Distributed Malware Detection

US 20120330801A1
Filed: 06/27/2011
Published: 12/27/2012
Est. Priority Date: 06/27/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware, each of the plurality of files corresponding to a respective remote client of a plurality of remote clients;

processing, using the one or more processing units, an analysis of the first file for malware;

generating, using the one or more processing units, an output comprising an indication of whether the first file comprises malware;

accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients, the first remote client being the respective remote client corresponding to the first file; and

sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware. Each of the plurality of files corresponds to a respective remote client of a plurality of remote clients. Further, the method includes: processing, using the one or more processing units, an analysis of the first file for malware; and generating an output comprising an indication of whether the first file comprises malware. The method also includes accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients. The first remote client is the respective remote client corresponding to the first file. In addition, the method includes: sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.

412 Citations

23 Claims

1. A computer-implemented method, comprising:
- accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware, each of the plurality of files corresponding to a respective remote client of a plurality of remote clients;
  
  processing, using the one or more processing units, an analysis of the first file for malware;
  
  generating, using the one or more processing units, an output comprising an indication of whether the first file comprises malware;
  
  accessing, using the one or more processing units, an address for a first remote client of the plurality of remote clients, the first remote client being the respective remote client corresponding to the first file; and
  
  sending, using the one or more processing units, the output in a communication addressed to the first remote client corresponding to the first file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising generating an invoice indicating a fee to be paid by a customer associated with the first remote client.
  - 3. The method of claim 2, wherein generating the invoice comprises calculating the fee based at least in part on a duration of time that elapsed during the processing of the analysis of the first file for malware.
  - 4. The method of claim 2, wherein the fee is calculated on a per incident basis for the processing of the analysis of the first file for malware.
  - 5. The method of claim 1, further comprising:
    - accessing a sharing policy corresponding to the first remote client; and
      
      determining whether to share the output with a second remote client of the plurality of remote clients based at least in part on the sharing policy.
  - 6. The computer-implemented method of claim 1, wherein the output further comprises a parameter corresponding to the first file, the parameter usable by the first remote client in identifying another instance of the first file.
  - 7. The method of claim 1, wherein the first file comprises data indicating a result of a preliminary analysis of at least a portion of the first file for malware, the analysis conducted at the first remote client.
  - 8. The method of claim 1, wherein the first file comprises data indicating the address for the first remote client.
  - 9. The method of claim 1, wherein accessing data comprises accessing an email attachment.
  - 10. The method of claim 1, further comprising decrypting the first file using a key.
  - 11. The method of claim 1, wherein processing the analysis of the first file for malware comprises accessing input collected via a human interface.

12. A computing system comprising:
- an analysis console comprising one or more processing units, the analysis console operable to;
  
  access a first file of a plurality of files requested to be analyzed for malware, each of the plurality of files corresponding to a respective remote client of a plurality of remote clients;
  
  process an analysis of the first file for malware;
  
  generate an output comprising an indication of whether the first file comprises malware;
  
  access an address for a first remote client of the plurality of remote clients, the first remote client being the respective remote client corresponding to the first file; and
  
  send the output in a communication addressed to the first remote client corresponding to the first file.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The computing system of claim 12, wherein the analysis console is further operable to generate an invoice indicating a fee to be paid by a customer associated with the first remote client.
  - 14. The computing system of claim 13, wherein the analysis console is further operable to generate the invoice by calculating the fee based at least in part on a duration of time that elapsed during the processing of the analysis of the first file for malware.
  - 15. The computing system of claim 13, wherein the fee is calculated on a per incident basis for the processing of the analysis of the first file for malware.
  - 16. The computing system of claim 12, wherein the analysis console logic is further operable to:
    - access a sharing policy corresponding to the first remote client; and
      
      determine whether to share the output with a second remote client of the plurality of remote clients based at least in part on the sharing policy.
  - 17. The computing system of claim 12, wherein the output further comprises a parameter corresponding to the first file, the parameter usable by the first remote client in identifying another instance of the first file.
  - 18. The computing system of claim 12, wherein the first file comprises data indicating a result of a preliminary analysis of at least a portion of the first file for malware, the analysis conducted at the first remote client.
  - 19. The computing system of claim 12, wherein the first file comprises data indicating the address for the first remote client.
  - 20. The computing system of claim 12, wherein the first file is an email attachment.
  - 21. The computing system of claim 12, wherein the analysis console logic is further operable to decrypt the first file using a key.
  - 22. The computing system of claim 12, wherein the analysis console is further operable to process the analysis of the first file for malware by accessing input collected via a human interface.

23. Computer-readable storage media comprising logic that is operable when executed to:
- access a first file of a plurality of files requested to be analyzed for malware, each of the plurality of files corresponding to a respective remote client of a plurality of remote clients;
  
  process an analysis of the first file for malware;
  
  generate an output comprising an indication of whether the first file comprises malware;
  
  access an address for a first remote client of the plurality of remote clients, the first remote client being the respective remote client corresponding to the first file;
  
  send the output in a first communication addressed to the first remote client corresponding to the first file; and
  
  send the output in a second communication addressed to a second remote client of the plurality of remote clients.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint Federal Holdings LLC (Forcepoint LLC)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
McDougal, Monty D., Jennings, Randy S., Sterns, William E.

Granted Patent

US 8,640,246 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/32
CPC Class Codes

G06F 21/56 Computer malware detection ...

G06F 21/577 Assessing vulnerabilities a...

Distributed Malware Detection

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

412 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed Malware Detection

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

412 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links