MOBILE MALICIOUS SOFTWARE MITIGATION

US 20120233694A1
Filed: 03/11/2011
Published: 09/13/2012
Est. Priority Date: 03/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for malicious software mitigation in a wireless network, comprising:

receiving an internet protocol address that is exhibiting malicious software behavior, and a profile of the malicious software behavior being exhibited;

comparing the internet protocol address to a set of mobility logs maintaining information about activities of a set of devices associated with the wireless network; and

determining an identity of a device associated with the internet protocol address based on the comparing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mitigation of malicious software in wireless networks and/or on mobile devices is provided. A mobile malicious software mitigation component is provided that obtains an internet protocol address that is exhibiting malicious software behavior, a profile of the malicious software behavior, and a time of the malicious software behavior. The malicious software mitigation component can determine an identity of a mobile device that was assigned the internet protocol address during the time it was exhibiting malicious software behavior, and transmit the profile to the mobile device. In addition, the malicious software mitigation component determine if the duration of the assignment of the internet protocol address to the mobile device is sufficient for positive identification.

153 Citations

20 Claims

1. A method for malicious software mitigation in a wireless network, comprising:
- receiving an internet protocol address that is exhibiting malicious software behavior, and a profile of the malicious software behavior being exhibited;
  
  comparing the internet protocol address to a set of mobility logs maintaining information about activities of a set of devices associated with the wireless network; and
  
  determining an identity of a device associated with the internet protocol address based on the comparing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising determining a location of the device, and communicating the profile to the device.
  - 3. The method of claim 1, further comprising obtaining data relating to a time period in which the internet protocol address was exhibiting the malicious software behavior.
  - 4. The method of claim 3, wherein the comparing the internet protocol address to the set of mobility logs comprises analyzing the set of mobility logs and determining that the device was assigned the internet protocol address during the time period in which the internet protocol address was exhibiting the malicious software behavior.
  - 5. The method of claim 4, further comprising determining that the time period in which the internet protocol address was exhibiting the malicious software behavior and assigned the internet protocol address is less than a predetermined identification threshold, and in response to the time period being less than the predetermined identification threshold, confirming the identity of the device.
  - 6. The method of claim 5, wherein the confirming the identity of the device comprises determining that the device has been associated with another internet protocol address exhibiting malicious software behavior.
  - 7. The method of claim 5, wherein the confirming the identity of the device comprises determining that the device has been associated with the internet protocol address during a second time period, wherein the internet protocol address was exhibiting malicious software behavior during the second time period.
  - 8. The method of claim 1, wherein the determining the identity of the device comprises determining an International Mobile Subscriber Identity.
  - 9. The method of claim 1, wherein the receiving the internet protocol address exhibiting malicious software behavior includes receiving an address exhibiting bot behavior.
  - 10. The method of claim 1, wherein the receiving the internet protocol address and the profile comprises receiving the internet protocol address and the profile at a mobility network from a core network.
  - 11. The method of claim 1, wherein the comparing the internet protocol address to the set of mobility logs comprises querying a General Packet Radio Service Support Node.

12. A system for malicious software mitigation in a network, comprising:
- an alert acquisition component configured to receive an internet protocol address that is engaging in malicious software behavior, a profile of the malicious software behavior, and a time frame when the internet protocol address was engaging in the malicious software behavior;
  
  a correlation component configured to analyze a set of logs that maintain records regarding activities of a set of devices associated with the wireless network, and configured to determine an identifying characteristic of a mobile device that was assigned the internet protocol address during the time frame the internet protocol address was engaging in the malicious software behavior; and
  
  a communication component configured to send the profile to the mobile device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the network is a wireless network and the alert acquisition component is configured to execute in a mobility network and receive from a core network.
  - 14. The system of claim 12, further comprising a mobility component configured to maintain the set of logs, and configured to include a General Packet Radio Service Support Node.
  - 15. The system of claim 12, further comprising a confirmation component configured to delay the communication component from sending the profile, in response to the time frame being less than a predetermined identification threshold, until the correlation component determines that the mobile device has been associated with another internet protocol address suspected of engaging in other malicious software behavior during a disparate time frame.
  - 16. The system of claim 12, wherein the malicious software behavior includes bot behavior.
  - 17. The system of claim 12, wherein the identifying characteristic of the mobile device includes an International Mobile Equipment Identity associated with the device.

18. A method for malicious software mitigation in a wireless network, comprising:
- receiving, from a core network, an internet protocol address that is exhibiting bot behavior, a profile of the bot behavior, and a time when the internet protocol address was exhibiting the bot behavior;
  
  analyzing a set of mobility logs maintaining internet protocol address assignments by a mobility network and determining that a device in a set of devices associated with the wireless network was assigned the internet protocol address at the time the internet protocol address was exhibiting the bot behavior;
  
  determining an identity of the device based on the analyzing; and
  
  communicating the profile to the device.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising determining that a duration of the internet protocol address being assigned to the device is less than an identification duration threshold, and in response to the duration being less than the identification duration threshold, confirming the identity of the device.
  - 20. The method of claim 19, wherein the confirming the identity of the device comprises determining that the device has been associated with a different internet protocol address exhibiting bot behavior.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Baliga, Arati, Coskun, Baris, Van Wart, Christopher

Granted Patent

US 8,695,095 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/568   eliminating virus, restorin...

H04L 2463/144   Detection or countermeasure...

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

H04W 12/63   Location-dependent; Proximi...

MOBILE MALICIOUS SOFTWARE MITIGATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

153 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE MALICIOUS SOFTWARE MITIGATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links