Early malware detection by cross-referencing host data
US9117075B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Nov 22, 2010 |
| Grant date | Aug 25, 2015 |
| Priority date | — |
| Expiry date | Dec 4, 2032 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computer network of an enterprise includes a central management computer linking at least one trusted host computer with at least one user computer. The trusted host computer is not used for normal day-to-day activities within the enterprise, and may also not be used for reading electronic mail nor for accessing the Internet and downloading Web site content. Antivirus software on the user computer screens for suspect activity or features and, if found, the suspect activity or features are compared to rules database. If a determination of malware cannot be made, then these unresolved activities or features are sent to the central management computer to be compared to the trusted, known activities and features of the trusted computer. The suspect activities may be deemed acceptable if activities are shared amongst a certain number of user computers all configured to perform the same function. A user computer may be compared against itself over time.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.