Using telemetry data to detect false positives

Using telemetry data to detect false positives

Telemetry data concerning multiple samples convicted as malware by different endpoints is tracked over time. During a period of time in which telemetry data concerning convicted samples are tracked, specific samples can be convicted multiple times, both on a single endpoint and/or on multiple endpoi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Parikh, Jugal, Bhatkar, Sandeep
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Telemetry data concerning multiple samples convicted as malware by different endpoints is tracked over time. During a period of time in which telemetry data concerning convicted samples are tracked, specific samples can be convicted multiple times, both on a single endpoint and/or on multiple endpoints. The tracked telemetry data concerning the convicted samples is analyzed, and data that is indicative of false positives is identified. Convictions of samples can be exonerated as false positives, based on the results of analyzing the tracked telemetry data. More specifically, multiple data points from the tracked telemetry data that comprise evidence of false positives can be quantified and weighted. Where the evidence of false positives exceeds a given threshold, convictions of a given sample can be exonerated.