US2013031111A1PendingUtilityA1

System, method, and computer program product for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database

46
Assignee: JYOTI NITINPriority: Oct 26, 2009Filed: Oct 4, 2012Published: Jan 31, 2013
Est. expiryOct 26, 2029(~3.3 yrs left)· nominal 20-yr term from priority
G06F 16/278G06F 21/57
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system, method, and computer program product are provided for segmenting a database based, at least in part, on a prevalence associated with known objects included in the database. In operation, a database including a plurality of known objects is identified. Additionally, the database is segmented into a plurality of segments. Furthermore, each of the plurality of known objects are assigned to one of the plurality of segments, based at least in part on a prevalence associated with each of the plurality of known objects.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A method, comprising:
 accessing a database that is provided for a client system; and   assigning a plurality of known objects to one of a plurality of segments based, at least in part, on prevalence information associated with each of the plurality of known objects, wherein the database includes whitelisted objects, which are non-malicious objects and which are defined utilizing a Bloom filter of the client system, and wherein the Bloom filter is further configured to determine whether to perform a lookup operation on the database.   
     
     
         22 . The method of  claim 21 , wherein the prevalence information is obtained using antivirus software of the client system. 
     
     
         23 . The method of  claim 21 , wherein the database includes a whitelist database. 
     
     
         24 . The method of  claim 21 , wherein an antivirus DAT model is implemented in conjunction with the Bloom filter and the database. 
     
     
         25 . The method of  claim 21 , wherein the Bloom filter is implemented in conjunction with MD5 hashes, which are communicated to the client system. 
     
     
         26 . The method of  claim 21 , wherein Bloom filter updates are streamed to the client system between DAT releases. 
     
     
         27 . The method of  claim 21 , wherein the Bloom filter is utilized as a whitelist to offset a false positive rate. 
     
     
         28 . The method of  claim 21 , wherein a server updates the Bloom filter for the client system. 
     
     
         29 . The method of  claim 21 , wherein updating the Bloom filter includes communicating hashes stored as Bloom filter bit vectors to the client system. 
     
     
         30 . The method of  claim 21 , wherein Bloom filter updates are sent along as part of additional software updates for the client system. 
     
     
         31 . The method of  claim 21 , wherein the Bloom filter is utilized as a blacklist. 
     
     
         32 . The method of  claim 21 , further comprising:
 receiving a signature lookup request; and   analyzing the signature lookup request using the Bloom filter.   
     
     
         33 . The method of  claim 21 , wherein the client system is a selected one of a group of client devices, the group consisting of:
 a) a computer;   b) a personal digital assistant (PDA); and   c) a mobile phone.   
     
     
         34 . The method of  claim 21 , wherein Bloom filter bit vectors, representing MD5 values of whitelist files, are provided to the client system. 
     
     
         35 . A method, comprising:
 receiving a signature lookup request;   analyzing the signature lookup request using a Bloom filter provided for a client system; and   performing a lookup in a database based on the signature lookup request, wherein the database comprises a blacklist database and a whitelist database, which is segmented into high prevalence objects and low prevalence objects, wherein the high prevalence objects reflect objects that are accessed more frequently than objects included in the low prevalence objects.   
     
     
         36 . A client system, comprising:
 a processor; and   a memory coupled to the processor, wherein the client system is configured to:   access a database that is provided for the client system; and   assign a plurality of known objects to one of a plurality of segments based, at least in part, on prevalence information associated with each of the plurality of known objects, wherein the database includes whitelisted objects, which are non-malicious objects and which are defined utilizing a Bloom filter of the client system, and wherein the Bloom filter is further configured to determine whether to perform a lookup operation on the database.   
     
     
         37 . The client system of  claim 36 , wherein an antivirus DAT model is implemented in conjunction with the Bloom filter and the database. 
     
     
         38 . The client system of  claim 36 , wherein the Bloom filter is implemented in conjunction with MD5 hashes, which are communicated to the client system, and wherein Bloom filter updates are streamed to the client system between DAT releases. 
     
     
         39 . The client system of  claim 36 , wherein the client system is further configured to:
 receive a signature lookup request; and   analyze the signature lookup request using the Bloom filter.   
     
     
         40 . The client system of  claim 36 , wherein Bloom filter bit vectors, representing MD5 values of whitelist files, are provided to the client system.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.