Kaspersky Lab, one of the leading developers of secure content and threat management solutions, announces that it has been granted three new patents in Russia. The new patents are for different technologies implemented in Kaspersky Lab’s products, including a method for reducing the amount of false positive detections during anti-malware processing, a system for rapid analysis of a data stream for malware presence, and a system and method for comparing the functionality of executable files based on patterns.
The first patent, № 107615, covers technology that improves the efficiency of the anti-virus system by reducing the number of false positive detections of legitimate objects and programs. The patented method is used in anti-virus systems that use rules to detect both malicious processes and the objects from which those malicious processes emanate. The core essence of the technology relates to analysis of changes in ratings used by rules for evaluating processes by the correction factor for each rule. Factors are set automatically by the system after analysis of statistics about each rule. If the rule works without any errors the factor is increased, and for rules whose work led to errors (false positive detections) the factor is decreased in order to reduce the rating level of such rules. This technology also allows new rules to be tested. Being assigned a “zero” coefficient, new rules do not alter the final verdict, but provide useful statistics and information to the company’s experts.
Patent № 107616 covers a system of rapid analysis of a data stream for malware presence. The method is designed to handle data in streaming mode, without buffering the entire facility, which permits analysis of large objects without placing excessive demands on memory. The method involves splitting the original data stream into a plurality of logical data streams, assigning each its own handler as well as its own buffer. For example, while one handler processes the body of a message, another handler processes embedded archives. Thus, each stream can be assigned to multiple handlers. What is important here is the role of each handler: one of them might, for example, unpack packed data, and then transfer it to another handler, which checks the unpacked data to determine if it contains malicious objects.
The third patent, № 2427890, covers both a system and method for file comparisons based on pattern-based similarities. The process of collecting data in order to create a pattern utilizes both static and dynamic methods, thus providing a complete overview of a program’s behavior and functionality. Compared to existing heuristics methods of detecting malicious code, this method allows to create a full, structured description of a program. This is a more efficient approach because even if a program’s code has been altered the patented technology is still able to block a new variation of malware based on its functionality.
The three new Russian patents have increased the total number of Kaspersky Lab technologies patented in the country to 43. Another 32 patent applications are currently being reviewed by the Russian patent office. Overall, the patent offices of the United States, Russia, China and the EU are examining more than 120 Kaspersky Lab patent applications relating to cutting-edge IT security technologies.