-
公开(公告)号:US20220229906A1
公开(公告)日:2022-07-21
申请号:US17151462
申请日:2021-01-18
Applicant: Avast Software s.r.o.
Inventor: Martin Bálek , Fabrizio Biondi , Dmitry Kuznetsov , Olga Petrova
Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.
-
公开(公告)号:US20230291751A1
公开(公告)日:2023-09-14
申请号:US17691930
申请日:2022-03-10
Applicant: Avast Software s.r.o.
Inventor: Armin Wasicek , Fabrizio Biondi , Thomas Salomon
IPC: H04L9/40 , H04L41/16 , G06F16/955
CPC classification number: H04L63/1408 , G06F16/955 , H04L41/16
Abstract: A system and method for preventing access to potentially malicious network destinations. The method includes determining a plurality of network destinations and indicators of the plurality of network destinations including an indicator of a first network destination. A plurality of feature vectors are generated based on the plurality of network destinations including a first feature vector based on the first network destination. Access by a user via a computing device to a second network destination is detected. A second feature vector is generated, and an indicator is determined based on the second network destination. The second feature vector is compared to the plurality of feature vectors. The access by the user to the second network destination is blocked based on the indicator of the first network destination, the indicator of the second network destination, and the comparison of the second feature vector to the plurality of feature vectors.
-
Patent Agency Ranking
公开(公告)号:US20230131525A1
公开(公告)日:2023-04-27
申请号:US17512015
申请日:2021-10-27
Applicant: Avast Software s.r.o.
Inventor: Bretislav {hacek over (S)}opík , Fabrizio Biondi , Jakub Kroustek , Olga Petrova
IPC: H04L29/06
Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.
-
公开(公告)号:US20220237289A1
公开(公告)日:2022-07-28
申请号:US17159909
申请日:2021-01-27
Applicant: Avast Software s.r.o.
Inventor: Tomas Pevny , Viliam Lisy , Branislav Bosansky , Michal Pechoucek , Vaclav Smidl , Petr Somol , Jakub Kroustek , Fabrizio Biondi
Abstract: A malware classification is generated for an input data set with a human-readable explanation of the classification. An input data set having a hierarchical structure is received in a neural network that has an architecture based on a schema determined from a plurality of second input data sets and that is trained to classify received input data sets into one or more of a plurality of classes. An explanation is provided with the output of the neural network, the explanation comprising a subset of at least one input data set that caused the at least one input data set to be classified into a certain class using the schema of the generated neural network. The explanation may further be derived from the statistical contribution of one or more features of the input data set that caused the at least one input data set to be classified into a certain class.
-
公开(公告)号:US20240362335A1
公开(公告)日:2024-10-31
申请号:US18306861
申请日:2023-04-25
Applicant: Avast Software s.r.o.
Inventor: Fabrizio Biondi , Andrew Gardner
CPC classification number: G06F21/577 , G06F21/53 , G06F2221/033
Abstract: Malicious activity is identified in a plurality of sequences of computer instructions by identifying a plurality of sequences of computer instructions of interest, and assigning the plurality of sequences of computer instructions into two or more groups. A virtual machine sandbox is executed for each of the two or more groups, and each of the plurality of sequences of computer instructions is executed in the virtual machine sandbox into which the sequence of computer instructions has been assigned. Behavior of the executing instruction sequences is monitored, and is used to determine whether each of the groups has at least one executed sequence of computer instructions that is likely malicious.
-
公开(公告)号:US11861006B2
公开(公告)日:2024-01-02
申请号:US17151462
申请日:2021-01-18
Applicant: Avast Software s.r.o.
Inventor: Martin Bálek , Fabrizio Biondi , Dmitry Kuznetsov , Olga Petrova
CPC classification number: G06F21/566 , G06F18/217 , G06F21/54 , G06F21/568 , G06N20/00
Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.
-
公开(公告)号:US11831672B2
公开(公告)日:2023-11-28
申请号:US17512015
申请日:2021-10-27
Applicant: Avast Software s.r.o.
Inventor: B{hacek over (r)}etislav {hacek over (S)}opík , Fabrizio Biondi , Jakub K{hacek over (r)}oustek , Olga Petrova
IPC: H04L9/40
CPC classification number: H04L63/145 , H04L63/1408 , H04L63/205
Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.
-
-
-
-
-
-
Search Results
7
records
(took 0.021 seconds)
