Systems and methods for creating behavioral signatures used to detect malware
US9483643B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Mar 13, 2015 |
| Grant date | Nov 1, 2016 |
| Priority date | — |
| Expiry date | Mar 13, 2035 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The disclosed computer-implemented method for creating behavioral signatures used to detect malware may include (1) maintaining a database that identifies (A) known malicious files and behaviors exhibited by the known malicious files and (B) known non-malicious files and behaviors exhibited by the known non-malicious files and (2) creating a behavioral signature used to detect malware by (A) determining a combination of behaviors exhibited by at least one of the known malicious files, (B) identifying the number of known malicious files that exhibit each behavior within the combination, (C) identifying the number of known non-malicious files that exhibit each behavior within the combination, and (D) determining that the number of known malicious files that exhibit each behavior within the combination exceeds the number of known non-malicious files that exhibit each behavior within the combination by a certain threshold. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.