Method for detection of lateral movement of malware
US12113812B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 16, 2022 |
| Grant date | Oct 8, 2024 |
| Priority date | — |
| Expiry date | Jan 13, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for detecting malware penetrating a network by identifying anomalous communication between at least two systems of the network, carried out by a computer. For each unique combination of Source IP address and destination IP address, the method includes considering a past period, considering the network flow logs stored during said past period, calculating values of a metric based on data of the network flow logs within the past period and at a given frequency, calculating a baseline which consists in calculating an IQR of all metric values calculated during the past period, determining an outlier threshold from the baseline, considering a current period, calculating a new IQR of all metric values calculated during the current period, and classifying the communication between the two systems of the unique combination as an anomalous communication if the IQR of the current period is greater than the outlier threshold.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.