Using file reputations to identify malicious file sources in real time
US8683585B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 10, 2011 |
| Grant date | Mar 25, 2014 |
| Priority date | — |
| Expiry date | Nov 2, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
File reputations are used to identify malicious file sources. Attempts to access files from external sources are monitored. For each monitored attempt to access a file, a reputation of the specific file is determined. Responsive to a determined reputation of a file meeting a threshold, the file is adjudicated to be malicious. Attempts by sources to distribute malicious files are tracked. Responsive to tracked attempts by sources to distribute malicious files, reputations of file sources are determined. Responsive to a determined reputation of a source meeting a threshold, the source is adjudicated to be malicious, and files the source distributes are analyzed to determine whether they comprise malware. Malicious sources are blocked. Malware and malicious sources are analyzed to identify exploits and distribution patterns.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.