Determining risk of malware infection in enterprise hosts

Assignees

• EMC IP Holding Company LLC · US
• The University of North Carolina at Chapel Hill · US

Inventors

• Alina Oprea · Arlington, US
• Ting-Fang Yen · Sunnyvale, US
• Viktor Heorhiadi · Seattle, US
• Michael Kendrick Reiter · Raritan, US
• Ari Juels · Brookline, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/535
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A processing device comprises a processor coupled to a memory and is configured to obtain data characterizing host devices of a computer network of an enterprise. The data is applied to a logistic regression model to generate malware infection risk scores for respective ones of the host devices. The malware infection risk scores indicate likelihoods that the respective host devices will become infected with malware. The logistic regression model incorporates features of the host devices including at least user demographic features, virtual private network (VPN) activity features and web activity features of the host devices, and the data characterizing the host devices comprises data for the incorporated features. Proactive measures are taken to prevent malware infection in a subset of the host devices based at least in part on the malware infection risk scores. The processing device may be implemented in the computer network or an associated network security system.