×

DISTRIBUTED SYSTEM FOR BOT DETECTION

  • US 20150326587A1
  • Filed: 08/12/2014
  • Published: 11/12/2015
  • Est. Priority Date: 05/07/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • executing, on a computer system including one or more processors, a characterizing module and an engagement module and a sinkhole module each executing one or more services on one or more ports;

    detecting, by the engagement module, suspicious activities by a source with respect to the one or more ports of the engagement module;

    allowing, by the engagement module, installation by the source of a malicious module in the engagement module;

    forwarding, by the engagement module, traffic generated by the malicious module, to the sinkhole module;

    responding, by the sinkhole module, to the traffic by processing the traffic and a transmitting a simulated response to the malicious module according to a service of the one or more services of the sinkhole module;

    transmitting by the engagement module a first plurality of events describing behavior of the malicious module executing within the engagement module;

    transmitting by the sinkhole module a second plurality of events processing of the traffic by the sinkhole module;

    correlating, by the characterizing module the first and second plurality of events to generate a descriptor of the malicious module; and

    using by one of the computer system and a different computer system, the descriptor to at least one of prevent an attempt to install the malicious module and remove an instance of the malicious module on the one of the computer system and the different computer system.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×