×

Using temporal attributes to detect malware

  • US 8,413,244 B1
  • Filed: 11/11/2010
  • Issued: 04/02/2013
  • Est. Priority Date: 11/11/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for classifying computer files, comprising:

  • identifying a plurality of client systems hosting a local instance of a target file;

    for one or more of the identified plurality of client systems,identifying a plurality of files hosted on the client system, one or more of the plurality of files associated with a timestamp within a time range around a timestamp associated with the local instance of the target file hosted on the client system,identifying known malicious files in the plurality of files hosted on the client system,for one or more of the identified known malicious files, determining a score measuring a temporal proximity between the timestamp of the malicious file and the timestamp the local instance of the target file, anddetermining a local malicious temporal proximity score measuring an aggregation of the scores of the identified known malicious files;

    determining a global malicious temporal proximity score measuring an aspect of the local malicious temporal proximity scores of the identified plurality of client systems; and

    determining a classification of the target file based at least in part on the global malicious temporal proximity score.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×