×

Identifying suspected malware files and sites based on presence in known malicious environment

  • US 10,282,544 B2
  • Filed: 05/20/2014
  • Issued: 05/07/2019
  • Est. Priority Date: 05/20/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method for identifying potential malware comprising:

  • identifying an anchor event in a first telemetry data stream, the anchor event occurring within an anchor timeframe comprising a predetermined time window before or after the time at which the anchor event occurred, the first telemetry data stream having a first plurality of events each identifying an activity performed by a first device, wherein the anchor event is an event identified as a potentially suspicious event;

    comparing to the first telemetry data stream a second telemetry data stream having a second plurality of events each identifying an activity performed by a second device distinct from the first device; and

    based on said comparing;

    identifying among the second plurality of events in the second telemetry data stream at least one satellite event occurring within the anchor timeframe that corresponds to one of the plurality of events in the first telemetry data stream, wherein the identifying at least one satellite event comprises determining that the at least one satellite event;

    is different from the anchor event; and

    has a relationship to the anchor event; and

    identifying in both the first and second telemetry data streams a second satellite event occurring within a second anchor timeframe, wherein the preceding steps are executed by at least one processor.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×