Subscription based malware detection under management system control

US 10,511,614 B1
Filed: 03/06/2017
Issued: 12/17/2019
Est. Priority Date: 04/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing communications between a management system and one or more malware detection systems, each of the one or more malware detection systems being configured to analyze network traffic to determine whether the network traffic includes malware;

setting, by the management system, a first malware detection system of the one or more malware detection systems to a first level of malware detection based on a first subscription level purchased by a subscriber, wherein the first level of malware detection includes one or more services that, when in operation, analyze the network traffic for a presence of malware and the first subscription level being one of a plurality of subscription levels each corresponding to a different level of malware detection;

generating a signature that identifies malware detected in the network traffic by the malware detection system; and

distributing the signature to a second malware detection system, wherein a timing of the generating or distributing of the signature is based, at least in part, on the first subscription level and a level of subscription fee payment associated with the first subscription level.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method establishing communications between a management system and a malware detection system that collectively provide a distributed malware detection scheme. The malware detection system is configured to analyze network traffic to determine whether the network traffic includes malware. The management system is configured to set the malware detection system to a first level of malware detection based on a first subscription level purchased by a subscriber and control operability of the malware detection system.

735 Citations

20 Claims

1. A method comprising:
- establishing communications between a management system and one or more malware detection systems, each of the one or more malware detection systems being configured to analyze network traffic to determine whether the network traffic includes malware;
  
  setting, by the management system, a first malware detection system of the one or more malware detection systems to a first level of malware detection based on a first subscription level purchased by a subscriber, wherein the first level of malware detection includes one or more services that, when in operation, analyze the network traffic for a presence of malware and the first subscription level being one of a plurality of subscription levels each corresponding to a different level of malware detection;
  
  generating a signature that identifies malware detected in the network traffic by the malware detection system; and
  
  distributing the signature to a second malware detection system, wherein a timing of the generating or distributing of the signature is based, at least in part, on the first subscription level and a level of subscription fee payment associated with the first subscription level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first level of malware detection differs in an amount of services provided by a second level of malware detection.
  - 3. The method of claim 2, wherein the analyzing of the network traffic by the malware detection system includes (i) analyzing content within the network traffic and (ii) analyzing behaviors of a network of computing systems each includes a virtual machine that is configured to process a portion of information within the network traffic to determine whether the network traffic includes malware.
  - 4. The method of claim 1, wherein each of the plurality of subscription levels is based on a different level of payment of a subscription fee.
  - 5. The method of claim 1 further comprising:
    - controlling operability of the malware detection system based on a level of payment of a subscription fee associated with the first subscription level by the subscriber.
  - 6. The method of claim 5, wherein the controlling of the operability of the malware detection system comprises deactivating the malware detection system in response to a lack of payment of the subscription fee.
  - 7. The method of claim 5, wherein the controlling of the operability of the malware detection system comprises activating the malware detection system in response to payment of the subscription fee.
  - 8. The method of claim 1, wherein the malware detection system includes a computer worm sensor.
  - 9. The method of claim 3, wherein the analyzing of the content within the network traffic includes comparing data in the network traffic to one or more signatures locally stored within the malware detection system and determining a presence of malware included as part of the network traffic based on a level of correlation between the data in the network traffic and at least one signature of the one or more signatures exceeds a threshold, each of the one or more signatures identifies characteristics of malware.
  - 10. The method of claim 9, wherein the characteristics of malware include information that characterizes an anomalous behavior of the malware.
  - 11. The method of claim 9 further comprising:
    - updating a plurality of signatures including the one or more signatures locally stored within the malware detection system in accordance with a periodicity that is based, at least in part, on the first subscription level and a level of subscription fee payment associated with the first subscription level.
  - 12. The method of claim 5, wherein the management system further controlling operability of a second malware detection system physically distributed from the malware detection system to form a distributed malware detection system to analyze network traffic originating from different enterprises for malware.

13. A method comprising:
- establishing communications by a management system to a malware detection system that includes a controller and one or more virtual machines that are communicatively coupled to the controller and are configured to analyze network traffic to determine whether the network traffic includes malware;
  
  setting, by the management system, the malware detection system to provide services associated with a first level of malware detection in response to receipt of a first level of payment, wherein the first level of malware detection includes analyzing the network traffic for a presence of malware;
  
  setting, by the management system, the malware detection system to provide services associated with a second level of malware detection that is more robust than the services associated with the first level of malware detection in response to receipt of a second level of payment greater than the first level of payment;
  
  generating a signature that identifies malware detected in the network traffic by the malware detection system; and
  
  distributing the signature to a second malware detection system, wherein a timing of the generating or distributing of the signature is based, at least in part, on the first subscription level and a level of subscription fee payment associated with the first subscription level.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, wherein the timing of the generating or distributing of the signature includes distributing the signature in accordance with a periodity that is based, at least in part, on the first subscription level and the level of subscription fee payment.
  - 15. The method of claim 13, wherein the analyzing of the network traffic by the malware detection system includes (i) analyzing of content within the network traffic and (ii) analyzing behaviors of one or more virtual machines configured to process a portion of information within the network traffic to determine whether the network traffic includes malware.
  - 16. The method of claim 13 further comprising:
    - controlling operability of the malware detection system that comprises deactivating the malware detection system in response to a lack of payment of a subscription fee.
  - 17. The method of claim 13, wherein the controlling of the operability of the malware detection system comprises activating of the malware detection system in response to a lack of payment of the subscription fee.
  - 18. The method of claim 13, wherein the analyzing of the network traffic to determine whether the network traffic includes malware includes comparing data in the network traffic to one or more signatures locally stored within the malware detection system and determining a presence of malware included as part of the network traffic based on a level of correlation between the data in the network traffic and at least one signature of the one or more signatures exceeds a threshold, each of the one or more signatures identifies characteristics of malware.
  - 19. The method of claim 18, wherein the characteristics of malware include information that characterizes an anomalous behavior of the malware.

20. A system comprising:
- means for establishing communications to a malware detection system, the malware detection system including a controller and one or more virtual machines that are communicatively coupled to the controller and are configured to analyze network traffic to determine whether the network traffic includes malware;
  
  means for setting the malware detection system to provide (i) services associated with a first level of malware detection in response to receipt of a first level of payment, and (ii) services associated with a second level of malware detection that is more robust than the services associated with the first level of malware detection in response to receipt of a second level of payment being greater than the first level of payment;
  
  means for generating a signature that identifies malware detected in the network traffic by the malware detection system; and
  
  means for distributing the signature to a second malware detection system, wherein a timing of at least the distributing of the signature is based, at least in part, on the first subscription level and a level of subscription fee payment associated with the first subscription level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fireeye Security Holdings US LLC
Original Assignee
FireEye, Inc.
Inventors
Aziz, Ashar
Primary Examiner(s)
Dada, Beemnet W

Application Number

US15/451,247
Time in Patent Office

1,016 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45591   Monitoring or debugging sup...

G06F 2009/45595   Network integration; Enabli...

G06F 21/53   by executing in a restricte...

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/034   Test or assess a computer o...

G06F 9/45537   Provision of facilities of ...

G06F 9/45558   Hypervisor-specific managem...

G06Q 20/10   specially adapted for elect...

H04L 63/0227   Filtering policies mail mes...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/1491 : using deception as counterm...

H04L 63/20 : for managing network securi...

View All

Subscription based malware detection under management system control

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

735 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Subscription based malware detection under management system control

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

735 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links