Patent · US Active

Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery

US9888030B2 · kind B2 · utility

1Cited by

3References

19Claims

0Family size

Assignee

VIRGINIA TECH INTELLECTUAL PROPERTIES, INC. · US

Inventors

Danfeng Yao · West Lafayette, US
Hao Zhang · Shanghai, CN

Key dates

Filing date	May 1, 2014
Grant date	Feb 6, 2018
Priority date	—
Expiry date	May 1, 2034

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2133
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A computer system for distinguishing user-initiated network traffic from malware-initiated network traffic comprising at least one central processing unit (CPU) and a memory communicatively coupled to the CPU. The memory includes a program code executable by the CPU to monitor individual network events to determine for an individual network event whether the event has a legitimate root-trigger. Malware-initiated traffic is identified as an individual network event that does not have a legitimate root-trigger.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.