CA2770265C - Individualized time-to-live for reputation scores of computer files - Google Patents

Individualized time-to-live for reputation scores of computer files Download PDF

Info

Publication number
CA2770265C
CA2770265C CA2770265A CA2770265A CA2770265C CA 2770265 C CA2770265 C CA 2770265C CA 2770265 A CA2770265 A CA 2770265A CA 2770265 A CA2770265 A CA 2770265A CA 2770265 C CA2770265 C CA 2770265C
Authority
CA
Canada
Prior art keywords
score
reputation
file
ttl
reputation score
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA2770265A
Other languages
English (en)
French (fr)
Other versions
CA2770265A1 (en
Inventor
Vijay Seshadri
Zulfikar Ramzan
James Hoagland
Adam L. Glick
Adam Wright
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CA Inc
Original Assignee
Symantec Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Symantec Corp filed Critical Symantec Corp
Publication of CA2770265A1 publication Critical patent/CA2770265A1/en
Application granted granted Critical
Publication of CA2770265C publication Critical patent/CA2770265C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
CA2770265A 2009-09-15 2010-09-10 Individualized time-to-live for reputation scores of computer files Active CA2770265C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US12/560,261 US8800030B2 (en) 2009-09-15 2009-09-15 Individualized time-to-live for reputation scores of computer files
US12/560,261 2009-09-15
PCT/US2010/048475 WO2011034792A1 (en) 2009-09-15 2010-09-10 Individualized time-to-live for reputation scores of computer files

Publications (2)

Publication Number Publication Date
CA2770265A1 CA2770265A1 (en) 2011-03-24
CA2770265C true CA2770265C (en) 2016-10-11

Family

ID=43064680

Family Applications (1)

Application Number Title Priority Date Filing Date
CA2770265A Active CA2770265C (en) 2009-09-15 2010-09-10 Individualized time-to-live for reputation scores of computer files

Country Status (5)

