Patent · US Active

Method and system for identifying enterprise network hosts infected with slow and/or distributed scanning malware

US8341740B2 · kind B2 · utility

6Cited by

8References

12Claims

0Family size

Assignee

Alcatel Lucent · FR

Inventors

Bassem Abdel-Aziz · Gatineau, CA
Stanley Chow · Ottawa, CA
Shu-Lin Chen · Gatineau, CA

Key dates

Filing date	May 21, 2008
Grant date	Dec 25, 2012
Priority date	—
Expiry date	Feb 2, 2031

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Malware detection systems are presented in which a list is constructed of enterprise hosts to or from which each given enterprise network host sends or receives packets within a current measurement period and statistics are accumulated based on two or more measurement period lists, with a count value being derived from the statistics to indicate the number of other hosts to or from which each monitored host sent or received packets, and one or more monitored hosts may be identified as suspected of being infected with slow and/or distributed scanning malware for which the count value exceeds a threshold value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.