Distributed system and method for the detection of eThreats

Assignee

• DEUTSCHE TELEKOM AG · DE

Inventors

• Boris Rozenberg · Ramat Gan, IL
• Ehud Gudes · Beer Sheva, IL
• Yuval Elovici · Kiryat Malachi, IL

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/145
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The invention relates to a distributed system for detecting eThreats that propagate in a network, which comprises: (a) graphs database storing at least one propagation graph, each graph describing the typical propagation over time of one eThreat class or a legitimate executable class within the network; (b) plurality of agents that are distributed in corresponding plurality of hosts within the network, each of said agents continuously monitoring the corresponding host and reporting to a Central Decision Maker (CDM) the identity of any new suspected executable, and the time in which said suspected executable has been first detected by said agent; (c) a CDM for: (c.1) receiving all said reports from said plurality of agents; (c.2) creating from said reports for each suspected executable a corresponding propagation graph which reflects the propagation characteristics over time of said suspected executable within the network, and (c.3) comparing each of said created graphs with said stored at least one propagation graph; (c.4) upon finding a similarity above a predefined threshold between a created graph and one of the stored graphs, concluding respectively that said executable belongs…