Patent · US Active

Systems and methods for threat detection using a software program update profile

US9800590B1 · kind B1 · utility

12Cited by

1References

18Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Christopher Gates · Culver City, US
Kevin Roundy · El Segundo, US
Sandeep Bhatkar · Sunnyvale, US
Anand Kashyap · Pune, IN
Yin-Chen Liu · Sunnyvale, US
Aleatha Parker-Wood · Palo Alto, US
Leylya Yumer · Antibes, FR

Key dates

Filing date	Jun 25, 2015
Grant date	Oct 24, 2017
Priority date	—
Expiry date	Oct 22, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F8/65
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

The disclosed computer-implemented method for threat detection using a software program update profile may include (1) building an update behavioral model that identifies legitimate update behavior for a software application by (a) monitoring client devices for update events associated with the software application and (b) analyzing the update events to identify the legitimate update behavior of the software application, (2) using the update behavioral model to identify suspicious behavior on a computing system by (a) detecting an update instance on the computing system, (b) comparing the update instance with the legitimate update behavior identified in the update behavioral model, and (c) determining, based on the comparison of the update instance with the legitimate update behavior, that the update instance is suspicious, and (3) in response to determining that the update instance is suspicious, performing a security action. Various other methods, systems, and computer-readable media are also disclosed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.