Patent · US Active

System and method for detecting a malicious command and control channel

US8677487B2 · kind B2 · utility

183Cited by

4References

23Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Ravindra K. Balupari · San Jose, US
Vinay Mahadik · Milpitas, US
Bharath Madhusudan · Sunnyvale, US
Chintan Shah · Apex, US

Key dates

Filing date	Oct 18, 2011
Grant date	Mar 18, 2014
Priority date	—
Expiry date	Oct 26, 2031

Classification

Technology area (CPC H)Electricity
CPC primaryH04L2463/144
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method is provided in one example embodiment that includes detecting repetitive connections from a source node to a destination node, calculating a score for the source node based on the connections, and taking a policy action if the score exceeds a threshold score. In more particular embodiments, the repetitive connections use a hypertext transfer protocol and may include connections to a small number of unique domains, connections to small number of unique resources associated with the destination node, and/or a large number of connections to a resource in a domain. Moreover, heuristics may be used to score the source node and identify behavior indicative of a threat, such as a bot or other malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.