System to identify machines infected by malware applying linguistic analysis to network requests from endpoints
US9419986B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 26, 2014 |
| Grant date | Aug 16, 2016 |
| Priority date | — |
| Expiry date | Mar 26, 2034 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method to identify machines infected by malware is provided. The method includes determining whether a universal resource locator in a network request is present in a first cache and determining whether a fully qualified domain name from the uniform resource locator is present in a second cache. The method includes evaluating a parent hostname as to suspiciousness. The method includes indicating the computing device has a likelihood of infection, responsive to one of: the universal resource locator being present in the first cache with a first indication of suspiciousness, the fully qualified domain name being present in the second cache with a second indication of suspiciousness, or the evaluating the parent hostname having a third indication of suspiciousness, wherein at least one method operation is performed by the processor. A system and computer readable media are provided.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.