SYSTEMS AND METHODS FOR DETERMINING MALICIOUS-DOWNLOAD RISK BASED ON USER BEHAVIOR
First Claim
1. A computer-implemented method for determining malicious-download risk based on user behavior, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads;
determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users;
analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk;
categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for determining malicious-download risk based on user behavior may include (1) identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads, (2) determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users, (3) analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk, and (4) categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior. Various other methods, systems, and computer-readable media are also disclosed. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for determining malicious-download risk based on user behavior, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads; determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users; analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk; categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for determining malicious-download risk based on user behavior, the system comprising:
-
an identification module, stored in memory, that identifies a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads; a determination module, stored in memory, that determines a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users; an analysis module, stored in memory, that analyzes download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk; a categorization module, stored in memory, that categorizes the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior; at least one physical processor configured to execute the identification module, the determination module, the analysis module, and the categorization module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads; determine a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users; analyze download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk; categorize the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior.
-
Specification