Malware detection using file names
US8621233B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 13, 2010 |
| Grant date | Dec 31, 2013 |
| Priority date | — |
| Expiry date | Jul 29, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/56
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Descriptions of files detected at endpoints are submitted to a security server. The descriptions describe the names of the files and unique identifiers of the files. The security server uses the unique identifiers to identify files having different names at different endpoints. For a given file having multiple names, the names are processed to account for name differences unlikely to have been caused by malware. The processed names for the file are analyzed to determine the amount of dissimilarity among the names. This analysis is used to generate a score indicating a confidence that the computer file contains malicious software, where a greater amount of dissimilarity among the names generally indicates a greater confidence that the computer file contains malicious software. The score is weighted based on file name frequency, the age of the file, and the prevalence of the file. The weighted score is used to determine whether the computer file contains malicious software.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.