US 9,813,437 B2
Systems and methods for determining malicious-download risk based on user behavior
Leylya Yumer, Antibes (FR)
Assigned to Symantec Corporation, Mountain View, CA (US)
Filed by Symantec Corporation, Mountain View, CA (US)
Filed on Jun. 15, 2015, as Appl. No. 14/739,385.
Prior Publication US 2016/0366167 A1, Dec. 15, 2016
Int. Cl. G06F 21/00 (2013.01); H04L 29/06 (2006.01); G06F 21/50 (2013.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01)
CPC H04L 63/1425 (2013.01) [G06F 21/50 (2013.01); G06F 21/56 (2013.01); G06F 21/577 (2013.01); H04L 63/1433 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method for determining malicious-download risk based on user behavior, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
identifying a set of users that are at high risk for malicious downloads and a set of users that are at low risk for malicious downloads;
determining a high-risk pattern of download behavior that is shared by the set of high-risk users and that is not shared by the set of low-risk users;
analyzing download behavior of an uncategorized user over a predefined time period in order to categorize the download behavior as high-risk or low-risk;
categorizing the uncategorized user as a high-risk user in response to determining that the download behavior of the uncategorized user falls within a predefined similarity threshold of the high-risk pattern of download behavior, wherein the high-risk pattern of download behavior comprises downloading at least one file that is found on fewer than a predefined percentage of computing devices used by others; and
increasing a security posture of the high-risk user in order to reduce the risk of the high-risk user becoming infected with malware, wherein increasing the security posture comprises increasing a restriction of at least one of firewall settings or spam filter settings associated with the computing device.