METHOD AND APPARATUS FOR DETECTING MALWARE INFECTION
First Claim
1. A method for detecting a malware infection at a local host in a network, the method comprising:
- monitoring communications between the local host and one or more entities external to the network;
generating at least one dialog warning if the communications include a transaction indicative of a malware infection;
declaring a malware infection if, within a predefined period of time, the at least one dialog warning includes;
at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection; and
outputting an infection profile for the local host.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention is a method and apparatus for detecting malware infection. One embodiment of a method for detecting a malware infection at a local host in a network, includes monitoring communications between the local host and one or more entities external to the network, generating a dialog warning if the communications include a transaction indicative of a malware infection, declaring a malware infection if, within a predefined period of time, the dialog warnings includes at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection, and outputting an infection profile for the local host.
435 Citations
20 Claims
-
1. A method for detecting a malware infection at a local host in a network, the method comprising:
-
monitoring communications between the local host and one or more entities external to the network; generating at least one dialog warning if the communications include a transaction indicative of a malware infection; declaring a malware infection if, within a predefined period of time, the at least one dialog warning includes;
at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection; andoutputting an infection profile for the local host. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable storage medium containing an executable program for detecting a malware infection at a local host in a network, where the program performs the steps of:
-
monitoring communications between the local host and one or more entities external to the network; generating at least one dialog warning if the communications include a transaction indicative of a malware infection; declaring a malware infection if, within a predefined period of time, the at least one dialog warning includes;
at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection; andoutputting an infection profile for the local host. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for detecting a malware infection at a local host in a network, the system comprising:
-
means for monitoring communications between the local host and one or more entities external to the network; means for generating at least one dialog warning if the communications include a transaction indicative of a malware infection; means for declaring a malware infection if, within a predefined period of time, the at least one dialog warning includes;
at least one dialog warning indicating a transaction initiated at the local host and at least one dialog warning indicating an additional transaction indicative of a malware infection; andmeans for outputting an infection profile for the local host. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification