[특허]Systems and methods for determining trustworthiness of software programs

Systems and methods for determining trustworthiness of software programs 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/06
출원번호	US-0030745 (2013-09-18)
등록번호	US-9065849 (2015-06-23)
발명자 / 주소	Rivera, Shireen H. Ashley, Peter
출원인 / 주소	Symantec Corporation
대리인 / 주소	ALG Intellectual Property, LLC
인용정보	피인용 횟수 : 9 인용 특허 : 0

초록 ▼

A computer-implemented method for determining trustworthiness of software programs may include (1) determining, for at least one software program, a prevalence score that indicates a prevalence of the software program within a local network, (2) obtaining, for the software program, a reputation score that indicates a reputation of the software program, (3) determining a trustworthiness of the software program based on both the reputation score of the software program and the prevalence score of the software program, and (4) performing a security action based on the trustworthiness of the software program. Various other methods, systems, and computer-readable media are also disclosed.

대표청구항 ▼

1. A computer-implemented method for determining trustworthiness of software programs, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: determining, for at least one software program, a prevalence score that indicates a prevalence of the software program within a local network;obtaining, for the software program, a reputation score that indicates a prevalence of the software program outside the local network;comparing the prevalence score with the reputation score to a determine trustworthiness of the software program based on both the reputation score of the software program and the prevalence score of the software program;performing a security action based on the trustworthiness of the software program. 2. The computer-implemented method of claim 1, wherein the prevalence score comprises at least one of: a percentage of devices within the local network on which the software program is present;a number of instances of the software program installed within the local network. 3. The computer-implemented method of claim 1, wherein comparing the prevalence score with the reputation score to determine the trustworthiness of the software program comprises: determining, based on the prevalence score and the reputation score, that the prevalence of the software program in the local network is greater than the prevalence of the software program outside the local network;determining, based the prevalence of the software program being greater inside the local network than outside the local network, that the software program is likely an internal program for the local network and does not comprise a malware threat. 4. The computer-implemented method of claim 1, wherein obtaining the reputation score comprises: calculating a total number of devices surveyed outside the local network on which the software program is installed;calculating a percentage of devices surveyed outside the local network on which the software program is installed. 5. The computer-implemented method of claim 1, further comprising: conducting a malware deep scan on one or more devices in the local network to determine whether the software program potentially comprises malware;determining that the prevalence score indicates that the software program has not been identified within the local network, wherein the prevalence score is based on an inventory of software programs used within the local network;determining that the software program was identified during the malware deep scan;determining, based on the software program not being identified in the inventory of software programs and being identified during the malware deep scan, that the software program may comprise a rootkit threat;wherein the trustworthiness determination is further based on the determination that the software program may comprise the rootkit threat. 6. The computer-implemented method of claim 1, wherein determining the prevalence score comprises taking an inventory of software programs installed on local devices within the local network by at least one of: querying the local devices;performing a remote scan of the local devices;querying an application inventory system for inventory data about software applications installed within the local network. 7. The computer-implemented method of claim 1, wherein comparing the prevalence score with the reputation score to determine the trustworthiness of the software program comprises: determining that the prevalence score is below a threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the software program has not been identified outside the local network;determining, based on the low prevalence of the software program in the local network and absence of the software program outside the local network, that the software program may comprise an advanced persistent threat. 8. The computer-implemented method of claim 1, wherein comparing the prevalence score with the reputation score to determine the trustworthiness of the software program comprises: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the prevalence of the software program outside the local network is above a global-prevalence threshold and is therefore high;determining, based on the low prevalence of the software program in the local network and the high prevalence of the software program outside the local network, that the software program does not comprise a malware threat. 9. The computer-implemented method of claim 1, wherein comparing the prevalence score with the reputation score to determine the trustworthiness of the software program comprises: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the prevalence of the software program outside the local network is below a global-prevalence threshold and is therefore low;determining, based on the low prevalence of the software program in the local network and the low prevalence of the software program outside the local network, that the software program may comprise a malware threat. 10. A system for determining trustworthiness of software programs, the system comprising: a prevalence module, stored in memory, that determines, for at least one software program, a prevalence score that indicates a prevalence of the software program within a local network;a reputation module, stored in memory, that obtains, for the software program, a reputation score that indicates a prevalence of the software program outside the local network;a trustworthiness module, stored in memory, that compares the prevalence score with the reputation score to determine a trustworthiness of the software program based on both the reputation score of the software program and the prevalence score of the software program;a security module, stored in memory, that performs a security action based on the trustworthiness of the software program;at least one hardware processor that executes the prevalence module, the reputation module, the trustworthiness module, and the security module. 11. The system of claim 10, wherein the prevalence score comprises at least one of: a percentage of devices within the local network on which the software program is present;a number of instances of the software program installed within the local network. 12. The system of claim 10, wherein the trustworthiness module compares the prevalence score with the reputation score to determine the trustworthiness of the software program by: determining, based on the prevalence score and the reputation score, that prevalence of the software program in the local network is greater than the prevalence of the software program outside the local network;determining, based the prevalence of the software program being greater inside the local network than outside the local network, that the software program is likely an internal program for the local network and does not comprise a malware threat. 13. The system of claim 10, wherein the reputation module obtains the reputation score by: calculating a total number of devices surveyed outside the local network on which the software program is installed;calculating a percentage of devices surveyed outside the local network on which the software program is installed. 14. The system of claim 10, wherein the trustworthiness module determines the trustworthiness of the software program by: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the prevalence of the software program outside the local network is below a global-prevalence threshold and is therefore low;determining, based on the low prevalence of the software program in the local network and the low prevalence of the software program outside the local network, that the software program does not comprise a malware threat. 15. The system of claim 13, wherein the prevalence module determines the prevalence score by taking an inventory of software programs installed on local devices within the local network by at least one of: querying the local devices;performing a remote scan of the local devices;querying an application inventory system for inventory data about software applications installed within the local network. 16. The system of claim 10, wherein trustworthiness module compares the prevalence score with the reputation score to determine the trustworthiness of the software program by: determining that the prevalence score is below a threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the software program has not been identified outside the local network;determining, based on the low prevalence of the software program in the local network and absence of the software program outside the local network, that the software program may comprise an advanced persistent threat. 17. The system of claim 10, wherein the trustworthiness module compares the prevalence score with the reputation score to determine the trustworthiness of the software program by: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the prevalence of the software program outside the local network is above a global-prevalence threshold and is therefore high;determining, based on the low prevalence of the software program in the local network and the high prevalence of the software program outside the local network, that the software program does not comprise a malware threat. 18. The system of claim 10, wherein the trustworthiness module compares the prevalence score with the reputation score to determine the trustworthiness of the software program by: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the prevalence of the software program outside the local network is above a global-prevalence threshold and is therefore high;determining, based on the low prevalence of the software program in the local network and the high prevalence of the software program outside the local network, that the software program represents a potential compliance risk for the local network. 19. The system of claim 10, wherein the trustworthiness module further determines the trustworthiness of the software program by: determining that the prevalence score is below a local-prevalence threshold and indicates low prevalence of the software program in the local network;determining that the reputation score indicates that the software program violates a policy of the local network;determining, based on the low prevalence of the software program in the local network and the software program violating the policy of the local network, that the software program potentially poses a threat to the local network. 20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to: determine, for at least one software program, a prevalence score that indicates a prevalence of the software program within a local network;obtain, for the software program, a reputation score that indicates a prevalence of the software program outside the local network;compare the prevalence score with the reputation score to determine a trustworthiness of the software program based on both the reputation score of the software program and the prevalence score of the software program;perform a security action based on the trustworthiness of the software program.

