Search International and National Patent Collections

1. (WO2018077996) DYNAMIC REPUTATION INDICATOR FOR OPTIMIZING COMPUTER SECURITY OPERATIONS

Pub. No.:    WO/2018/077996    International Application No.:    PCT/EP2017/077390
Publication Date: Fri May 04 01:59:59 CEST 2018 International Filing Date: Fri Oct 27 01:59:59 CEST 2017
IPC: G06F 21/56
H04L 29/06
Applicants: BITDEFENDER IPR MANAGEMENT LTD
Inventors: HAJMASAN, Gheorghe-Florin
MONDOC, Alexandra
PORTASE, Radu-Marian
Title: DYNAMIC REPUTATION INDICATOR FOR OPTIMIZING COMPUTER SECURITY OPERATIONS
Abstract:
Described systems and methods allow protecting a computer system from malware such as viruses, worms, and spyware. A reputation manager executes on the computer system concurrently with an anti-malware engine. The reputation manager associates a dynamic reputation indicator to each executable entity seen as a unique combination of individual components (e.g., a main executable and a set of loaded libraries). The reputation indicator indicates a probability that the respective entity is malicious. The reputation of benign entities may increase in time. When an entity performs certain actions which may be indicative of malicious activity, the reputation of the respective entity may drop. The anti-malware engine uses an entity-specific protocol to scan and/or monitor each target entity for malice, the protocol varying according to the entity's reputation. Entities trusted to be non-malicious may be analyzed using a more relaxed protocol than unknown or untrusted entities.