Methods, Systems and Devices for the Detection and Prevention of Malware Within a Network

US 20120233656A1
Filed: 06/14/2011
Published: 09/13/2012
Est. Priority Date: 03/11/2011
Status: Active Grant

First Claim

Patent Images

1. A communication method, comprising:

receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow;

performing in the server a detection method to determine if the data flow carries malicious content;

generating restrictive policy rules in response to determining the data flow carries malicious content;

generating non-restrictive policy rules in response to determining the data flow does not carry malicious content; and

pushing the generated policy rules to a communication system gateway configured to control a flow of packet-based data between a wireless device and an external network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and devices examine data flows in a communication system control network for known malware threats and suspicious properties typically associated with malware threats. A policy management system inside the control network accesses a user repository and a charging network, and performs pattern matching and/or observed behavior detection methods to determine if the data flows carry content (e.g., malware) that poses a security risk to network or wireless devices. The policy management system generates policy rules based on user preferences and risk-level. The policy management system sends the generated policy rules to a gateway/PCEF, which blocks the data flows, allows the data flows, or restricts the data flow based on the policy rules.

113 Citations

20 Claims

1. A communication method, comprising:
- receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow;
  
  performing in the server a detection method to determine if the data flow carries malicious content;
  
  generating restrictive policy rules in response to determining the data flow carries malicious content;
  
  generating non-restrictive policy rules in response to determining the data flow does not carry malicious content; and
  
  pushing the generated policy rules to a communication system gateway configured to control a flow of packet-based data between a wireless device and an external network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein generating restrictive policy rules in response to determining the data flow carries malicious content comprises generating restrictive policy rules based on a subscriber'"'"'s usage history and a subscription level.
  - 3. The method of claim 1, wherein generating restrictive policy rules in response to determining the data flow carries malicious content comprises generating constraints that are proportional to a threat-level associated with the malicious content and generating restrictive policy rules that impose the generated constraints on the communication system gateway.
  - 4. The method of claim 1, further comprising transmitting malware detection feedback to a network component in a second external network.
  - 5. The method of claim 1, further comprising interacting with a wireless device user to determine user preferences in real-time via alert messages sent through a notification server to receive user preference parameters.
  - 6. The method of claim 1, wherein the data flow originates from the wireless device, and generating restrictive policy rules in response to determining the data flow carries malicious content comprises generating restrictive policy rules that instruct the communication system gateway to block future data flows originating from the wireless device.
  - 7. The method of claim 1, wherein performing a detection method to determine if the data flow carries content that is a security risk comprises performing a pattern matching detection method.
  - 8. The method of claim 7, wherein:
    - receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow comprises receiving parameters identifying binary-file characteristic information; and
      
      performing a pattern matching detection method comprises comparing the identified binary-file characteristic information with a binary-file characteristic of a known malware type to determine if the data flow carries content having binary-file characteristics of known malware.
  - 9. The method of claim 7, wherein:
    - receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow comprises receiving parameters identifying source and destination information; and
      
      performing in the server a pattern matching detection method comprises comparing the identified source and destination information against a list of known offender sources and destinations to determine if the data flow originates from a wireless device known to engage in malicious activity and if the data flow is destined for a website/server known to engage in malicious activities.
  - 10. The method of claim 7, wherein:
    - receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow comprises receiving parameters identifying destination information; and
      
      performing in the server a pattern matching detection method comprises comparing the identified destination information against a list of destinations known to be under attack to determine if a destination of the data flow is a network server under attack.
  - 11. The method of claim 7, wherein:
    - receiving in a server from one or more communication system control network components data flow parameters identifying characteristics of a data flow comprises receiving parameters identifying messaging information; and
      
      performing in the server a pattern matching detection method comprises comparing the identified messaging information with spam heuristics.
  - 12. The method of claim 1, wherein performing in the server a detection method to determine if the data flow carries content that is a security risk comprises performing a behavior oriented detection method.
  - 13. The method of claim 12, wherein performing a behavior oriented detection method comprises accessing information stored in a user repository of a control network.
  - 14. The method of claim 12, wherein performing a behavior oriented detection method comprises accessing information stored in a charging system of a control network.
  - 15. The method of claim 12, wherein performing a behavior oriented detection method comprises updating a counter value to monitor a number of data flows matching a specific behavior.
  - 16. The method of claim 12, wherein performing a behavior oriented detection method comprises performing monitoring operations in order to detect an unexpected rise in a number of requests matching a defined behavior from a specific wireless device.

17. A server, comprising:
- a memory; and
  
  a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising;
  
  receiving data flow parameters identifying characteristics of a data flow;
  
  performing a detection method to determine if the data flow carries malicious content;
  
  generating restrictive policy rules in response to determining the data flow carries malicious content;
  
  generating non-restrictive policy rules in response to determining the data flow does not carry malicious content; and
  
  pushing the generated policy rules to a communication system gateway configured to control a flow of packet-based data between a wireless device and an external network.
- View Dependent Claims (18)
- - 18. The server of claim 17, wherein the processor is configured with processor-executable instructions to perform operations further comprising transmitting malware detection feedback to a network component in a second external network.

19. A non-transitory computer readable medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations comprising:
- receiving from one or more communication system control network components data flow parameters identifying characteristics of a data flow;
  
  performing a detection method to determine if the data flow carries malicious content;
  
  generating restrictive policy rules in response to determining the data flow carries malicious content;
  
  generating non-restrictive policy rules in response to determining the data flow does not carry malicious content; and
  
  pushing the generated policy rules to a communication system gateway configured to control a flow of packet-based data between a wireless device and an external network.
- View Dependent Claims (20)
- - 20. The non-transitory computer readable medium of claim 19, wherein the stored processor-executable software instructions are configured to cause a processor to perform operations further comprising transmitting malware detection feedback to a network component in a second external network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Openet Telecom Limited (Amdocs Ltd.)
Original Assignee
Openet Telecom
Inventors
Rieschick, Gary, Dunne, Cameron Ross, McNamee, Alan, Hogan, Joe

Granted Patent

US 8,726,376 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

H04W 88/16   Gateway arrangements

Methods, Systems and Devices for the Detection and Prevention of Malware Within a Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

113 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, Systems and Devices for the Detection and Prevention of Malware Within a Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links