Systems and methods for malware detection and scanning
First Claim
Patent Images
1. A computer-implemented method, operating in a hub computing device, for malware scanning and detection, the method comprising:
- receiving, by the hub computing device from a separate controller computing device, a malware scan request having;
a first portion that includes an identification of a target website, anda second portion that includes instructions to scan the target website;
identifying, by the hub computing device, a plurality of first spoke honeypot computing devices for performing the malware scan request on the target website, wherein;
at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices is separate from the hub computing device,at least one first spoke honeypot computing device is configured to use a second spoke honeypot computing device as a proxy, andthe second spoke honeypot computing device appears to originate from a different address than the plurality of first spoke honeypot computing devices;
sending, by the hub computing device to the plurality of first spoke honeypot computing devices, the malware scan request received from the controller computing device, wherein at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices is configured to route the malware scan request to the second spoke honeypot computing device;
receiving, by the hub computing device from at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices, a first set of results associated with performing the malware scan request, wherein performing the malware scan request includes visiting the target website by at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices or by the second spoke honeypot computing device; and
sending, to the controller computing device, the first set of results associated with performing the malware scan request.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for malware scanning and detection. In one exemplary embodiment, the method includes a hub computing device that receives, from a controller computing device, a scan request, and identifies spoke computing devices for performing the scan request. The method performed by the hub computing device also includes sending to the identified spoke computing devices, the scan request, receiving, from the spoke computing devices, results associated with the scan request, and sending, to the controller computing device, the results associated with the scan request.
36 Citations
24 Claims
-
1. A computer-implemented method, operating in a hub computing device, for malware scanning and detection, the method comprising:
-
receiving, by the hub computing device from a separate controller computing device, a malware scan request having; a first portion that includes an identification of a target website, and a second portion that includes instructions to scan the target website; identifying, by the hub computing device, a plurality of first spoke honeypot computing devices for performing the malware scan request on the target website, wherein; at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices is separate from the hub computing device, at least one first spoke honeypot computing device is configured to use a second spoke honeypot computing device as a proxy, and the second spoke honeypot computing device appears to originate from a different address than the plurality of first spoke honeypot computing devices; sending, by the hub computing device to the plurality of first spoke honeypot computing devices, the malware scan request received from the controller computing device, wherein at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices is configured to route the malware scan request to the second spoke honeypot computing device; receiving, by the hub computing device from at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices, a first set of results associated with performing the malware scan request, wherein performing the malware scan request includes visiting the target website by at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices or by the second spoke honeypot computing device; and sending, to the controller computing device, the first set of results associated with performing the malware scan request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A hub computing apparatus for malware scanning and detection, the apparatus comprising:
-
at least one memory to store data and instructions; and at least one processor configured to access memory and to execute instructions to; receive, from a separate controller computing device, a scan request having; a first portion that includes an identification of a target website, and a second portion that includes instructions to scan the target website; identify a plurality of first spoke honeypot computing devices for performing the scan request on the target website, wherein; at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices is separate from the hub computing apparatus, at least one first spoke honeypot computing device is configured to use a second spoke honeypot computing device as a proxy, and the second spoke honeypot computing device appears to originate from a different address than the plurality of first spoke honeypot computing devices; send, to the plurality of first spoke honeypot computing devices, the scan request received from the controller computing device, wherein at least one of the plurality of first spoke honeypot computing devices is configured to route the scan request to the second spoke honeypot computing device; receive, from at least one of the plurality of first spoke honeypot computing devices, a first set of results associated with performing the scan request, wherein performing the scan request includes visiting the target website by at least one first spoke honeypot computing device of the plurality of first spoke honeypot computing devices or by the second spoke honeypot computing device; and send, to the controller computing device, the first set of results associated with performing the scan request. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-implemented method, operating in a plurality of first spoke honeypot computing devices, for malware scanning and detection, the method comprising:
-
receiving, by the plurality of first spoke honeypot computing devices, from a hub computing device separate from the plurality of first spoke honeypot computing devices, a scan request having; a first portion that includes an identification of a target website, and a second portion that includes instructions to scan the target website, wherein the first spoke honeypot computing device is configured to use a second spoke honeypot computing device as a proxy, and wherein the second spoke honeypot computing device appears to originate from a different address than the plurality of first spoke honeypot computing devices; routing the scan request to the second spoke honeypot computing device; performing, by the first spoke honeypot computing device, analysis of the target website according to the instructions included in the scan request, wherein the analysis of the target website includes visiting the target website by the first spoke honeypot computing device or by the second spoke honeypot computing device; storing, in a database associated with the plurality of first spoke honeypot computing devices, a first set of results associated with the analysis of the target website; and sending, by the first spoke honeypot computing device to the hub computing device, the first set of results of the analysis. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A plurality of spoke honeypot computing apparatuses for malware scanning and detection, each of the spoke computing apparatuses comprising:
-
at least one memory to store data and instructions; and at least one processor configured to access the at least one memory and, when executing the instructions, to; receive, by a plurality of first spoke honeypot computing apparatuses, from a hub computing device separate from the first spoke honeypot computing apparatus, a scan request having; a first portion that includes an identification of a target website, and a second portion that includes instructions to scan the target website, wherein at least one first spoke honeypot computing apparatus of the plurality of first spoke honeypot computing apparatuses is configured to use a second spoke honeypot computing apparatus as a proxy, and wherein the second spoke honeypot computing apparatus appears to originate from a different address source than the plurality of first spoke honeypot computing apparatuses; route the scan request to the second spoke honeypot computing apparatus; perform analysis of the target website according to the instructions included in the scan request, wherein performing the scan request includes the first spoke honeypot computing apparatus or the second spoke honeypot computing apparatus visiting the target website; store, in a database associated with the plurality of first spoke honeypot computing apparatus, results of the analysis of the target website; and send, to the hub computing device, the results of the analysis of the target website. - View Dependent Claims (21, 22, 23, 24)
-
Specification