Predictive modeling for anti-malware solutions
First Claim
Patent Images
1. A system, comprising:
- a processor that executes the following computer executable components stored in a memory;
an identification manager component that generates profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source;
an evaluation component that determines a characteristic of an interaction between a source and an endpoint; and
a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparisonwherein the hostile source is a hostile network,wherein the endpoint attempts to access the hostile network and a second network at substantially the same time.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is predictive modeling for anti-malware solutions. The predictive modeling includes an identification manager component that generates profile data for a hostile source. The hostile source is identified based on a previous threat attributed to the hostile source. The predictive modeling also includes an evaluation component that determines a characteristic of an interaction between a source and an endpoint. Further, the predictive modeling includes a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison. In addition, anti-malware software is not deployed on the endpoint.
47 Citations
18 Claims
-
1. A system, comprising:
a processor that executes the following computer executable components stored in a memory; an identification manager component that generates profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source; an evaluation component that determines a characteristic of an interaction between a source and an endpoint; and a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison wherein the hostile source is a hostile network, wherein the endpoint attempts to access the hostile network and a second network at substantially the same time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method, comprising:
-
generating, by a system comprising a processor, a profile for an identified hostile source based on data associated with the identified hostile source; determining, by the system, an expected characteristic of a next access attempt between an endpoint and a source, wherein the determining includes the use of machine learning to infer an expected characteristic of next access attempt; comparing, by the system, a characteristic of next access attempt with the expected characteristics; and selectively controlling, by the system, the next access attempt based on the comparing, wherein the endpoint attempts to access the hostile source and a second entity at substantially the same time. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer-readable storage device storing executable instructions that, in response to execution, cause a system comprising a processor to perform operations, comprising:
-
generating profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source; determining a characteristic of an interaction between a source and an endpoint; comparing the characteristic of the interaction with the profile data; and controlling access to the source by the endpoint based on the comparison, wherein the hostile source is a hostile network, wherein the endpoint attempts to access the hostile network and a second network at substantially the same time. - View Dependent Claims (16, 17, 18)
-
Specification