System and method of identifying the source of an attack on a computer network
First Claim
1. A method of identifying the source of a malware that was released onto a communication network, the method comprising:
- (a) obtaining the memory state of a plurality of computing devices connected to the communication network;
(b) determining that the malware was released onto the communication network;
(c) identifying computing devices in the communication network that are infected with the malware; and
(d) tracing the spread of the malware between computing devices infected with the malware.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system and method of tracing the spread of computer malware in a communication network. One aspect of the present invention is a method that traces the spread of computer malware in a communication network. When suspicious data characteristic of malware is identified in a computing device connected to the communication network, the method causes data that describes the state of the computing device to be stored in a database. After a specific attack against the communication network is confirmed, computing devices that are infected with the malware are identified. Then, the spread of the malware between computing devices in the communication network is traced back to a source.
-
Citations
26 Claims
-
1. A method of identifying the source of a malware that was released onto a communication network, the method comprising:
-
(a) obtaining the memory state of a plurality of computing devices connected to the communication network;
(b) determining that the malware was released onto the communication network;
(c) identifying computing devices in the communication network that are infected with the malware; and
(d) tracing the spread of the malware between computing devices infected with the malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-readable medium bearing computer-executable instructions that, when executed, carries out a method of identifying the source of a malware that was released onto a communication network, the method comprising:
-
(a) obtaining the memory state of a plurality of computing devices connected to the communication network;
(b) determining that the malware was released onto the communication network;
(c) identifying computing devices in the communication network that are infected with the malware; and
(d) tracing the spread of the malware between computing devices infected with the malware. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A software system for identifying the source of a malware that was released onto a communication network, the software system comprising:
-
(a) anti-virus software for detecting the presence of suspicious data on a client computing device;
(b) an application program interface to present functions to software applications for reporting suspicious data;
(c) an operating system for capturing the memory state of the computing device when suspicious data is reported; and
(d) a memory collection database operative to store data that captures the memory state of the computing device received from the operating system. - View Dependent Claims (24, 25, 26)
-
Specification