Systems and methods for malware attack prevention by intercepting flows of information
First Claim
1. A malware attack prevention system to be communicatively coupled to a communication network, the malware attack prevention system comprising:
- a policy engine, operating as a first component of a controller, to determine whether data or a copy of the data is suspicious, the policy engine to analyze the data or the copy of the data, determine that the data or the copy of the data is suspicious when the data or the copy of the data is directed to a targeted Internet Protocol (IP) address that is included in a predetermined set of unassigned IP addresses or IP addresses that are not associated with the communication network, determine a source of the data or the copy of the data, and generate a policy to monitor incoming data or a copy of the incoming data from the source;
a heuristic module, operating as a second component of the controller, to (i) receive the incoming data or the copy of the incoming data from the source over a first communication path and (ii) analyze the incoming data or the copy of the incoming data to determine whether the incoming data or the copy of the incoming data is suspicious, the suspicious incoming data or the copy of the suspicious incoming data represents a prescribed likelihood that the incoming data or the copy of the incoming data is associated with a malware attack; and
an analysis environment communicatively coupled to the heuristic module and operating as a third component of the controller, the analysis environment being configured to analyze the suspicious incoming data or the copy of the suspicious incoming data to identify whether the suspicious incoming data or the copy of the suspicious incoming data is associated with a malware attack by analyzing one or more behaviors of a virtual machine that is configured to operate as a device targeted to receive the incoming data or the copy of the incoming data from the source.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for malware attack prevention are provided. The malware attack prevention system features a heuristic module, an analysis environment and an interception module. The heuristic module is configured to (i) receive incoming data from a particular source over a first communication path and (ii) analyze the incoming data to determine whether the incoming data is suspicious, where the suspicious incoming data represents a prescribed likelihood that the incoming data is associated with a malware attack. The analysis environment is configured to analyze the suspicious incoming data to identify whether the suspicious incoming data is associated with a malware attack. Lastly, the interception module is configured to redirect a subsequent flow of data from the particular source to the malware attack prevention system in response to determining, by at least the heuristic module, that the incoming data is suspicious.
640 Citations
36 Claims
-
1. A malware attack prevention system to be communicatively coupled to a communication network, the malware attack prevention system comprising:
-
a policy engine, operating as a first component of a controller, to determine whether data or a copy of the data is suspicious, the policy engine to analyze the data or the copy of the data, determine that the data or the copy of the data is suspicious when the data or the copy of the data is directed to a targeted Internet Protocol (IP) address that is included in a predetermined set of unassigned IP addresses or IP addresses that are not associated with the communication network, determine a source of the data or the copy of the data, and generate a policy to monitor incoming data or a copy of the incoming data from the source; a heuristic module, operating as a second component of the controller, to (i) receive the incoming data or the copy of the incoming data from the source over a first communication path and (ii) analyze the incoming data or the copy of the incoming data to determine whether the incoming data or the copy of the incoming data is suspicious, the suspicious incoming data or the copy of the suspicious incoming data represents a prescribed likelihood that the incoming data or the copy of the incoming data is associated with a malware attack; and an analysis environment communicatively coupled to the heuristic module and operating as a third component of the controller, the analysis environment being configured to analyze the suspicious incoming data or the copy of the suspicious incoming data to identify whether the suspicious incoming data or the copy of the suspicious incoming data is associated with a malware attack by analyzing one or more behaviors of a virtual machine that is configured to operate as a device targeted to receive the incoming data or the copy of the incoming data from the source. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A malware attack prevention system comprising:
-
a processor; and a memory communicatively coupled to the processor, the memory comprises a heuristic module, when executed by the processor, is configured to (i) receive incoming data from a source over a first communication path or a copy of the incoming data and (ii) analyze the incoming data or the copy of the incoming data to determine whether the incoming data or the copy of the incoming data is suspicious, the suspicious incoming data or the copy of the incoming data represents a prescribed likelihood that the incoming data or the copy of the incoming data is associated with a malware attack, a policy engine operating with the heuristic module to determine whether data or a copy of the data is suspicious, the policy engine to analyze the data or the copy of the data, determine that the data or the copy of the data is suspicious when the data or the copy of the data is directed to a targeted internet protocol (IP) address that is included in a predetermined set of unassigned IP addresses or IP addresses that are not associated with a particular communication network, determine a source of the suspicious data or the copy of the suspicious data, and generate a policy to monitor the suspicious incoming data or the copy of the suspicious incoming data from the source; an analysis module, when executed by the processor, is configured to analyze the suspicious incoming data or the copy of the suspicious incoming data to identify whether the suspicious incoming data or the copy of the suspicious incoming data is associated with a malware attack by analyzing one or more behaviors of a virtual machine that is configured to operate as a device targeted to receive the incoming data or the copy of the incoming data from the source. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A malware attack prevention system to be communicatively coupled to a communication network, the malware attack prevention system comprising:
-
a processor; and a data store operating as a memory system or a storage system, the data store comprises a policy engine, executed by the processor, to determine whether data or a copy of the data is suspicious, the policy engine to analyze the data or the copy of the data, determine that the data or the copy of the data is suspicious when the data or the copy of the data is directed to a targeted Internet Protocol (IP) address that is included in a predetermined set of unassigned IP addresses or IP addresses that are not associated with the communication network, determine a source of the data or the copy of the data, and generate a policy to monitor incoming data from the source; a heuristic module, executed by the processor, to (i) receive the incoming data from the source over a first communication path or a copy of the incoming data and (ii) analyze the incoming data or the copy of the incoming data to determine whether the incoming data is suspicious, the suspicious incoming data represents a prescribed likelihood that the incoming data is associated with a malware attack; and a software module, executed by the processor, to analyze the suspicious incoming data to identify whether the suspicious incoming data is associated with a malware attack by analyzing one or more behaviors of a virtual machine that is configured to operate as a device targeted to receive the incoming data or a copy of the incoming data from the source. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification