Patent · US Active

Signature creation for malicious network traffic

US8782790B1 · kind B1 · utility

29Cited by

9References

19Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Spencer Smith · El Segundo, US
Adam Glick · Culver City, US
Nicholas Graf · Austin, US
Uriel Mann · Oak Park, US

Key dates

Filing date	Feb 19, 2010
Grant date	Jul 15, 2014
Priority date	—
Expiry date	Jul 12, 2030

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.