Systems and methods for identifying suspicious singleton files using correlational predictors
US10073983B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 11, 2015 |
| Grant date | Sep 11, 2018 |
| Priority date | — |
| Expiry date | May 10, 2036 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/565
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The disclosed computer-implemented method for identifying suspicious singleton files using correlational predictors may include (1) identifying a set of known-clean computing devices that include no singleton files, (2) detecting at least one software component that is installed on a threshold number of the known-clean computing devices, (3) identifying an unvindicated computing device whose infection status is unknown, (4) determining that, in addition to being installed on the threshold number of known-clean computing devices, the software component is installed on the unvindicated computing device, (5) determining that the unvindicated computing device includes at least one singleton file, and then (6) classifying the singleton file as suspicious in response to determining that (A) the software component is installed on the unvindicated computing device and (B) the unvindicated computing device includes the singleton file. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.