Kaspersky Lab Patents Automated False-Positive Testing Technology Based on Machine Learning Algorithms
Kaspersky Lab has patented a technology that allows for effective false-positive testing of heuristic signatures describing groups of similar malicious files
Kaspersky Lab has patented a technology that allows for effective false-positive testing of heuristic signatures describing groups of similar malicious files. This patent is the latest addition to the arsenal of advanced technologies used by the company in combating cyberthreats that allow for reliable automation of a large proportion of routine virus analysis tasks.
The detection rules, which are automatically created by processing limited amounts of newly discovered malicious files, describe groups of malicious objects as combinations of various characteristics. These characteristics include, for example, sequences of system calls and events that are common for malicious objects and uncommon for whitelisted files.
The technology, entitled “System and method for evaluating malware detection rules”, allows Kaspersky Lab to reliably test the automatically created detection rules to determine whether they correctly describe the groups of malicious files in such a way that legitimate ones are not affected (i.e. the possibility of generating false positives is greatly reduced). It works by testing these detection rules in the Kaspersky Lab infrastructure and comparing all files found to fall under the description with the set of known benign (or whitelisted) files and a larger set of known malicious objects. If no similarities are found, the detection rule is considered to be accurate and is rolled out to the users.
“As the amount of malicious files which we encounter every day exceedshundreds of thousandsand keeps growing, we at Kaspersky Lab have been automating a number of virus analysis tasks. For example, such tasks as finding similarities between different malicious files so that we could create heuristic detection rules that describe groups of objects instead of single files. The patented technology complements the set of machine learning tools our experts are using so that they have more time to concentrate on the most advanced and sophisticated threats”, said Timur Biyachuev, Director Anti-Malware Research, Kaspersky Lab.
The patented technology (US Patent No. 9171155) is implemented in the following products: Kaspersky Internet Security, Kaspersky Total Security Multi-Device, Kaspersky Endpoint Security for Business.
Kaspersky Lab continues to develop and patent new data protection technologies. By the end of October 2015, the company had 343 patents in Russia, the US, China and Europe, with 324 more patent applications filed.
Kaspersky Lab Patents Automated False-Positive Testing Technology Based on Machine Learning Algorithms
Kaspersky
Related Articles Product news
Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Laser-focus on business: Kaspersky transforms the United partner program
Kaspersky has introduced a major update to its United partner program. As the number of its global partners increases, Kaspersky has defined four new specified approaches for those selling, deploying, providing managed services or building solutions with Kaspersky products. To drive this new approach, the partner program, benefits, and motivation have been revised to better align with its partners’ business models.Read More >Updated Antidrone solution from Kaspersky: smarter detection, scaling and customization
Amid a constantly growing civilian drone market, Kaspersky has given its anti-drone solution a major new update. The latest version features improved system scalability, an interface that operates 12 times more quickly, and optimized incident visualization. Kaspersky Antidrone Solution is a comprehensive system that detects, identifies, and neutralizes civil drones that pose a security or physical threat to various settings, including critical infrastructure, public events, and commercial facilities.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.