Statistical analytic method for the determination of the risk posed by file based content
First Claim
Patent Images
1. A system, comprising:
- a computer;
a memory in the computer;
a database stored in the memory, the database including;
a plurality of checks organized into a plurality of categories; and
for each of the plurality of categories, a weight assigned to the category, including default weights assigned to the plurality of categories;
a receiver to receive an electronic file;
an analyser to analyse a first corpus of files with known non-conformities to produce a first result and to analyse a second corpus of safe files to produce a second result, and to analyse the electronic file using the plurality of checks in the database;
a statistical analyser to statistically review the first result and the second result and to adjust the default weights assigned to the plurality of categories so that a first calculated risk assessment for the first corpus of files is higher than a second calculated risk assessment for the second corpus of files; and
a threat calculator to calculate a risk assessment for the electronic file using a result from the analyser and the weights assigned to the plurality of categories,wherein when the risk assessment indicates that the electronic file is likely a threat, the electronic file can be detonated in an electronic sandbox.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for calculating a risk assessment for an electronic file is described. A database of checks, organized into categories, can be used to scan electronic files. The categories of checks can include weights assigned to them. An analyzer can analyze electronic files using the checks. Issues identified by the analyzer can be weighted using the weights to determine a risk assessment for the electronic file.
98 Citations
18 Claims
-
1. A system, comprising:
-
a computer; a memory in the computer; a database stored in the memory, the database including; a plurality of checks organized into a plurality of categories; and for each of the plurality of categories, a weight assigned to the category, including default weights assigned to the plurality of categories; a receiver to receive an electronic file; an analyser to analyse a first corpus of files with known non-conformities to produce a first result and to analyse a second corpus of safe files to produce a second result, and to analyse the electronic file using the plurality of checks in the database; a statistical analyser to statistically review the first result and the second result and to adjust the default weights assigned to the plurality of categories so that a first calculated risk assessment for the first corpus of files is higher than a second calculated risk assessment for the second corpus of files; and a threat calculator to calculate a risk assessment for the electronic file using a result from the analyser and the weights assigned to the plurality of categories, wherein when the risk assessment indicates that the electronic file is likely a threat, the electronic file can be detonated in an electronic sandbox. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving an electronic file; analysing the electronic file using a plurality of checks to determine when the electronic file conforms to an expected format, the plurality of checks organized into a plurality of categories; determining a weight for each of the plurality of categories, including; receiving a default weight to assign to each of the plurality of categories; receiving a first corpus of files with known non-conformities and a second corpus of safe files; scanning the first corpus of files to produce a first result and the second corpus of files to produce a second result; statistically analysing the first result and the second result; and using the analysis of the first result and the second result to adjust the default weight assigned to each of the plurality of categories so that a first calculated risk assessment for the first corpus of files is higher than a second calculated risk assessment for the second corpus of files; and calculating a final risk assessment of the electronic file using the plurality of categories and the weights assigned to each of the plurality of categories, wherein when the final risk assessment indicates that the electronic file is likely a threat, the electronic file can be detonated in an electronic sandbox. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A tangible computer-readable medium storing non-transitory instructions that, when executed by a machine, result in:
-
receiving an electronic file; analysing the electronic file using a plurality of checks to determine when the electronic file conforms to an expected format, the plurality of checks organized into a plurality of categories; determining a weight for each of the plurality of categories, including; receiving a default weight to assign to each of the plurality of categories; receiving a first corpus of files with known non-conformities and a second corpus of safe files; scanning the first corpus of files to produce a first result and the second corpus of files to produce a second result; statistically analysing the first result and the second result; and using the analysis of the first result and the second result to adjust the default weight assigned to each of the plurality of categories so that a first calculated risk assessment for the first corpus of files is higher than a second calculated risk assessment for the second corpus of files; and calculating a final risk assessment of the electronic file using the plurality of categories and the weights assigned to each of the plurality of categories, wherein when the final risk assessment indicates that the electronic file is likely a threat, the electronic file can be detonated in an electronic sandbox.
-
Specification