이 특허를 인용한 특허 (9)

Wardman, Bradley; Carrico, Ryan A.; Pratt, Nathan Robert, Accurately classifying a computer program interacting with a computer system using questioning and fingerprinting.
상세보기
Chen, Yi-Chun; Hong, Zen-Jerr; Liang, Lin Chung; Wu, Min-Tsung, Addressing login platform security risks.
상세보기
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
상세보기
Wardman, Bradley; Carrico, Ryan A.; Pratt, Nathan Robert, Detection of scripted activity.
상세보기
Ben-Shalom, Omer; Nayshtut, Alex; Pogorelik, Oleg; Muttik, Igor, Peer-to-peer group vigilance.
상세보기
Simone, Jr., Kenneth D.; Whitehurst, Paul A.; Boudreaux, Mark Joseph, Prevalence-based reputations.
상세보기
Kuo, Chengi Jimmy; Viljoen, Petrus Johannes; Ganesan, Prasanth; Wall, Dermot; Chung, Dong, Systems and methods for automatically making selections in user interfaces.
상세보기
Roundy, Kevin Alejandro; Tamersoy, Acar; Satish, Sourabh, Systems and methods for establishing reputations of files.
상세보기
Savant, Anubhav, Systems and methods for providing information identifying the trustworthiness of applications on application distribution platforms.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Systems and methods for determining trustworthiness of software programs 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허를 인용한 특허 (9)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Systems and methods for determining trustworthiness of software programs 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허를 인용한 특허 (9)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트