Risk scoring system for the prevention of malware
First Claim
Patent Images
1. A method comprising:
- analyzing a file, by a computing device having a processor, to determine a presence or absence of each of a plurality of predefined properties in the file;
calculating a score, by the computing device, based on the presence or absence of the plurality of properties in the file, the score being reflective of a risk that the file is malicious, wherein calculating the score comprises;
generating a risk score for each property determined to be present in the file, the risk score reflecting a probability of the respective property existing in a malicious file,generating a weight score for each property, the weight score reflecting a probability of occurrence of the respective property in a non-malicious file, wherein the weight score is inversely related to the probability of occurrence of the respective property in a non-malicious file, andcalculating the score based on an aggregate of the risk scores and the weight scores; and
further processing the file based on the score, using the computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method suitable for detecting malicious files includes several steps. A file that is received into a computer system is analyzed to determine a presence or absence of each of a plurality of predefined properties in the file. A score is calculated based on the presence or absence of the plurality of properties in the file. This score is reflective of the risk that the file is malicious. Once the score is calculated, the file can be further processed based on the score.
33 Citations
13 Claims
-
1. A method comprising:
-
analyzing a file, by a computing device having a processor, to determine a presence or absence of each of a plurality of predefined properties in the file; calculating a score, by the computing device, based on the presence or absence of the plurality of properties in the file, the score being reflective of a risk that the file is malicious, wherein calculating the score comprises; generating a risk score for each property determined to be present in the file, the risk score reflecting a probability of the respective property existing in a malicious file, generating a weight score for each property, the weight score reflecting a probability of occurrence of the respective property in a non-malicious file, wherein the weight score is inversely related to the probability of occurrence of the respective property in a non-malicious file, and calculating the score based on an aggregate of the risk scores and the weight scores; and further processing the file based on the score, using the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium containing computer-executable code comprising instructions configured to cause one or more processors to perform:
-
analyzing a file to determine a presence or absence of each of a plurality of predefined properties in the file; and calculating a score based on the presence or absence of the plurality of properties in the file, the score being reflective of a risk that the file is malicious, wherein calculating the score comprises; generating a risk score for each property determined to be present in the file, the risk score being reflective of a probability of the respective property existing in a malicious file, generating a weight score for each property, the weight score reflecting a probability of occurrence of the respective property in a non-malicious file, wherein the weight score is inversely related to the probability of occurrence of the respective property in a non-malicious file, and calculating the score based on an aggregate of the risk scores and the weight scores. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification