Malware detection using file heritage data
US8413235B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 10, 2010 |
| Grant date | Apr 2, 2013 |
| Priority date | — |
| Expiry date | Jul 1, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/552
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A security module on a client monitors file creations at the client and reports heritage data describing the monitored file creations to a security server. A file categorization module at the security server receives file heritage data reports from a plurality of clients. The heritage data reports identify parent files that created executable child files at the clients. The file categorization module filters the heritage data to identify and prioritize parent files that are not categorized. The file categorization module analyzes the uncategorized files in priority order to categorize the files as “expected executable file creators” or “executable file creators of interest.” The file categorization module reports the file categorization data to the security modules of the clients. The security modules use the file categorization data to identify malware at the clients.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.