System and Method for Classification of Unwanted or Malicious Software Through the Identification of Encrypted Data Communication
First Claim
1. A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method comprising:
- detecting an encrypted communication;
determining identification data for the encrypted communication;
comparing the detected encrypted communication to at least one of;
a list of applications authorized for encrypted communications using the identification data; and
a list of authorized destinations of encrypted communications using the identification data;
identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of;
the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing; and
the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method including detecting an encrypted communication and determining identification data for the encrypted communication. Additionally, the method includes comparing the detected encrypted communication to at least one of a list of applications authorized for encrypted communications using the identification data and a list of authorized destinations of encrypted communications using the identification data. Furthermore, the method includes identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing and the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations.
167 Citations
20 Claims
-
1. A method for identifying malware or unauthorized software communications implemented within a computer infrastructure, the method comprising:
-
detecting an encrypted communication; determining identification data for the encrypted communication; comparing the detected encrypted communication to at least one of; a list of applications authorized for encrypted communications using the identification data; and a list of authorized destinations of encrypted communications using the identification data; identifying the detected encrypted communication as an unauthorized encrypted communication in response to a determination that at least one of; the detected encrypted communication is from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing; and the detected encrypted communication is to an unauthorized destination, which is not on the list of authorized destinations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for identifying malware or unauthorized software communications, the system comprising:
-
a storage, a memory and a central processing unit; first program instructions to detect an encrypted communication; second program instructions to determine identification data for the encrypted communication; third program instructions to compare the encrypted communication to at least one of a list of applications authorized for encrypted communications and a list of authorized destinations of encrypted communications using the identification data; fourth program instructions to identify the encrypted communication as an unauthorized encrypted communication in response to a determination that the encrypted communication is at least one of; from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing the encrypted communication to the list of applications authorized for encrypted communications; to an unauthorized destination, which is not on the list of authorized destinations for encrypted communications, based on the comparing the encrypted communication to the list of authorized destinations of encrypted communications, wherein the first, second, third and fourth program instructions are stored in the storage for execution by the central processing unit via the memory. - View Dependent Claims (17, 18, 19)
-
-
20. A computer program product comprising a computer usable storage medium having readable program code embodied in the storage medium, the computer program product includes at least one component operable to:
-
receive at least one of a list of applications authorized for encrypted communications and a list of authorized destinations of encrypted communications; detect an encrypted communication; determine identification data for the encrypted communication; compare the detected encrypted communication to at least one of the list of applications authorized for encrypted communications and the list of authorized destinations of encrypted communications using the identification data; identify the detected encrypted communication as an unauthorized encrypted communication and block the detected encrypted communication in response to a determination that the detected encrypted communication is at least one of; from an unauthorized application, which is not on the list of applications authorized for encrypted communications, based on the comparing; and to an unauthorized destination, which is not on the list of authorized destinations for encrypted communications; and identify the detected encrypted communication as an authorized encrypted communication and allow the detected encrypted communication in response to a determination that the detected encrypted communication is; from an authorized application, which is on the list of applications authorized for encrypted communications, based on the comparing; and to an authorized destination, which is on the list of authorized destinations of encrypted communications, based on the comparing.
-
Specification