[특허]System and method for detecting computer security threats based on verdicts of computer users

System and method for detecting computer security threats based on verdicts of computer users 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/06
출원번호	US-0332975 (2011-12-21)
등록번호	US-8214904 (2012-07-03)
발명자 / 주소	Doukhvalov, Andrey P. Tikhomirov, Anton V.
출원인 / 주소	Kaspersky Lab Zao
대리인 / 주소	Arent Fox LLP
인용정보	피인용 횟수 : 4 인용 특허 : 31

초록 ▼

Disclosed are systems, methods and computer program products for detecting unknown security threats. In one example, a system receives from an antivirus application deployed on a user's computer information about an unknown security event associated with a software executing on the computer and a user's verdict indicating that the software is harmful or clean. The system identifies the user of the computer and a role of the user. The role indicates user's level of expertise in the field of computer security. If the user has a high level of expertise in computer security, the system accepts the user's verdict. If the user has a low level of expertise, the system analyzes the information about the security event to verify that the user's verdict is correct. If the user's verdict was accepted or verified to be correct, the system updates an antivirus database associated with the antivirus application.

대표청구항 ▼

1. A computer-implemented method for detecting unknown security threats, the method comprising: receiving from an antivirus application deployed on a user's computer information about an unknown security event associated with a software object executing on said computer, and a user's verdict indicating that the software object is harmful or harmless to the security of said computer;identifying the user of said computer and a role of said user, wherein the user's role indicates user's level of expertise in the field of computer security;if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user's verdict that the software object is harmful or harmless;if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user's verdict is correct; andif the user's verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software objects, with said information about the security event and indication that associated software object is harmful or harmless. 2. The method of claim 1 further comprising: if the user's verdict was verified to be correct, increasing the user's level of expertise;if the user's level of expertise reached a predefined threshold, increasing user's role. 3. The method of claim 1, wherein the user's level of expertise in the field of computer security is based on one or more of: a total number of computer threats detected by said user;a number of unique computer threats detected by said user;a level of user proficiency with the antivirus software;a frequency of infections of the computer of said user; andinformation about programs installed on the user's computer and the user's usage of said programs. 4. The method of claim 1 further comprising: detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;decreasing the user's role based on detection of one or more anomalies. 5. The method of claim 1, wherein different roles have different associated weight coefficients, and wherein the user's verdict is given a higher or lower weight during verification of said user's verdict according to the weight coefficient associated with the role of said user. 6. The method of claim 1, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user's verdict is correct or not, the processor is further configured to collect additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of: information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;information about computer's software and hardware state at the time of occurrence of the security event; andthe date, time and repeat frequency of the security event. 7. The method of claim 1, wherein the software object includes one of an executable file, a data file and a link. 8. A computer-based system for detecting unknown security threats, the system comprising: a processor configured to: receive from an antivirus application deployed on a user's computer information about an unknown security event associated with a software object executing on said computer, and a user's verdict indicating that the software object is harmful or harmless to the security of the computer;identify the user of said computer and a role of said user, wherein the user's role indicates user's level of expertise in the field of computer security;if the role of said user indicates that the user has a high level of expertise in the field of computer security, accept the user's verdict that the software object is harmful or harmless;if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyze the information about the security event received from the antivirus application to verify that the user's verdict is correct; and if the user's verdict was accepted or verified to be correct, update an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless. 9. The system of claim 8, wherein the processor is further configured to: if the user's verdict was verified to be correct, increase the user's level of expertise;if the user's level of expertise reached a predefined threshold, increase user's role. 10. The system of claim 8, wherein the user's level of expertise in the field of computer security is based on one or more of: a total number of computer threats detected by said user;a number of unique computer threats detected by said user;a level of user proficiency with the antivirus software;a frequency of infections of the computer of said user; andinformation about programs installed on the user's computer and the user's usage of said programs. 11. The system of claim 8, wherein the processor is further configured to: detect an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;decreasing the user's role based on detection of one or more anomalies. 12. The system of claim 8, wherein different roles have different associated weight coefficients, and wherein the user's verdict is given a higher or lower weight during verification of said user's verdict according to the weight coefficient associated with the role of said user. 13. The system of claim 8, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user's verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of: information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;information about computer's software and hardware state at the time of occurrence of the security event; andthe date, time and repeat frequency of the security event. 14. The system of claim 8, wherein the software object includes one of an executable file, a data file and a link. 15. A computer program product embedded in a non-transitory computer-readable storage medium, the computer-readable storage medium comprising computer-executable instructions for detecting unknown security threats, the medium comprises instructions for: receiving from an antivirus application deployed on a user's computer information about an unknown security event associated with a software object executing on said computer, and a user's verdict indicating that the software object is harmful or harmless to the security of the computer;identifying the user of said computer and a role of said user, wherein the user's role indicates user's level of expertise in the field of computer security;if the role of said user indicates that the user has a high level of expertise in the field of computer security, accepting the user's verdict that the software object is harmful or harmless;if the role of said user indicates that the user has a low level of expertise in the field of computer security, analyzing the information about the security event received from the antivirus application to verify that the user's verdict is correct; andif the user's verdict was accepted or verified to be correct, updating an antivirus database, which is associated with the antivirus application and contains information about known harmful and harmless software object, with said information about the security event and indication that associated software object is harmful or harmless. 16. The product of claim 15 further comprises instructions for: if the user's verdict was verified to be correct, increasing the user's level of expertise;if the user's level of expertise reached a predefined threshold, increasing user's role. 17. The product of claim 15, wherein the user's level of expertise in the field of computer security is based on one or more of: a total number of computer threats detected by said user;a number of unique computer threats detected by said user;a level of user proficiency with the antivirus software;a frequency of infections of the computer of said user; andinformation about programs installed on the user's computer and the user's usage of said programs. 18. The product of claim 15 further comprises instructions for: detecting an anomaly in the information received from the antivirus application by comparing the received information with a historical record of threats detected by the user;decreasing the user's role based on detection of one or more anomalies. 19. The product of claim 15, wherein different roles have different associated weight coefficients, and wherein the user's verdict is given a higher or lower weight during verification of said user's verdict according to the weight coefficient associated with the role of said user. 20. The product of claim 15, wherein, if the information about the security event received from the antivirus application is not sufficient to verify that the user's verdict is correct or not, collecting additional information about the security event and the associated software from the computer, wherein the additional information includes one or more of: information about the security event generated by one or more different security modules of the antivirus application, each module performing a different antivirus analysis;information about computer's software and hardware state at the time of occurrence of the security event; andthe date, time and repeat frequency of the security event.

