Method and system for metadata driven testing of malware signatures

Invention Grant

US09251261B2 Method and system for metadata driven testing of malware signatures 有权

Title translation: 用于元数据驱动测试恶意软件签名的方法和系统

Please log in to see more content

Patent Title: Method and system for metadata driven testing of malware signatures
Patent Title (中): 用于元数据驱动测试恶意软件签名的方法和系统
Application No.: US14042342

Application Date: 2013-09-30
Publication No.: US09251261B2

Publication Date: 2016-02-02
Inventor: Bartlomiej Uscilowski , Costin Ionescu , Thomas Parsons
Applicant: Symantec Corporation
Applicant Address: US CA Mountain View
Assignee: Symantec Corporation
Current Assignee: Symantec Corporation
Current Assignee Address: US CA Mountain View
Agency: Patterson + Sheridan
Main IPC: G06F11/00
IPC: G06F11/00 ; G06F17/30 ; G06F21/56

Method and system for metadata driven testing of malware signatures

Abstract:

Techniques are disclosed for evaluating the effectiveness of a malware signature. A query tool translates a markup language malware signature definition into a database query. The query is then executed against a database of application features to identify software packages that the signature would identify as malware. The results of the query are compared with threat information stored in the database and classified as being true/false positives and true/false negatives.

Abstract(Chinese):

公开了评估恶意软件签名有效性的技术。查询工具将标记语言恶意软件签名定义转换为数据库查询。然后针对应用程序功能的数据库执行查询，以识别签名将标识为恶意软件的软件包。将查询的结果与存储在数据库中的威胁信息进行比较，并将其归类为真/假阳性和真/假阴性。

Public/Granted literature

US20150096021A1 METHOD AND SYSTEM FOR METADATA DRIVEN TESTING OF MALWARE SIGNATURES Public/Granted day:2015-04-02

Information query

Espacenet

IPC分类:

G	物理
G06	计算；推算或计数
G06F	电数字数据处理（基于特定计算模型的计算机系统入G06N）
G06F11/00	错误检测；错误校正；监控（在记录载体上作出核对其正确性的方法或装置入G06K5/00；基于记录载体和传感器之间的相对运动而实现的信息存储中所用的方法或装置入G11B，例如G11B20/18；静态存储中所用的方法或装置入G11C29/00）