Patent · US Active

Detecting altered applications using network traffic data

US9300685B2 · kind B2 · utility

0Cited by

8References

20Claims

0Family size

Assignee

AT&T Intellectual Property I, L.P. · US

Inventors

Wei Wang · Harrison, US
Jeffrey E. Bickford · Somerville, US

Key dates

Filing date	Mar 2, 2015
Grant date	Mar 29, 2016
Priority date	—
Expiry date	Mar 2, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1416
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method, computer readable medium and apparatus for detecting an altered application are disclosed. Network traffic data is obtained for a number of endpoint devices to determine a network traffic signature for a first application. The signature comprises a set of flows within a time window. Network traffic data is monitored to determine a network traffic signature for a second application. The signature for the second application comprises the network traffic signature of the first application plus a flow to an additional address. The method determines a ratio of endpoint devices having network traffic data that matches the signature for the second application as compared to a percentage of endpoint devices having network traffic data that matches the signature for the first application. When the percentage satisfies a threshold, the method determines that the second application is the altered application comprising an altered version of the first application.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.