Statistical analytic method for the determination of the risk posed by file based content
First Claim
Patent Images
1. A system, comprising:
- a computer;
a processor in the computer;
a memory in the computer;
a database stored in the memory, the database including;
a plurality of checks organized into a plurality of categories, each of the plurality of checks used to check whether an electronic file conforms to some purported file format for the electronic file and therefore is known to be good; and
for each of the plurality of categories, a weight assigned to the category, the weights assigned to the plurality of categories including default weights assigned to the plurality of categories;
a receiver to receive the electronic file and to receive second weights from a user to assign to the plurality of categories to override the default weights assigned to the plurality of categories;
the processor executing an analyzer to analyze the electronic file using the plurality of checks in the database; and
a threat calculator to calculate a risk assessment for the electronic file using a result from the analyzer and the weights assigned to the plurality of categories after the electronic file has been analyzed by the analyzer,wherein the analyzer analyzes the electronic file and the threat calculator calculates the risk assessment for the electronic file whether or not the electronic file is known to be good.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for calculating a risk assessment for an electronic file is described. A database of checks, organized into categories, can be used to scan electronic files. The categories of checks can include weights assigned to them. An analyzer can analyze electronic files using the checks. Issues identified by the analyzer can be weighted using the weights to determine a risk assessment for the electronic file.
96 Citations
19 Claims
-
1. A system, comprising:
-
a computer; a processor in the computer; a memory in the computer; a database stored in the memory, the database including; a plurality of checks organized into a plurality of categories, each of the plurality of checks used to check whether an electronic file conforms to some purported file format for the electronic file and therefore is known to be good; and for each of the plurality of categories, a weight assigned to the category, the weights assigned to the plurality of categories including default weights assigned to the plurality of categories; a receiver to receive the electronic file and to receive second weights from a user to assign to the plurality of categories to override the default weights assigned to the plurality of categories; the processor executing an analyzer to analyze the electronic file using the plurality of checks in the database; and a threat calculator to calculate a risk assessment for the electronic file using a result from the analyzer and the weights assigned to the plurality of categories after the electronic file has been analyzed by the analyzer, wherein the analyzer analyzes the electronic file and the threat calculator calculates the risk assessment for the electronic file whether or not the electronic file is known to be good. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving an electronic file; analyzing the electronic file using a plurality of checks to determine whether the electronic file conforms to an expected format and therefore is known to be good, the plurality of checks organized into a plurality of categories, wherein the electronic file is analyzed using the plurality of checks whether or not the electronic file is known to be good; determining a weight for each of the plurality of categories, including receiving a default weight to assign to each of the plurality of categories; receiving second weights from a user to assign to the plurality of categories to override the default weights assigned to the plurality of categories; and calculating a final risk assessment of the electronic file using the plurality of categories and the weights assigned to each of the plurality of categories after the electronic file has been analyzed by the analyzer, wherein the final risk assessment of the electronic file is calculated whether or not the electronic file is known to be good. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A tangible non-transitory computer-readable medium storing instructions that, when executed by a machine, result in:
-
receiving an electronic file; analyzing the electronic file using a plurality of checks to determine whether the electronic file conforms to an expected format and therefore is known to be good, the plurality of checks organized into a plurality of categories, wherein the electronic file is analyzed using the plurality of checks whether or not the electronic file is known to be good; determining a weight for each of the plurality of categories, including receiving a default weight to assign to each of the plurality of categories; receiving second weights from a user to assign to the plurality of categories to override the default weights assigned to the plurality of categories; and calculating a final risk assessment of the electronic file using the plurality of categories and the weights assigned to each of the plurality of categories after the electronic file has been analyzed by the analyzer, wherein the final risk assessment of the electronic file is calculated whether or not the electronic file is known to be good.
-
Specification