PREDICTIVE SCORING MANAGEMENT SYSTEM FOR APPLICATION BEHAVIOR

US 20130167231A1
Filed: 12/21/2011
Published: 06/27/2013
Est. Priority Date: 12/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a server, information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness;

storing, by the server, the information regarding the known epitypes of malness;

building, by the server, a model based on the information regarding the known epitypes of malness stored by the server;

receiving, by the server, applications from a device for use with the model;

generating, by the server, malness scores for one or more of the applications using the data from the one or more applications in combination with the model; and

allowing one or more of the applications and/or the device to access a network when the malness scores for one or more of the applications is below a first threshold level or blocking one or more of the applications and/or the device from accessing the network when the malness score for one or more of the applications is above a second threshold level, where the first threshold level is less than the second threshold level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may be provided that comprises one or more servers to: receive information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness; store the information regarding the known epitypes of malness; generate rules for a model based on the information regarding the known epitypes of malness; input application data from an application on a device into the model; output a malness score from the model based on the application data; and allow the application and/or the device access to a network when the malness scores for the application is below a first threshold level, or block the application and/or the device access to the network when the malness score the application is above a second threshold level, where the first threshold level is less than the second threshold level.

77 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a server, information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness;
  
  storing, by the server, the information regarding the known epitypes of malness;
  
  building, by the server, a model based on the information regarding the known epitypes of malness stored by the server;
  
  receiving, by the server, applications from a device for use with the model;
  
  generating, by the server, malness scores for one or more of the applications using the data from the one or more applications in combination with the model; and
  
  allowing one or more of the applications and/or the device to access a network when the malness scores for one or more of the applications is below a first threshold level or blocking one or more of the applications and/or the device from accessing the network when the malness score for one or more of the applications is above a second threshold level, where the first threshold level is less than the second threshold level.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising setting the first threshold level and/or the second threshold level based on the malness scores for the known epitypes of malness.
  - 3. The method of claim 1, further comprising:
    - generating a malness propensity data structure using the malness scores for each of the one or more applications;
      
      receiving the malness propensity data structure;
      
      presenting the malness propensity data structure for display; and
      
      setting the first threshold level and/or the second threshold level based on the malness propensity data structure of the one or more applications.
  - 4. The method of claim 1, where building the model includes building the model based on code vector profiles from the known epitypes of malness stored by the server, where the code vector profiles are based on the malness scores and the behaviors corresponding to the known epitypes of malness.
  - 5. The method of claim 1, where the server comprises a cloud-based scoring engine server.
  - 6. The method of claim 1, further comprising:
    - determining that the malness score, for one of the one or more applications, is between the first threshold level and the second threshold level; and
      
      sending the malness score for the one of the one or more applications to an enterprise device and/or a malware management software program for determination of whether the one of the one or more applications and/or the device can access the network.
  - 7. The method of claim 1, further comprising:
    - revising the first threshold level and/or the second threshold level by an enterprise device and/or a malware management software program; and
      
      allowing or blocking one or applications based on the revised first threshold level and/or the revised second threshold level.

8. A system, comprising:
- one or more servers to;
  
  receive information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness;
  
  store the information regarding the known epitypes of malness;
  
  generate rules for a model based on the information regarding the known epitypes of malness;
  
  input application data from an application on a device into the model;
  
  output a malness score from the model based on the application data; and
  
  allow the application and/or the device access to a network when the malness scores for the application is below a first threshold level, or block the application and/or the device access to the network when the malness score the application is above a second threshold level, where the first threshold level is less than the second threshold level.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, where the one or more servers are further to:
    - set the first threshold level and/or the second threshold level based on the malness scores for the known epitypes of malness;
      
      orreceive the first threshold level and/or the second threshold level based on the malness scores for the known epitypes of malness,
  - 10. The system of claim 9, where the one or more servers are further to:
    - generate a malness propensity data structure using the malness scores for the application;
      
      receive the malness propensity data structure;
      
      present the malness propensity data structure for display; and
      
      setting the first threshold level and/or the second threshold level based on the malness propensity data structure of the one or more applications.
  - 11. The system of claim 8, where the one or more servers build the model by building the model based on code vector profiles from the known epitypes of malness stored by the server, where the code vector profiles are based on the malness scores and the behaviors corresponding to the known epitypes of malness.
  - 12. The system of claim 8, where at least one of the one or more of the servers comprises a cloud-based scoring engine server.
  - 13. The system of claim 8, where the one or more servers are further to:
    - determine that the malness score, for the application, is between the first threshold level and the second threshold level; and
      
      send the malness score for the application to an enterprise device and/or a malware management software program for determination of whether the application can access the network.
  - 14. The system of claim 8, where the one or more servers are further to:
    - revise the first threshold level and/or the second threshold level by an enterprise device and/or a malware management software program.

15. A system, comprising:
- an epitype storage server that receives information regarding known epitypes of malness, where the epitype storage server stores the information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness;
  
  a malness analysis server that builds a model based on the information regarding the known epitypes of malness stored by the epitype storage server; and
  
  a scoring engine server that uploads the model, where the scoring engine server receives applications from a list for malness scoring and generates a malness score for each of the applications using the model and data from the applications, where the scoring engine server;
  
  allows access to a network for one or more of the applications and/or the device with the one or more applications when the malness scores for one or more of the applications is below a first threshold level, orblocks access to the network for one or more of the applications and/or the device with the one or more applications when the malness score for one or more of the applications is above a second threshold level, where the first threshold level is less than the second threshold level.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, where the scoring engine server is further to:
    - setting the first threshold level and/or the second threshold level based on the malness scores for the known epitypes of malness.
  - 17. The system of claim 15, where the scoring engine server is further to:
    - generating a malness propensity data structure using the malness scores for each of the one or more applications;
      
      receiving the malness propensity data structure;
      
      presenting the malness propensity data structure for display; and
      
      setting the first threshold level and/or the second threshold level based on the malness propensity data structure of the one or more applications.
  - 18. The system of claim 15, where the scoring engine server is further to:
    - where building the model includes building the model based on code vector profiles from the known epitypes of malness stored by the server, where the code vector profiles are based on the malness scores and the behaviors corresponding to the known epitypes of malness.
  - 19. The system of claim 15, where the scoring engine server is further to:
    - determine that the malness score for one of the applications is between the first threshold level and the second threshold level;
      
      send the malness score for one of the applications to an enterprise device and/or a malware management software program for determination of whether the one of the applications can access the network; and
      
      block or allow access to the network by the one of the applications and/or the device based on instructions from the enterprise device and/or the malware management software program.
  - 20. The system of claim 19, where:
    - the epitype storage server receives additional information regarding additional and/or revised known epitypes of malness, where the epitype storage server stores the additional information regarding the additional and/or revised known epitypes of malness;
      
      the malness analysis server revises the model based on the additional information; and
      
      the scoring engine server generates a revised malness score for one or more of the applications using data from the one or more applications in combination with the model.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
RAMAN, Madhusudan, CHIPALKATTI, Renu, GETCHIUS, Jeffrey

Granted Patent

US 9,071,636 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/56   Computer malware detection ...

G06F 21/577   Assessing vulnerabilities a...

H04L 43/00   Arrangements for monitoring...

H04L 63/08   for authentication of entit...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

PREDICTIVE SCORING MANAGEMENT SYSTEM FOR APPLICATION BEHAVIOR

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

PREDICTIVE SCORING MANAGEMENT SYSTEM FOR APPLICATION BEHAVIOR

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others