The subject disclosure is directed towards protecting against malware, by classifying a user's risk level, which corresponds to a likelihood of malware being activated. To make the classification, data is collected that represents a probability of encountering malware, a probability of a user activa
The subject disclosure is directed towards protecting against malware, by classifying a user's risk level, which corresponds to a likelihood of malware being activated. To make the classification, data is collected that represents a probability of encountering malware, a probability of a user activating that malware, and the impact to the machine is activated. The classification maps to a protection level, which may be dynamically adjustable, e.g., based upon current risk conditions. The protection level determines a way to mitigate possible damage, such as by running a program as a virtualized program, running a virtualized operating system, or sandboxing a process.
대표청구항▼
1. In a computing environment, a method performed at least in part on at least one processor, comprising: computing a score indicative of a likelihood of malware being activated on a computing device based upon vulnerability model data and past user behavior data in which the score comprises a proba
1. In a computing environment, a method performed at least in part on at least one processor, comprising: computing a score indicative of a likelihood of malware being activated on a computing device based upon vulnerability model data and past user behavior data in which the score comprises a probability of encountering the malware, a probability of a user activating the malware, and a probability of the computing device being affected by the malware if activated; andbased on the score, taking a protective action to mitigate damage that otherwise is able to result if the malware is activated. 2. The method of claim 1 wherein computing the score comprises determining a probability value based at least in part on the past user behavior data. 3. The method of claim 1 wherein computing the score comprises determining a probability value based at least in part on machine state data. 4. The method of claim 1 wherein computing the score comprises determining a probability value based at least in part on a likelihood of encountering malware. 5. The method of claim 1 wherein computing the score comprises determining a classification, and mapping the classification to a protection level corresponding to possible protective actions, in which the protection level is dynamically variable based upon current threat conditions. 6. The method of claim 1 wherein taking action to mitigate damage comprises adjusting one or more heuristic thresholds, or adjusting a risk level evaluated against the one or more heuristic thresholds. 7. The method of claim 1 wherein taking action to mitigate damage comprises running a program as a virtualized program. 8. The method of claim 1 wherein taking action to mitigate damage comprises running an operating system as a virtualized operating system. 9. The method of claim 1 wherein taking action to mitigate damage comprises running a process in a sandbox. 10. The method of claim 1 wherein taking action to mitigate damage comprises mitigating risk at a network layer within a managed environment, including increasing protection on a destination host, increasing auditing, or decreasing network access for the user or machine or both a user and a machine, or any combination of increasing protection on a destination host, increasing auditing, or decreasing network access for the user or machine or both a user and a machine. 11. In a computing environment, a system, comprising: at least one processor;a memory communicatively coupled to the at least one processor and including components comprising: a classification engine configured to process input data corresponding to a plurality of data sources into at least one predictive model corresponding to a risk of a user activating malware on a computing device, the input data comprising behavior data of the user including past user behavior data, and to determine a classification corresponding to the risk of the user activating malware on the computing device; anda decision engine configured to evaluate the classification with respect to available protective actions, to determine whether a protective action is needed for the user, and if so, to take action to protect the user with respect to activating malware. 12. The system of claim 11 wherein at least some of the malware-related input is received from a remote location relative to the computing device. 13. The system of claim 11 wherein the classification engine, or the decision engine, or both, operate at a remote location relative to the computing device. 14. The system of claim 11 wherein the malware-related input is based upon file type data associated with a user, URL data associated with a user, or malware previously detected for a user, or any combination of file type data associated with a user, URL data associated with a user, or malware previously detected for a user. 15. The system of claim 11 wherein the malware-related input is based upon update data associated with a machine, patch data associated with a machine, user-privilege data associated with a machine, or antimalware scan data associated with a machine, or any combination of update data associated with a machine, patch data associated with a machine, user-privilege data associated with a machine, or antimalware scan data associated with a machine. 16. The system of claim 11 wherein the malware-related input corresponds to a likelihood of encountering malware based upon data collected from an industry source, update data, diagnostic data, or malware data submitted by users, or based upon any combination of data collected from an industry source, update data, diagnostic data, or malware data submitted by users. 17. The system of claim 11 wherein the decision engine is configured take action to protect the user, including by running an program as a virtualized program, running an operating system as a virtualized operating system, running a process in a sandbox, or determining whether to scan for signatures based on the classification, or any combination of running a program as a virtualized program, running an operating system as a virtualized operating system, running a process in a sandbox, or determining whether to scan for signatures based on the classification. 18. The system of claim 11 further comprising, a network communications mechanism that takes action to protect the user or a machine, or both a user and a machine, at a network layer within a managed environment. 19. In a computing environment, a method performed at least in part on at least one processor, comprising: providing data corresponding to a probability of encountering malware, a probability of a user activating malware, and a probability of machine being affected by malware if activated; andusing the data to determine a level of protection for a user or a machine, or both a user and a machine, with respect to activating malware based on a combination of the probability of encountering malware, the probability of a user activating malware, and the probability of machine being affected by malware if activated, the level of protection comprising a strength of antimalware protection. 20. The method of claim 19 wherein using the data to determine a level of protection comprises, classifying the user into a class, and mapping the user to a dynamic level of protection based upon the class and current threat data.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (5)
Judge, Paul; Rajan, Guru; Alperovitch, Dmitri; Moyer, Matt; Krasser, Sven, Message profiling systems and methods.
Duffield,Nicholas; Lund,Carsten; Sen,Subhabrata; Zhang,Yin, Methods and apparatus for space efficient adaptive detection of multidimensional hierarchical heavy hitters.
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.