METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE
First Claim
1. A method for identifying infection of unwanted software on an electronic device, the method comprising:
- installing a software agent on the electronic device, the software agent configured to generate a bait;
monitoring an electronic output of the electronic device for attempts of transmitting the bait; and
analyzing the output of the electronic device in response to the bait to determine the existence of unwanted software.
16 Assignments
0 Petitions
Accused Products
Abstract
A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.
177 Citations
19 Claims
-
1. A method for identifying infection of unwanted software on an electronic device, the method comprising:
-
installing a software agent on the electronic device, the software agent configured to generate a bait; monitoring an electronic output of the electronic device for attempts of transmitting the bait; and analyzing the output of the electronic device in response to the bait to determine the existence of unwanted software. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for identifying unwanted software on at least one electronic device, the system comprising:
-
a management unit in communication with the electronic device, the management unit configured to install a software agent on the electronic device wherein the software agent is configured to generate a bait to be transmitted by the electronic device over a computer network as an output; a traffic analyzer in communication with the computer network, the traffic analyzer configured to analyze the output of the electronic device; and a decision system in communication with the traffic analyzer, the decision system configured to correlate the bait from the electronic device with the output of the electronic device in order to determine the existence of unwanted software. - View Dependent Claims (11, 12)
-
-
13. A method for identifying infection of unwanted software on a first and second group of electronic devices, the method comprising:
-
installing a software agent on each of the electronic devices of the first group, the software agent being configured to generate a bait for each one of the electronic devices of the first group; monitoring the electronic output from at least one of the electronic devices of the first group for attempts of transmitting the bait; monitoring the electronic output from at least one of the electronic devices of the second group for attempts of transmitting the bait; and analyzing the output from the first and second group of electronic devices to determine the existence of unwanted software. - View Dependent Claims (14, 15, 16)
-
-
17. A system for identifying infection of unwanted software on a first and second group of electronic devices, the system comprising:
-
a management unit for installing a software agent on each of the electronic devices of the first group, the software agent being configured to generate a bait on each of the electronic devices of the first group; a traffic analyzer in communication with the first and second group of electronic devices via a computer network, the traffic analyzer configured to analyze the output from both the first and second group of electronic devices; and a decision system in communication with the traffic analyzer, the decision system configured to compare the output of the first group of electronic devices with the output from the second group of electronic devices in order to determine the existence of unwanted software. - View Dependent Claims (18, 19)
-
Specification