Patent · US Active

Identifying malware-suspect end points through entropy changes in consolidated logs

US10440037B2 · kind B2 · utility

3Cited by

10References

22Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Peter Thayer · Indianapolis, US
Gabriel G. Infante-Lopez · Córdoba, AR
Leandro J. Ferrado · Córdoba, AR
Alejandro Houspanossian · Córdoba, AR

Key dates

Filing date	Mar 31, 2017
Grant date	Oct 8, 2019
Priority date	—
Expiry date	Sep 15, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06N20/20
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.