SYSTEMS FOR BI-DIRECTIONAL NETWORK TRAFFIC MALWARE DETECTION AND REMOVAL
First Claim
Patent Images
1. A system, comprising:
- A) one or more server computer communicatively coupled to a network configured to receive, from a client having a first network resource address, a request for a content from a website hosted on a hosting server computer having a second network resource address and resolving from a domain name, wherein said domain name is pointed in a DNS to a third network resource address for said one or more server computer;
B) a scrubbing center running on said one or more server computer, said scrubbing center comprising;
i) an intrusion prevention and detection module configured to;
a) determine whether an event associated with said first network resource address matches one or more of a plurality of event signatures in one or more network security device communicatively coupled to said network;
b) responsive to a determination that an event associated with said first network resource address matches one or more of said plurality of event signatures;
I) block said request for said content from reaching said hosting server;
orII) transmit said request for said content to a content sanitizer module running on said one or more of said one or more server computerii) a reputation service module configured to;
a) generate a second malicious network resource address database;
b) determine whether said second network resource address is stored in said second malicious network resource address database; and
c) responsive to a determination that said second network resource address is stored in said second malicious network resource address database;
I) transmit a response to said client indicating that said second network resource address is stored in said second malicious network resource address database;
orII) transmit said content to said content sanitizer module; and
iii) said content sanitizer module configured to;
a) receive a determination whether said request for said content comprises a server-directed malware and, responsive to receiving a determination that said request for said content comprises a server-directed malware;
I) block said request for content from reaching said hosting server;
orII) remove said server-directed malware from said request for said content; and
transmit a scrubbed request for said content to said hosting server computer, said scrubbed request for said content comprising said request for said content having said server-directed malware removed; and
b) receive a determination whether said content comprises a client-directed malware and, responsive to receiving a determination that said content comprises a client-directed malware;
I) block said content from reaching said client;
orII) remove said client-directed malware from said content; and
transmit a scrubbed content to said client, said scrubbed content comprising said content having said client-directed malware removed.
4 Assignments
0 Petitions
Accused Products
Abstract
An exemplary bi-directional network traffic malware detection and removal system may comprise a scrubbing center running one or more server computer communicatively coupled to a network configured to receive a request for website content, remove any server-directed malware from the content request, transmit the scrubbed content request to the website'"'"'s hosting server, receive the responsive website content, remove and client-directed malware from the content, and transmit the scrubbed content to the requesting client.
47 Citations
23 Claims
-
1. A system, comprising:
-
A) one or more server computer communicatively coupled to a network configured to receive, from a client having a first network resource address, a request for a content from a website hosted on a hosting server computer having a second network resource address and resolving from a domain name, wherein said domain name is pointed in a DNS to a third network resource address for said one or more server computer; B) a scrubbing center running on said one or more server computer, said scrubbing center comprising; i) an intrusion prevention and detection module configured to; a) determine whether an event associated with said first network resource address matches one or more of a plurality of event signatures in one or more network security device communicatively coupled to said network; b) responsive to a determination that an event associated with said first network resource address matches one or more of said plurality of event signatures; I) block said request for said content from reaching said hosting server;
orII) transmit said request for said content to a content sanitizer module running on said one or more of said one or more server computer ii) a reputation service module configured to; a) generate a second malicious network resource address database; b) determine whether said second network resource address is stored in said second malicious network resource address database; and c) responsive to a determination that said second network resource address is stored in said second malicious network resource address database; I) transmit a response to said client indicating that said second network resource address is stored in said second malicious network resource address database;
orII) transmit said content to said content sanitizer module; and iii) said content sanitizer module configured to; a) receive a determination whether said request for said content comprises a server-directed malware and, responsive to receiving a determination that said request for said content comprises a server-directed malware; I) block said request for content from reaching said hosting server;
orII) remove said server-directed malware from said request for said content; and
transmit a scrubbed request for said content to said hosting server computer, said scrubbed request for said content comprising said request for said content having said server-directed malware removed; andb) receive a determination whether said content comprises a client-directed malware and, responsive to receiving a determination that said content comprises a client-directed malware; I) block said content from reaching said client;
orII) remove said client-directed malware from said content; and
transmit a scrubbed content to said client, said scrubbed content comprising said content having said client-directed malware removed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification