Method of detecting compromised computers in a network
US8601081B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 1, 2012 |
| Grant date | Dec 3, 2013 |
| Priority date | — |
| Expiry date | Oct 1, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2463/146
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.