06F7/00;G06F11/00;G06F12/14;G06F15/16;G06F15/18;G06F17/00;G06F17/30;G06Q30/00;H04L12/58;H04L29/06 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
|
| 地址 |
|
