Server-Side Malware Detection and Classification
First Claim
1. A system, comprising:
- a plurality of networked units;
at least one detection and classification unit comprising a physical memory, a processor, and a network access module;
the at least one detection and classification unit being configured to;
collect interaction data from the plurality of networked units;
cluster collected interaction data of at least two networked units;
identify pattern(s) based on observed similarities in the clustered interaction data; and
make a security determination based at least in part on the identified pattern(s).
2 Assignments
0 Petitions
Accused Products
Abstract
A server-side system that detects and classifies malware and other types of undesirable processes and events operating on network connected devices through the analysis of information collected from said network connected devices. The system receives information over a network connection and collects information that is identified as being anomalous. The collected information is analyzed by system process that can group data based on optimally suited cluster analysis methods. Upon clustering the information, the system can correlate an anomalous event to device status, interaction, and various elements that constitute environmental data in order to identify a pattern of behavior associated with a known or unknown strain of malware. The system further interprets the clustered information to extrapolate propagation characteristics of the strain of malware and determine a potential response action.
99 Citations
11 Claims
-
1. A system, comprising:
-
a plurality of networked units; at least one detection and classification unit comprising a physical memory, a processor, and a network access module; the at least one detection and classification unit being configured to; collect interaction data from the plurality of networked units; cluster collected interaction data of at least two networked units; identify pattern(s) based on observed similarities in the clustered interaction data; and make a security determination based at least in part on the identified pattern(s). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification