Remediating computer security threats using distributed sensor computers
US10084815B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 13, 2017 |
| Grant date | Sep 25, 2018 |
| Priority date | — |
| Expiry date | Jun 13, 2037 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1441
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A computer-implemented method, comprising: detecting network messages that are emitted by a compromised computer, wherein the compromised computer comprises at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers; queuing copies of the network messages in a queue; forwarding the network messages to original destinations; determining whether the number of network messages exceeds a specified threshold associated with an attack vector; filtering by the processor, the copies that do not include one of a set of port values associated with known computer attacks; analyzing, by the processor, timing of the copies with respect to a predetermined schedule including active hours and inactive hours, detecting one or more security threats caused by the comprised computer based on the determining, filtering, and the analyzing, sending a result of the detecting to a security control computer over a communication network.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.