Identifying attacks on file systems
US-11170104-B1 · Nov 9, 2021 · US
Multi-dimensional malware analysis
US12045349B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12045349-B2 |
| Application number | US-202217978624-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 1, 2022 |
| Priority date | Sep 15, 2020 |
| Publication date | Jul 23, 2024 |
| Grant date | Jul 23, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor, a memory, and a network interface; a bucketized reputation modifier table; and instructions encoded within the memory to instruct the processor to: perform a feature-based malware analysis of an object; assign the object a malware reputation according to the feature-based malware analysis; query and receive via the network interface a complementary score for a complementary property of the object; query the bucketized reputation modifier table according to the complementary score to receive a reputation modifier for the object; adjust the object's reputation according to the reputation modifier; and take a security action according to the adjusted reputation.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method of detecting computer malware, comprising: bucketizing analysis results for a class of objects based on one or more features shared by the class of objects; computing respective probabilistic curves for buckets of the bucketized analysis results; computing respective feature analysis thresholds for the probabilistic curves; performing feature analysis on an object under analysis, including computing a malware score; comparing the malware score to a feature analysis threshold for a bucket associated with the object under analysis; and taking a malware action on the object under analysis based on the comparing. 2. The computer-implemented method of claim 1 , wherein bucketizing analysis results comprises computing a set of probabilistic curves associated with the bucketized analysis results. 3. The computer-implemented method of claim 1 , wherein bucketizing analysis results comprises computing bucketized predictions for one or more objects. 4. The computer-implemented method of claim 1 , wherein bucketizing analysis results comprises computing uniform resource locator (URL) reputations for one or more objects. 5. The computer-implemented method of claim 1 , wherein bucketizing analysis results comprises bucketizing internet protocol (IP) address reputations for one or more objects. 6. The computer-implemented method of claim 1 , wherein bucketizing analysis results comprises bucketizing certificate reputation for one or more objects. 7. The computer-implemented method of claim 1 , wherein the probabilistic curves represent a probability that an object is malicious or is associated with a malicious entity, without respect to a severity of maliciousness. 8. The computer-implemented method of claim 1 , wherein the object's position within the probabilistic curves is not a direct input to the feature analysis. 9. The computer-implemented method of claim 1 , wherein computing the probabilistic curves is performed on a cloud or backend service. 10. One or more tangible, nontransitory computer-readable storage media having stored thereon executable instructions to instruct a processor to: bucketize analysis results for a class of objects based on one or more features shared by the class of objects; compute respective probabilistic curves for buckets of the bucketized analysis results; compute respective feature analysis thresholds for the probabilistic curves; perform feature analysis on an object under analysis, including computing a malware score; compare the malware score to a feature analysis threshold for a bucket associated with the object under analysis; and take a malware action on the object under analysis based on the comparing. 11. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein bucketizing analysis results comprises computing a set of probabilistic curves associated with the bucketized analysis results. 12. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein bucketizing analysis results comprises computing bucketized predictions for one or more objects. 13. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein bucketizing analysis results comprises computing uniform resource locator (URL) reputations for one or more objects. 14. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein bucketizing analysis results comprises bucketizing internet protocol (IP) address reputations for one or more objects. 15. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein bucketizing analysis results comprises bucketizing certificate reputation for one or more objects. 16. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein the probabilistic curves represent a probability that an object is malicious or is associated with a malicious entity, without respect to a severity of maliciousness. 17. The one or more tangible, nontransitory computer-readable storage media of claim 10 , wherein the object's position within the probabilistic curves is not a direct input to the feature analysis. 18. A computing apparatus, comprising: a hardware platform comprising a processor circuit and a memory; and instructions encoded within the memory to instruct the processor circuit to: bucketize analysis results for a class of objects based on one or more features shared by the class of objects; compute respective probabilistic curves for buckets of the bucketized analysis results; compute respective feature analysis thresholds for the probabilistic curves; perform feature analysis on an object under analysis, including computing a malware score; compare the malware score to a feature analysis threshold for a bucket associated with the object under analysis; and take a malware action on the object under analysis based on the comparing. 19. The computing apparatus of claim 18 , wherein bucketizing analysis results comprises computing a set of probabilistic curves associated with the bucketized analysis results. 20. The computing apparatus of claim 18 , wherein bucketizing analysis results comprises computing bucketized predictions for one or more objects.
Assignees
Inventors
Classifications
Supervised learning · CPC title
eliminating virus, restoring damaged files · CPC title
by adding security routines or objects to programs · CPC title
Machine learning · CPC title
Combinations of networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12045349B2 cover?
- There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor, a memory, and a network interface; a bucketized reputation modifier table; and instructions encoded within the memory to instruct the processor to: perform a feature-based malware analysis of an object; assign the object a malware reputation according to the feature-based malware anal…
- Who is the assignee on this patent?
- Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/566. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 23 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).