&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12265619.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,265,619 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Optimal antimalware signatures database</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Andrey Kulaga,  Moscow (RU);  Serguei Beloussov,  Singapore (SG); and  Stanislav Protasov,  Singapore (SG)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Acronis International GmbH,  Schaffhausen (CH)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Acronis International GmbH,  Schaffhausen (CH)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  28, 2022, as Appl. No. 17/656,876.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2023/0306115 A1, Sep.  28, 2023</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/566</b></i> (2013.01)&#xa0;[<i><b>G06F 21/565</b></i> (2013.01); <i>G06F 2221/034</i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12265619-20250401-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for creating an exportable digital collection of optimized malware family-specific signatures for protecting a computing system from malware, the method comprising:<div class="claim_text">providing a sample of files comprising known clean files and known malware files;</div>
                <div class="claim_text">wherein the known clean files and malware files comprise a plurality of attribute vectors;</div>
                <div class="claim_text">identifying signatures for the plurality of attribute vectors;</div>
                <div class="claim_text">calculating, for each signature from among the signatures, a false positive rate by identifying the number of clean files with each said signature, and grouping malware files that share a signature in a family cluster;</div>
                <div class="claim_text">from all the signatures in the family cluster, selecting a signature with the lowest false positive rate as a representative signature for the family cluster, wherein the representative signature is a first signature and a second representative signature is selected and wherein the second representative signature is selected using a predefined target function, wherein the predefined target function selects, as the second representative signature, the signature with the greatest probability to be found among all samples of the malware family cluster; and</div>
                <div class="claim_text">exporting the representative signature configured for use by a scan engine.</div>
              </div>
            </td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">2. The method according to claim 1, wherein the predefined target function selects, as a second representative signature, the signature with the second lowest false positive rate and the greatest probability to be found among all samples of the malware family cluster.</div>
            </td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">3. The method according to claim 2, wherein the predefined target function further selects, as a third representative signature, the signature that requires the least amount of resources to scan a file for the signature.</div>
            </td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">4. The method according to claim 1, wherein the predefined target function further selects, as a second representative signature, the signature that requires the least amount of resources to scan a file for the signature.</div>
            </td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">5. The method according to claim 1, wherein the predefined target function further selects as a third representative signature, the signature that requires the least amount of resources to scan a file for the signature.</div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>