Predictive modeling for anti-malware solutions

US 10,728,276 B1
Filed: 02/28/2018
Issued: 07/28/2020
Est. Priority Date: 03/16/2015
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a processor that executes the following computer executable components stored in a memory;

an identification manager component that generates profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source;

an evaluation component that determines a characteristic of an interaction between a source and an endpoint; and

a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparisonwherein the hostile source is a hostile network,wherein the endpoint attempts to access the hostile network and a second network at substantially the same time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is predictive modeling for anti-malware solutions. The predictive modeling includes an identification manager component that generates profile data for a hostile source. The hostile source is identified based on a previous threat attributed to the hostile source. The predictive modeling also includes an evaluation component that determines a characteristic of an interaction between a source and an endpoint. Further, the predictive modeling includes a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparison. In addition, anti-malware software is not deployed on the endpoint.

47 Citations

View as Search Results

18 Claims

1. A system, comprising:
- a processor that executes the following computer executable components stored in a memory;
  
  an identification manager component that generates profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source;
  
  an evaluation component that determines a characteristic of an interaction between a source and an endpoint; and
  
  a validation component that compares the characteristic of the interaction with the profile data and controls access to the source by the endpoint based on the comparisonwherein the hostile source is a hostile network,wherein the endpoint attempts to access the hostile network and a second network at substantially the same time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the validation component allows access to the source based on a determination that the characteristic of the interaction does not match the profile data.
  - 3. The system of claim 1, wherein the validation component denies access to the source based on a determination that the characteristic of the interaction matches the profile data.
  - 4. The system of claim 1, further comprising a collection manager component that obtains data related to the hostile source from the hostile source or from the endpoint, wherein the identification manager component uses the data to generate the profile data.
  - 5. The system of claim 1, further comprising a collection manager component that interfaces with at least one sensor operatively connected to the endpoint, wherein the at least one sensor monitors network traffic data.
  - 6. The system of claim 1, further comprising a collection manager component that interfaces with at least one sensor operatively connected to the endpoint, wherein the at least one sensor monitors geographic location data of the endpoint.
  - 7. The system of claim 1, further comprising a collection manager component that interfaces with at least one sensor operatively connected to the endpoint, wherein the at least one sensor monitors host network data.
  - 8. The system of claim 1, wherein the profile data comprises address resolution protocol information obtained from local network segments.
  - 9. The system of claim 1, further comprising a collection manager component that captures network traffic samples when the endpoint connects with other endpoints, wherein the identification manager component uses the network traffic samples to generate the profile data based on a determination that the hostile source is associated with at least a set of the network traffic samples.

10. A method, comprising:
- generating, by a system comprising a processor, a profile for an identified hostile source based on data associated with the identified hostile source;
  
  determining, by the system, an expected characteristic of a next access attempt between an endpoint and a source, wherein the determining includes the use of machine learning to infer an expected characteristic of next access attempt;
  
  comparing, by the system, a characteristic of next access attempt with the expected characteristics; and
  
  selectively controlling, by the system, the next access attempt based on the comparing, wherein the endpoint attempts to access the hostile source and a second entity at substantially the same time.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the selectively controlling the next access attempt comprises prohibiting the next access attempt based on a determination that the characteristic of the next access attempt matches the expected characteristic.
  - 12. The method of claim 10, wherein the selectively controlling the next access attempt comprises allowing the next access attempt based on a determination that the characteristic of the next access attempts does not match the expected characteristic.
  - 13. The method of claim 10, wherein the generating the profile comprises obtaining data related to a recent rogue attack directed toward another endpoint.
  - 14. The method of claim 10, further comprises obtaining, by the system, at least one of network traffic data, geographic location data, host network data, traffic sample data, port scanning and enumeration data, and address resolution protocol data.

15. A computer-readable storage device storing executable instructions that, in response to execution, cause a system comprising a processor to perform operations, comprising:
- generating profile data for a hostile source, wherein the hostile source is identified based on a previous threat attributed to the hostile source;
  
  determining a characteristic of an interaction between a source and an endpoint;
  
  comparing the characteristic of the interaction with the profile data; and
  
  controlling access to the source by the endpoint based on the comparison,wherein the hostile source is a hostile network,wherein the endpoint attempts to access the hostile network and a second network at substantially the same time.
- View Dependent Claims (16, 17, 18)
- - 16. The computer-readable storage device of claim 15, the operations further comprising:
    - allowing access to the source based on a determination that the characteristic of the interaction does not match the profile data.
  - 17. The computer-readable storage device of claim 15, the operations further comprising:
    - denying access to the source based on a determination that the characteristic of the interaction matches the profile data.
  - 18. The computer-readable storage device of claim 15, the operations further comprising:
    - interfacing with at least one sensor operatively connected to the endpoint, wherein the at least one sensor monitors network traffic data, geographic location data of the endpoint, or host network data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Original Assignee
Wells Fargo Bank NA (Wells Fargo & Company)
Inventors
Benskin, Ryan B., Belton, Jr., Lawrence T., Houser, Christopher, Makohon, Peter A., Morris, Timothy, Bracey, Omar
Primary Examiner(s)
Song, Hosuk

Application Number

US15/907,916
Time in Patent Office

881 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06N 20/00   Machine learning

G06N 5/04   Inference or reasoning models

H04L 63/145   the attack involving the pr...

Predictive modeling for anti-malware solutions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Predictive modeling for anti-malware solutions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links