×

Systems and methods for malware attack prevention by intercepting flows of information

  • US 10,165,000 B1
  • Filed: 11/24/2014
  • Issued: 12/25/2018
  • Est. Priority Date: 04/01/2004
  • Status: Active Grant
First Claim
Patent Images

1. A malware attack prevention system to be communicatively coupled to a communication network, the malware attack prevention system comprising:

  • a policy engine, operating as a first component of a controller, to determine whether data or a copy of the data is suspicious, the policy engine to analyze the data or the copy of the data, determine that the data or the copy of the data is suspicious when the data or the copy of the data is directed to a targeted Internet Protocol (IP) address that is included in a predetermined set of unassigned IP addresses or IP addresses that are not associated with the communication network, determine a source of the data or the copy of the data, and generate a policy to monitor incoming data or a copy of the incoming data from the source;

    a heuristic module, operating as a second component of the controller, to (i) receive the incoming data or the copy of the incoming data from the source over a first communication path and (ii) analyze the incoming data or the copy of the incoming data to determine whether the incoming data or the copy of the incoming data is suspicious, the suspicious incoming data or the copy of the suspicious incoming data represents a prescribed likelihood that the incoming data or the copy of the incoming data is associated with a malware attack; and

    an analysis environment communicatively coupled to the heuristic module and operating as a third component of the controller, the analysis environment being configured to analyze the suspicious incoming data or the copy of the suspicious incoming data to identify whether the suspicious incoming data or the copy of the suspicious incoming data is associated with a malware attack by analyzing one or more behaviors of a virtual machine that is configured to operate as a device targeted to receive the incoming data or the copy of the incoming data from the source.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×