×

Systems and methods for detecting malware using file clustering

  • US 9,185,119 B1
  • Filed: 05/08/2014
  • Issued: 11/10/2015
  • Est. Priority Date: 05/08/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for detecting malware using file clustering, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

  • identifying an unknown file with an unknown reputation;

    identifying at least one known file with a known reputation that co-occurs with the unknown file;

    identifying a classification assigned to the known file;

    determining a probability that the unknown file is of the same classification as the known file;

    assigning, based on the probability that the unknown file is of the same classification as the known file, the classification of the known file to the unknown file wherein identifying the unknown file comprises;

    obtaining, from at least one client device, information that identifies the unknown file;

    querying, using the information that identifies the unknown file, a file reputation database that associates file information with file reputations;

    receiving, in response to querying the file reputation database, an indication that the unknown file'"'"'s reputation is unknown.

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×