Patent · US Active

Detecting endpoint compromise based on network usage history

US11165797B2 · kind B2 · utility

9Cited by

43References

14Claims

0Family size

Assignee

Sophos Limited · GB

Inventors

Karl Ackerman · Topsfield, US
Mark David Harris · Banbury, GB
Kenneth D. Ray · Seattle, US
Andrew J. Thomas · Woodstock, GB
Daniel Stutz · Karlsruhe, DE

Key dates

Filing date	Apr 5, 2017
Grant date	Nov 2, 2021
Priority date	—
Expiry date	Apr 5, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/141
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

In the context of network activity by an endpoint in an enterprise network, malware detection is improved by using a combination of reputation information for a network address that is accessed by the endpoint with reputation information for an application on the endpoint that is accessing the network address. This information, when combined with a network usage history for the application, provides improved differentiation between malicious network activity and legitimate, user-initiated network activity.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.