Country Link
US (1) US8800030B2 (enExample)
EP (1) EP2478460B1 (enExample)
JP (1) JP5610451B2 (enExample)
CA (1) CA2770265C (enExample)
WO (1) WO2011034792A1 (enExample)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2653834B2 (ja) 1988-06-07 1997-09-17 マツダ株式会社 過給機付エンジンの吸気装置
GB0513375D0 (en) 2005-06-30 2005-08-03 Retento Ltd Computer security
US8312536B2 (en) 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US8250657B1 (en) 2006-12-29 2012-08-21 Symantec Corporation Web site hygiene-based computer security
US8499063B1 (en) 2008-03-31 2013-07-30 Symantec Corporation Uninstall and system performance based software application reputation
US8769702B2 (en) 2008-04-16 2014-07-01 Micosoft Corporation Application reputation service
US8595282B2 (en) 2008-06-30 2013-11-26 Symantec Corporation Simplified communication of a reputation score for an entity
US8413251B1 (en) 2008-09-30 2013-04-02 Symantec Corporation Using disposable data misuse to determine reputation
US8904520B1 (en) 2009-03-19 2014-12-02 Symantec Corporation Communication-based reputation system
US8381289B1 (en) 2009-03-31 2013-02-19 Symantec Corporation Communication-based host reputation system
US8341745B1 (en) 2010-02-22 2012-12-25 Symantec Corporation Inferring file and website reputations by belief propagation leveraging machine reputation
US10210162B1 (en) 2010-03-29 2019-02-19 Carbonite, Inc. Log file management
US9390263B2 (en) 2010-03-31 2016-07-12 Sophos Limited Use of an application controller to monitor and control software file and application environments
US8839432B1 (en) * 2010-04-01 2014-09-16 Symantec Corporation Method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer
US8510836B1 (en) * 2010-07-06 2013-08-13 Symantec Corporation Lineage-based reputation system
US9235586B2 (en) * 2010-09-13 2016-01-12 Microsoft Technology Licensing, Llc Reputation checking obtained files
US8782149B2 (en) * 2010-11-09 2014-07-15 Comcast Interactive Media, Llc Smart address book
US8863291B2 (en) 2011-01-20 2014-10-14 Microsoft Corporation Reputation checking of executable programs
US8732587B2 (en) * 2011-03-21 2014-05-20 Symantec Corporation Systems and methods for displaying trustworthiness classifications for files as visually overlaid icons
US9319420B1 (en) 2011-06-08 2016-04-19 United Services Automobile Association (Usaa) Cyber intelligence clearinghouse
US9824198B2 (en) 2011-07-14 2017-11-21 Docusign, Inc. System and method for identity and reputation score based on transaction history
TWI543011B (zh) * 2012-01-10 2016-07-21 Verint Systems Ltd Method and system for extracting digital fingerprints of malicious files
US9715325B1 (en) 2012-06-21 2017-07-25 Open Text Corporation Activity stream based interaction
US9124472B1 (en) 2012-07-25 2015-09-01 Symantec Corporation Providing file information to a client responsive to a file download stability prediction
GB2506605A (en) * 2012-10-02 2014-04-09 F Secure Corp Identifying computer file based security threats by analysis of communication requests from files to recognise requests sent to untrustworthy domains
JP5874659B2 (ja) 2013-02-28 2016-03-02 Jfeスチール株式会社 2ピース缶用ラミネート金属板および2ピースラミネート缶体
WO2014142986A1 (en) * 2013-03-15 2014-09-18 Mcafee, Inc. Server-assisted anti-malware client
WO2014143012A1 (en) 2013-03-15 2014-09-18 Mcafee, Inc. Remote malware remediation
US9311480B2 (en) 2013-03-15 2016-04-12 Mcafee, Inc. Server-assisted anti-malware client
US9432437B1 (en) * 2013-08-15 2016-08-30 Sprint Communications Company L.P. Dynamic telemetry client message routing
US9065849B1 (en) * 2013-09-18 2015-06-23 Symantec Corporation Systems and methods for determining trustworthiness of software programs
US9607086B2 (en) 2014-03-27 2017-03-28 Mcafee, Inc. Providing prevalence information using query data
US10735550B2 (en) * 2014-04-30 2020-08-04 Webroot Inc. Smart caching based on reputation information
US9323924B1 (en) * 2014-05-09 2016-04-26 Symantec Corporation Systems and methods for establishing reputations of files
US10686759B2 (en) 2014-06-22 2020-06-16 Webroot, Inc. Network threat prediction and blocking
GB2584585B8 (en) * 2014-12-15 2021-11-03 Sophos Ltd Monitoring variations in observable events for threat detection
US9774613B2 (en) 2014-12-15 2017-09-26 Sophos Limited Server drift monitoring
US9419989B2 (en) * 2014-12-15 2016-08-16 Sophos Limited Threat detection using URL cache hits
US9571512B2 (en) 2014-12-15 2017-02-14 Sophos Limited Threat detection using endpoint variance
US9736349B2 (en) * 2014-12-24 2017-08-15 Intel Corporation Adaptive video end-to-end network with local abstraction
WO2016178127A1 (en) 2015-05-03 2016-11-10 Arm Technologies Israel Ltd. System, device, and method of managing trustworthiness of electronic devices
US10395133B1 (en) 2015-05-08 2019-08-27 Open Text Corporation Image box filtering for optical character recognition
US10599844B2 (en) 2015-05-12 2020-03-24 Webroot, Inc. Automatic threat detection of executable files based on static data analysis
US10050980B2 (en) * 2015-06-27 2018-08-14 Mcafee, Llc Enterprise reputations for uniform resource locators
US10289686B1 (en) 2015-06-30 2019-05-14 Open Text Corporation Method and system for using dynamic content types
US10606844B1 (en) * 2015-12-04 2020-03-31 Ca, Inc. Method and apparatus for identifying legitimate files using partial hash based cloud reputation
US11122063B2 (en) * 2017-11-17 2021-09-14 Accenture Global Solutions Limited Malicious domain scoping recommendation system
US10728034B2 (en) 2018-02-23 2020-07-28 Webroot Inc. Security privilege escalation exploit detection and mitigation
US20200004839A1 (en) * 2018-06-29 2020-01-02 Microsoft Technology Licensing, Llc Download management
US11314863B2 (en) 2019-03-27 2022-04-26 Webroot, Inc. Behavioral threat detection definition and compilation

