×

METHOD AND SYSTEM FOR DETECTION OF PREVIOUSLY UNKNOWN MALWARE

  • US 20110083180A1
  • Filed: 12/23/2009
  • Published: 04/07/2011
  • Est. Priority Date: 10/01/2009
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detection of previously unknown malware, the method comprising:

  • (a) receiving event information and file metadata from a remote computer;

    (b) identifying whether the event information or the file metadata are indicative of known malware presence, indicative of unknown malware presence, or indicative of malware absence;

    (c) if the event information or the file metadata are indicative of known malware or indicative of malware absence, filtering out the event information and the file metadata;

    (d) performing a risk analysis and risk assessment for the remaining event information and the remaining file metadata so as to determine if the event and the file metadata are indicative of the previously unknown malware presence; and

    (e) performing a risk analysis and risk assessment wherein the risk analysis and risk assessment includes a construction of a “

    parent-child”

    hierarchy based on invocation sequence of the files, and wherein the risk assessed to the parent is based on the risk associated with the child.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×