Devices, Systems, and Methods for Detecting Proximity-Based Mobile Malware Propagation
First Claim
1. A mobile communication device comprising:
- a processor;
a memory in communication with the processor;
a transceiver in communication with the processor;
a malware on the memory; and
an agent logic on the memory fordiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,inserting a trigger into the list of discovered devices,receiving a request to connect to the trigger from the malware, andreporting a malware activity to an agent server on a network;
wherein the trigger appears to the malware to be one of the plurality of discovered devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Devices, systems, and methods are disclosed which leverage an agent that resides in a mobile communication device to detect Proximity based Mobile Malware Propagation (PMMP). The agent injects one or several trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices. However, the triggers connect to an agent server on a service provider'"'"'s network. Essentially, the method is based on the assumption that malware lacks the intelligence to differentiate the trigger network connection from a normal one. Therefore, by attempting to connect through the trigger network connection, the malware reveals itself. The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, and such attacks typically bypass network based security inspection in the network.
-
Citations
20 Claims
-
1. A mobile communication device comprising:
-
a processor; a memory in communication with the processor; a transceiver in communication with the processor; a malware on the memory; and an agent logic on the memory for discovering a plurality of devices in a proximity, compiling a list of discovered devices in the proximity, inserting a trigger into the list of discovered devices, receiving a request to connect to the trigger from the malware, and reporting a malware activity to an agent server on a network; wherein the trigger appears to the malware to be one of the plurality of discovered devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for tracking proximity-based mobile malware propagation, the system comprising:
-
a network; a mobile communication device in communication with the network; an agent server in communication with the network; a malware on the mobile communication device; and an agent logic on the mobile communication device for discovering a plurality of devices in a proximity, compiling a list of discovered devices in the proximity, inserting a trigger into the list of discovered devices, receiving a request to connect to the trigger, and reporting a malware activity to the agent server; wherein the trigger appears to the malware to be one of the plurality of discovered devices. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for tracking proximity-based mobile malware propagation, the method comprising:
-
discovering a plurality of devices in a proximity; compiling a list of discovered devices in the proximity; inserting a trigger into the list of discovered devices; receiving a request to connect to the trigger; and reporting a malware activity to an agent server on a network; wherein the trigger appears to a malware to be one of the plurality of discovered devices. - View Dependent Claims (17, 18, 19, 20)
-
Specification