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078382A1 (en) * 2000-11-29 2002-06-20 Ali Sheikh Scalable system for monitoring network system and components and methodology therefore
US7748038B2 (en) * 2004-06-16 2010-06-29 Ironport Systems, Inc. Method and apparatus for managing computer virus outbreaks
US7953814B1 (en) * 2005-02-28 2011-05-31 Mcafee, Inc. Stopping and remediating outbound messaging abuse
US7908653B2 (en) 2004-06-29 2011-03-15 Intel Corporation Method of improving computer security through sandboxing
US10043008B2 (en) * 2004-10-29 2018-08-07 Microsoft Technology Licensing, Llc Efficient white listing of user-modifiable files
US20060253584A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Reputation of an entity associated with a content item
JP5118020B2 (ja) * 2005-05-05 2013-01-16 シスコ アイアンポート システムズ エルエルシー 電子メッセージ中での脅威の識別
US8528089B2 (en) * 2006-12-19 2013-09-03 Mcafee, Inc. Known files database for malware elimination
US8312536B2 (en) * 2006-12-29 2012-11-13 Symantec Corporation Hygiene-based computer security
US8959568B2 (en) 2007-03-14 2015-02-17 Microsoft Corporation Enterprise security assessment sharing
US7953969B2 (en) * 2007-04-16 2011-05-31 Microsoft Corporation Reduction of false positive reputations through collection of overrides from customer deployments
US8312546B2 (en) * 2007-04-23 2012-11-13 Mcafee, Inc. Systems, apparatus, and methods for detecting malware
US8352511B2 (en) * 2007-08-29 2013-01-08 Partnet, Inc. Systems and methods for providing a confidence-based ranking algorithm
US20090187442A1 (en) * 2008-01-23 2009-07-23 Microsoft Corporation Feedback augmented object reputation service
US8931086B2 (en) * 2008-09-26 2015-01-06 Symantec Corporation Method and apparatus for reducing false positive detection of malware
US9081958B2 (en) * 2009-08-13 2015-07-14 Symantec Corporation Using confidence about user intent in a reputation system
US8621630B2 (en) * 2011-06-17 2013-12-31 Microsoft Corporation System, method and device for cloud-based content inspection for mobile devices

Also Published As

Publication number Publication date
JP2013504824A (ja) 2013-02-07
EP2478460B1 (en) 2015-04-22
JP5610451B2 (ja) 2014-10-22
US20110067101A1 (en) 2011-03-17
WO2011034792A1 (en) 2011-03-24
EP2478460A1 (en) 2012-07-25
US8800030B2 (en) 2014-08-05
CA2770265A1 (en) 2011-03-24

Similar Documents

Publication Publication Date Title
CA2770265C (en) Individualized time-to-live for reputation scores of computer files
AU2018217323B2 (en) Methods and systems for identifying potential enterprise software threats based on visual and non-visual data
US9246931B1 (en) Communication-based reputation system
US8756691B2 (en) IP-based blocking of malware
US8015284B1 (en) Discerning use of signatures by third party vendors
US8381289B1 (en) Communication-based host reputation system
US8239944B1 (en) Reducing malware signature set size through server-side processing
US8095964B1 (en) Peer computer based threat detection
US8312537B1 (en) Reputation based identification of false positive malware detections
US8413244B1 (en) Using temporal attributes to detect malware
US8726391B1 (en) Scheduling malware signature updates in relation to threat awareness and environmental safety
US8621233B1 (en) Malware detection using file names
US8566932B1 (en) Enforcing good network hygiene using reputation-based automatic remediation
US8413235B1 (en) Malware detection using file heritage data
US9065845B1 (en) Detecting misuse of trusted seals
US9178906B1 (en) Detecting and remediating malware dropped by files
US8296477B1 (en) Secure data transfer using legitimate QR codes wherein a warning message is given to the user if data transfer is malicious
US8510836B1 (en) Lineage-based reputation system
US8190647B1 (en) Decision tree induction that is sensitive to attribute computational complexity
US20090328209A1 (en) Simplified Communication of a Reputation Score for an Entity
US8239953B1 (en) Applying differing security policies for users who contribute differently to machine hygiene
JP2015535115A (ja) マルウェア定義パッケージサイズを縮小するためのテレメトリの使用
US12430437B2 (en) Specific file detection baked into machine learning pipelines
WO2014137321A1 (en) Modification of application store output
JP2018022248A (ja) ログ分析システム、ログ分析方法及びログ分析装置

Legal Events

Date Code Title Description
EEER Examination request