이 특허에 인용된 특허 (31)

Mendonca, John J., Application inspection tool for determining a security partition.
상세보기
Fein, Gene; Merritt, Edward, Cloud resource usage in data forwarding storage.
상세보기
Shipman, Robert A, Computer security system.
상세보기
Rechterman, Barbara J.; Proctor, Neil; Fitzpatrick, Shawn; Bennett, Bill, Customize an email using an expertise level rules engine.
상세보기
Mashevsky, Yuri V.; Namestnikov, Yuri V.; Denishchenko, Nikolay V.; Zelensky, Pavel A.; Chekunov, Igor G.; Efremov, Andrey A., Detection and minimization of false positives in anti-malware processing.
상세보기
Chang, David Yu; Chang, John Yow-Chung; Venkataramappa, Vishwanath, Dynamically configuring extensible role based manageable resources.
상세보기
Reasor, Sterling M; Newman, Andrew J; Franczyk, Ronald A; Garms, Jason; Jones, Christopher Ryan, Feedback-driven malware detector.
상세보기
Allababidi, Mouaz; Balasubramanian, Balagurunathan; Kuruvalli, Bharath N.; Ma, Lih-Jong; Taylor, Paul L., Hybrid role-based discretionary access control.
상세보기
Horvitz Eric ; Breese John S. ; Heckerman David E. ; Hobson Samuel D. ; Hovel David O. ; Klein Adrian C. ; Rommelse Jacobus A.,NLX ; Shaw Gregory L., Intelligent user assistance facility for a software program.
상세보기
Yip, Ying Kin Tony; Chan, Kok Wai; Chen, Rui; Newaskar, Rahul Shrikant; Toivonen, Anthony, Managing client configuration data.
상세보기
Gonzales,Greg; Baker,Brian D., Method and apparatus for providing a dynamic resource role model for subscriber-requester based protocols in a home automation and control system.
상세보기
Shrivastava, Saurabh; Lee, Stephen Man Leung, Method and apparatus for securely deploying and managing applications in a distributed computing infrastructure.
상세보기
Riggins,Chris; Berl,Steven; Anteunis,Dirk; Stamler,Arnold, Method and apparatus providing role-based configuration of a port of a network element.
상세보기
Hatakama Hiroshi,JPX, Method and device for displaying help for operations and concepts matching skill level.
상세보기
Mashevsky, Yury V.; Namestnikov, Yury V.; Denishchenko, Nikolay V.; Zelensky, Pavel A., Method and system for detection and prediction of computer virus-related epidemics.
상세보기
Eisen Ivan R. (Flower Mound TX) Morris Ruth A. (Dallas TX), Method for automatically adjusting help information displayed in an online interactive system.
상세보기
Glaser,Howard J.; England,Laurence E.; Poole,Rebecca Lau; Xia,Chenhong, Method, system, computer program product, and article of manufacture for downloading a remote computer program according to a stored configuration.
상세보기
Charisius,Dietrich; Coad,Peter, Methods and systems for animating a workflow and a project plan.
상세보기
Layman Andrew J. (Mill Valley CA) Berkovec David C. (Santa Rosa CA), Proactive presentation of automating features to a computer user.
상세보기
