{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-11487876","patent":{"patent_number":"US-11487876","title":"Robust whitelisting of legitimate files using similarity score and suspiciousness score","assignee":null,"inventors":[],"filing_date":"2020-04-06T00:00:00.000Z","publication_date":"2022-11-01T00:00:00.000Z","cpc_codes":["G06F","G06F","H04L","H04L","G06F"],"num_claims":21,"abstract":"A locality-sensitive hash value is calculated for a suspect file in an endpoint computer. A similarity score is calculated for the suspect hash value by comparing it to similarly-calculated hash values in a cluster of known benign files. A suspiciousness score is calculated for the suspect hash value based upon similar matches in a cluster of benign files and a cluster of known malicious files. These similarity score and the suspiciousness score or combined in order to determine if the suspect file is malicious or not. Feature extraction and a set of features for the suspect file may be used instead of the hash value; the classes would contain sets of features rather than hash values. The clusters may reside in a cloud service database. The suspiciousness score is a modified Tarantula technique. Matching of locality-sensitive hashes may be performed by traversing tree structures of hash values."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Robust whitelisting of legitimate files using similarity score and suspiciousness score","description":"A locality-sensitive hash value is calculated for a suspect file in an endpoint computer. A similarity score is calculated for the suspect hash value by comparing it to similarly-calculated hash value","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-11487876","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-11487876","citation_suggestion":"Patentable. \"Robust whitelisting of legitimate files using similarity score and suspiciousness score\" (US-11487876). https://patentable.app/patents/US-11487876","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-11487876","json":"https://patentable.app/api/llm-context/US-11487876","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-30T18:54:14.318Z"}