Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using Bayesian filtering
First Claim
1. A computer-assisted method of reducing spread of malware in an Instant Message (IM) system, comprising:
- a) analyzing messages exchanged between an IM server and an IM client;
b) identifying one or more messages as possibly containing malware among the exchanged messages, at least one of the identified messages being a message sent to a virtual user having a virtual IM account, the virtual user automatically participating in a dialog with other users to elicit messages from malware operators;
c) assigning a confidence level to each identified message, wherein a confidence level represents a probability of a message containing malware;
d) training a Bayesian filter using the identified messages and the confidence levels;
e) adjusting the confidence levels using a Bayesian filter; and
f) iteratively applying steps a) through e) for identifying additional messages as possibly containing malware, for re-training the Bayesian filter using at least the identified additional messages, and for further adjusting the confidence levels using the Bayesian filter.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for reducing the spread of malware in communication between an instant message (IM) client and an IM server are described. An IM filter module (IM FM) is configured to analyze messages exchanged between an IM server and an IM client. The IM FM also identifies one or more messages as possibly containing malware among the exchanged messages and assigns a confidence level to each identified message. A confidence level represents a probability of a message containing malware. A Bayesian filter is configured to train itself using the identified messages and the confidence levels and adjust the confidence levels. A feedback training mechanism for the Bayesian filter is also included. In particular, the IM FM examines additional messages exchanged between the IM server and IM client, identifies one or more messages as possibly containing malware among the additional messages using the adjusted confidence values. The IM FM also assigns a confidence level to each additionally identified message. The Bayesian filter is further configured to re-train itself using the identified messages, the additionally identified messages, and the confidence levels and adjust the confidence levels.
-
Citations
35 Claims
-
1. A computer-assisted method of reducing spread of malware in an Instant Message (IM) system, comprising:
-
a) analyzing messages exchanged between an IM server and an IM client; b) identifying one or more messages as possibly containing malware among the exchanged messages, at least one of the identified messages being a message sent to a virtual user having a virtual IM account, the virtual user automatically participating in a dialog with other users to elicit messages from malware operators; c) assigning a confidence level to each identified message, wherein a confidence level represents a probability of a message containing malware; d) training a Bayesian filter using the identified messages and the confidence levels; e) adjusting the confidence levels using a Bayesian filter; and f) iteratively applying steps a) through e) for identifying additional messages as possibly containing malware, for re-training the Bayesian filter using at least the identified additional messages, and for further adjusting the confidence levels using the Bayesian filter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-assisted system of reducing spread of malware in an instant message (IM) system, comprising:
-
a) an IM filter module configured to analyze messages exchanged between an IM server and an IM client to identify one or more messages as possibly containing malware among the exchanged messages, at least one of the identified messages being a message sent to a virtual user having a virtual IM account, the virtual user automatically participating in a dialog with other users to elicit messages from malware operators, and to assign a confidence level to each identified message, wherein a confidence level represents a probability of a message containing malware; b) a Bayesian filter configured to train itself using the identified messages and the confidence levels, and to adjust the confidence levels; c) the IM filter module further configured to identify additional messages as possibly containing malware; and d) the Bayesian filter further configured to re-train itself using at least the identified additional messages and to further adjust the confidence levels. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program product comprising a computer-readable medium storing computer instructions for configuring a computer to perform steps comprising:
-
a) analyzing messages exchanged between an IM server and an IM client; b) identifying one or more messages as possibly containing malware among the exchanged messages, at least one of the identified messages being a message sent to a virtual user having a virtual IM account, the virtual user automatically participating in a dialog with other users to elicit messages from malware operators; c) assigning a confidence level to each identified message, wherein a confidence level represents a probability of a message containing malware; d) training a Bayesian filter using the identified messages and the confidence levels; e) adjusting the confidence levels using a Bayesian filter; and f) iteratively applying steps a) through e) for identifying additional messages as possibly containing malware, for re-training the Bayesian filter using at least the identified additional messages, and for further adjusting the confidence levels using the Bayesian filter. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification