公开(公告)号：US20230131525A1

公开(公告)日：2023-04-27

申请号：US17512015

申请日：2021-10-27

Applicant: Avast Software s.r.o.

Inventor： Bretislav {hacek over (S)}opík ,  Fabrizio Biondi ,  Jakub Kroustek ,  Olga Petrova

IPC: H04L29/06

Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.

公开(公告)号：US20220229906A1

公开(公告)日：2022-07-21

申请号：US17151462

申请日：2021-01-18

Applicant: Avast Software s.r.o.

Inventor： Martin Bálek ,  Fabrizio Biondi ,  Dmitry Kuznetsov ,  Olga Petrova

IPC: G06F21/56 ,  G06F21/54 ,  G06K9/62 ,  G06N20/00

Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.

公开(公告)号：US11861006B2

公开(公告)日：2024-01-02

申请号：US17151462

申请日：2021-01-18

Applicant: Avast Software s.r.o.

Inventor： Martin Bálek ,  Fabrizio Biondi ,  Dmitry Kuznetsov ,  Olga Petrova

IPC: H04L29/06 ,  G06F21/56 ,  G06N20/00 ,  G06F21/54 ,  G06F18/21

CPC classification number: G06F21/566 ,  G06F18/217 ,  G06F21/54 ,  G06F21/568 ,  G06N20/00

Abstract: A reference file set having high-confidence malware severity classification is generated by selecting a subset of files from a group of files first observed during a recent observation period and including them in the subset. A plurality of other antivirus providers are polled for their third-party classification of the files in the subset and for their third-party classification of a plurality of files from the group of files not in the subset. A malware severity classification is determined for the files in the subset by aggregating the polled classifications from the other antivirus providers for the files in the subset after a stabilization period of time, and one or more files having a third-party classification from at least one of the polled other antivirus providers that changed during the stabilization period to the subset are added to the subset.

公开(公告)号：US11831672B2

公开(公告)日：2023-11-28

申请号：US17512015

申请日：2021-10-27

Applicant: Avast Software s.r.o.

Inventor： B{hacek over (r)}etislav {hacek over (S)}opík ,  Fabrizio Biondi ,  Jakub K{hacek over (r)}oustek ,  Olga Petrova

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1408 ,  H04L63/205

Abstract: A method and system for updating and applying a ruleset used for determining and mitigating malware threats. Communications of computing devices are monitored and first data file extracted. A first and second set of features are extracted. A first rule is applied to the first set of features of the first data file to determine a non-match. A second rule is applied to the second set of features to determine a match. A third rule is generated based on the first set of features, non-match, and match. Communications of a particular computing device are monitored and second data file extracted. A first set of features of the second data file are extracted. The third rule is applied to the first set of features of the second data file to determine a match. The second data file is disabled, blocked, or deleted based the match determination by the third rule.