Abstract: A computer-implemented method for identifying malicious computer files may include (i) receiving, by a computing device, a set of files from a set of client devices, (ii) performing, by the computing device, a machine learning classification of file attributes on the set of files, (iii) determining, based on the machine learning classification, a node pattern of a suspicious file in the set of files, (iv) calculating, by hashing the node pattern, a file prevalence score of the suspicious file, and (v) performing, by the computing device, a security action based on the file prevalence score of the suspicious file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for classifying files as specific types of malware may include (i) identifying an unknown file on a computing device, (ii) performing an analysis of the unknown file by applying, to the unknown file, a machine-learning heuristic that employs at least one decision tree, (iii) classifying the unknown file as malicious based on the analysis, and (iv) after classifying the unknown file as malicious, using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file by (a) identifying at least one leaf node of the decision tree arrived at by the analysis performed by the machine-learning heuristic on the unknown file, (b) determining that the leaf node of the decision tree is associated with a particular type of malicious file, and (c) sub-classifying the unknown file as the particular type of malicious file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and apparatus for optimizing computer detection of malware using pattern recognition by refreshing random classification forests are described. In one embodiment, the method may include building a random forest with two or more binary decision trees based at least in part on a first set of categorized data, sending the random forest to a client device with a first random forest control value, identifying a second set of categorized data different from the first set of categorized data, calculating a second random forest control value based on the second set of categorized data and sending the second random forest control value to the client device.

Abstract: A computer-implemented method for providing controls for application behavior may include (1) identifying an application that is distributed via an application repository and that is configured to use a permission on a computing platform that enables the application to access a feature of the computing platform, (2) receiving a request to reconfigure the application to intercept and interfere with attempts by the application to use the permission, (3) reconfiguring the application, in response to the request, to intercept and interfere with attempts by the application to use the permission, (4) determining that an updated version of the application is available via the application repository, and (5) reconfiguring the updated version of the application to intercept and interfere with attempts by the application to use the permission in response to an instruction to update the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.

Abstract: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting illegitimate applications may include 1) identifying an installation of an application on a computing system, 2) determining, in response to identifying the installation of the application, that at least one system file with privileged access on the computing system has changed prior to the installation of the application, 3) determining that the application is illegitimate based at least in part on a time of the installation of the application relative to a time of a change to the system file, and 4) performing a remediation action on the application in response to determining that the application is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and system for improving the efficiency of a database processing system for evaluating candidate data items representing search listings that are submitted for inclusion into a search engine database. Candidate search listings are automatically assessed for quality, style, and relevance to evaluate risk of unfavorable reception by a user and of potential exposure volume. Search listings which are higher-risk or higher-volume are routed through manual editorial review while lower-risk, lower-volume search listings are routed for immediate inclusion in the search database without manual editorial evaluation. Accordingly, human editorial efforts can be devoted to manual review of high-risk or high-volume search listings while efficiency is simultaneously improved in the processing system as a whole.

Abstract: A method and system for improving the efficiency of a database processing system for evaluating candidate data items representing search listings that are submitted for inclusion into a search engine database. Candidate search listings are automatically assessed for quality, style, and relevance to evaluate risk of unfavorable reception by a user and of potential exposure volume. Search listings which are higher-risk or higher-volume are routed through manual editorial review while lower-risk, lower-volume search listings are routed for immediate inclusion in the search database without manual editorial evaluation. Accordingly, human editorial efforts can be devoted to manual review of high-risk or high-volume search listings while efficiency is simultaneously improved in the processing system as a whole.

Abstract: A method and system for improving the efficiency of a database processing system for evaluating candidate data items representing search listings that are submitted for inclusion into a search engine database. Candidate search listings are automatically assessed for quality, style, and relevance to evaluate risk of unfavorable reception by a user and of potential exposure volume. Search listings which are higher-risk or higher-volume are routed through manual editorial review while lower-risk, lower-volume search listings are routed for immediate inclusion in the search database without manual editorial evaluation. Accordingly, human editorial efforts can be devoted to manual review of high-risk or high-volume search listings while efficiency is simultaneously improved in the processing system as a whole.