专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20170061123A1 Detecting Suspicious File Prospecting Activity from Patterns of User Activity 审中-公开
标题翻译：从用户活动模式中检测可疑文件查找活动
公开(公告)号：US20170061123A1
公开(公告)日：2017-03-02
申请号：US14836804
申请日：2015-08-26
申请人： Symantec Corporation
发明人： Aleatha Parker-Wood , Andrew Gardner
IPC分类号： G06F21/55 , G06F17/30
CPC分类号： G06F21/552 , G06F21/556 , G06F2221/033
摘要： Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one or more baseline statistics describing the pattern of the user's access of the file system during the given period of time. At least one subsequent anomaly in the user's access of the file system is detected, by comparing at least one subsequently calculated statistic representing at least one subsequent pattern of the user's file system access to the at least one baseline statistic.
摘要翻译：基于文件系统访问模式检测到可疑文件检索活动。在特定时间段内监视用户的文件系统访问。记录用户在该时间段期间进行的文件访问（例如，表示为路径名）的顺序。确定记录的文件访问之间的距离，例如作为编辑距离。记录距离序列，包括确定的距离的记录。距离序列减少到描述用户在给定时间段内文件系统的访问模式的一个或多个基线统计信息。通过将表示用户文件系统访问的至少一个后续模式的至少一个随后计算的统计量与至少一个基线统计量进行比较来检测文件系统的用户访问中的至少一个后续异常。

2. 发明授权

US10366344B1 Systems and methods for selecting features for classification 有权
公开(公告)号：US10366344B1
公开(公告)日：2019-07-30
申请号：US15087743
申请日：2016-03-31
申请人： Symantec Corporation
发明人： Nikolaos Vasiloglou , Jugal Parikh , Andrew Gardner
IPC分类号： G06N20/00 , G06F17/16
摘要： A computer-implemented method for selecting features for classification may include (1) generating a matrix X, a column vector Y, and a matrix Z from a training dataset that includes a plurality of samples with a plurality of features, (2) generating an augmented matrix from the matrix X, the column vector Y, and the matrix Z, (3) identifying one or more most-relevant features from the plurality of features by iteratively applying a sweep operation to the augmented matrix, and (4) training a classification model using the most-relevant features from the plurality of features rather than all of the plurality of features. Various other methods, systems, and computer-readable media may have similar features.

3. 发明授权

US10250617B1 Systems and methods for detecting malware using machine learning 有权
公开(公告)号：US10250617B1
公开(公告)日：2019-04-02
申请号：US14948341
申请日：2015-11-22
申请人： Symantec Corporation
发明人： Andrew Gardner , Walter Bogorad , Jun Mao
IPC分类号： H04L29/06 , G06F17/30 , G06N3/08 , G06F16/26
摘要： A computer-implemented method for detecting malware using machine learning may include (1) identifying data to be analyzed for malware, (2) classifying, using a classifier created by a combination of at least one deep learning neural network and at least one supervised data mining method, the data to be analyzed for malware, (3) determining, based on a predefined threshold, that the classification of the data indicates potential malware on the computing device, and (4) performing a security action based on the determination of potential malware on the computing device. Various other methods, systems, and computer-readable media are also disclosed.

4. 发明授权

US10037425B2 Detecting suspicious file prospecting activity from patterns of user activity 有权
公开(公告)号：US10037425B2
公开(公告)日：2018-07-31
申请号：US14836804
申请日：2015-08-26
申请人： Symantec Corporation
发明人： Aleatha Parker-Wood , Andrew Gardner
IPC分类号： G06F21/56 , G06F21/55
CPC分类号： G06F21/552 , G06F21/556 , G06F2221/033
摘要： Suspicious file prospecting activity is detected based on patterns of file system access. A user's file system access is monitored over a specific time period. A sequence of the file accesses (e.g., represented as path names) made by the user during the time period is recorded. Distances between the recorded file accesses are determined, for example as edit distances. A distance sequence is recorded, comprising a record of the determined distances. The distance sequence is reduced to one or more baseline statistics describing the pattern of the user's access of the file system during the given period of time. At least one subsequent anomaly in the user's access of the file system is detected, by comparing at least one subsequently calculated statistic representing at least one subsequent pattern of the user's file system access to the at least one baseline statistic.

5. 发明授权

US09992211B1 Systems and methods for improving the classification accuracy of trustworthiness classifiers 有权
公开(公告)号：US09992211B1
公开(公告)日：2018-06-05
申请号：US14836991
申请日：2015-08-27
申请人： Symantec Corporation
发明人： Petrus Johannes Viljoen , Douglas Schlatter , Carey Nachenberg , Andrew Gardner
IPC分类号： H04L29/06 , G06F21/56 , G06N99/00
CPC分类号： G06N99/005 , G06F21/56
摘要： The disclosed computer-implemented method for improving the classification accuracy of trustworthiness classifiers may include (1) identifying a set of training data that is available for training trustworthiness classifiers used to classify computing resources as clean or malicious, (2) selecting, based at least in part on a characteristic of a specific organization, a subset of training data from the set of training data that is available for training trustworthiness classifiers, (3) training a trustworthiness classifier for the specific organization using the subset of training data selected based at least in part on the characteristic of the specific organization, and then (4) applying the trustworthiness classifier to at least one computing resource encountered by the specific organization to classify the computing resource as clean or malicious. Various other methods, systems, and computer-readable media are also disclosed.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式