Malware detection using a white list
US8001606B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jun 30, 2009 |
| Grant date | Aug 16, 2011 |
| Priority date | — |
| Expiry date | Feb 12, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/564
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A reputation server is coupled to multiple clients via a network. A security module at a client identifies an application and determines whether it is on a white list. If the application is not on the white list, the security module monitors the application using a strict set of signatures. If the application is on the white list, the security module monitors the application using a relaxed set of signatures. The relaxed set of signatures can exclude legitimate characteristics possessed by the application as specified by the white list. The security module evaluates whether the application is malicious based at least in part on whether it possesses suspicious characteristics described by the signatures. The reputation server receives reports from clients identifying applications and describing characteristics possessed by the applications and uses the reports to generate the white list.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.