| US 7,577,993 B2 | ||
| Methods and systems for detecting and preventing the spread of malware on instant messaging (IM) networks by using Bayesian filtering | ||
| Anandamoy Roychowdhary, Cambridge, Mass. (US); Francis Aurelio Desouza, Somerville, Mass. (US); Jon Sakoda, Boston, Mass. (US); Arthur William Gilliland, Jamaica Plain, Mass. (US); Eric Lyle Lorenzo, Somerville, Mass. (US); and Milan Shah, Hopkinton, Mass. (US) | ||
| Assigned to Symantec Corporation, Mountain View, Calif. (US) | ||
| Filed on Jul. 01, 2005, as Appl. No. 11/171,249. | ||
| Prior Publication US 2007/0006026 A1, Jan. 04, 2007 | ||
| Int. Cl. G06F 21/00 (2006.01) | ||
| U.S. Cl. 726—22 | 35 Claims |
| 1. A computer-assisted method of reducing spread of malware in an Instant Message (IM) system, comprising:
a) analyzing messages exchanged between an IM server and an IM client;
b) identifying one or more messages as possibly containing malware among the exchanged messages, at least one of the identified
messages being a message sent to a virtual user having a virtual IM account, the virtual user automatically participating
in a dialog with other users to elicit messages from malware operators;
c) assigning a confidence level to each identified message, wherein a confidence level represents a probability of a message
containing malware;
d) training a Bayesian filter using the identified messages and the confidence levels;
e) adjusting the confidence levels using a Bayesian filter; and
f) iteratively applying steps a) through e) for identifying additional messages as possibly containing malware, for re-training
the Bayesian filter using at least the identified additional messages, and for further adjusting the confidence levels using
the Bayesian filter.
|