Meijer, Henricus Johannes Maria; Gates, III, William H.; Ozzie, Raymond E.; Flake, Gary W.; Bergstraesser, Thomas F.; Blinn, Arnold N.; Brumme, Christopher W.; Cheng, Lili; Connolly, Michael; Dani, Nishant V.; Glasgow, Dane A.; Glasser, Daniel S.; Gounares, Alexander G.; Larus, James R.; MacLaurin, Matthew B.; Mishra, Debi P.; Mital, Amit; Snyder, Jr., Ira L.; Thekkath, Chandramohan A.; Treadwell, III, David R.; Zaner-Godsey, Melora, Recommendation system that identifies a valuable user action by mining data supplied by a plurality of users to find a correlation that suggests one or more actions for notification.
상세보기
Mason, Andrew T.; Laing, William A.; Macintyre, John; Pletcher, Richard A., Role based server installation and configuration.
상세보기
Erb, Paul Andrew, Role-based programmable telephone keys.
상세보기
Lucovsky, Mark H.; Pierce, Shaun Douglas; Movva, Ramu; Kalki, Jagadeesh; Auerbach, David Benjamin; Ford, Peter Sewall; Yuan, Yun-Qi; Guu, Yi-Wen; George, Samuel John; Hoffman, William Raymond; Jacobs, Jay Christopher; Steckler, Paul Andrew; Hsueh, Walter C.; Keil, Kendall D.; Gopal, Burra; White, Steven D.; Leach, Paul J.; Ward, Richard B.; Smoot, Philip Michael; Fang, Lijiang; Taylor, Michael B.; Kannan, Suresh; Wu, Winnie C., Schema-based services for identity-based data access.
상세보기
Melo, Eduardo D.; French, Edward T.; Hasan, Saif R.; Walton, Bryan K; Evans, Cheryl A.; Sager, Frank M., Server-functionality role extensibility model.
상세보기
Aldrich, Daniel J.; Waterman, Frank M.; Andrade, III, Ignacio; Duncan, III, Horace W.; Haner, Brian D.; Jarrett, Lorna M.; Langston, Christopher L.; Maynor, Mathew A.; Meeks, Peter A.; Oliver, III, J, System and method for creating a performance tool and a performance tool yield.
상세보기
Shell,Scott R.; Butler,Lee M.; Peev,Igor B.; Zhu,Yuhang, System and method for over the air configuration security.
상세보기
Zaitsev, Oleg V.; Grebennikov, Nikolay A.; Monastyrsky, Alexey V.; Pavlyushchik, Mikhail A., System and method for security rating of computer processes.
상세보기
Sriprakash, Bhargav; Doerrfeld, Scott C., System and method for using virtual environments.
상세보기
Grinstein, Doron, System and/or method for class-based authorization.
상세보기
Kinser, Stephen Hugh; Burch, Lloyd Leon; Carter, Stephen R., Techniques for providing role-based security with instance-level granularity.
상세보기
Turner, Joshua D., User administration tool.
상세보기

이 특허를 인용한 특허 (4)

Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
상세보기
Kuo, Chengi Jimmy; Viljoen, Petrus Johannes; Ganesan, Prasanth; Wall, Dermot; Chung, Dong, Systems and methods for automatically making selections in user interfaces.
상세보기
Chen, Joseph; Wilhelm, Jeffrey, Systems and methods for treating locally created files as trustworthy.
상세보기
Nachenberg, Carey S., Using temporal attributes to detect malware.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System and method for detecting computer security threats based on verdicts of computer users 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (31)

이 특허를 인용한 특허 (4)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

System and method for detecting computer security threats based on verdicts of computer users 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (31)

이 특허를 인용한 특허 (4)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트