REAL-TIME NETWORK UPDATES FOR MALICIOUS CONTENT

US 20160026797A1
Filed: 07/07/2015
Published: 01/28/2016
Est. Priority Date: 06/16/2005
Status: Active Grant

First Claim

Patent Images

1. A method for establishing the reputation of message components, the method comprising:

transmitting over a network communication interface a request for data from a first electronic computing device;

receiving the requested data over the network communication interface;

a processor executing instructions out of a memory breaking the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; and

receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components;

comparing the received plurality of constituent components with the plurality of component parts;

identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; and

associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with a threat.

View all claims

24 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A global response network collects, analyzes, and distributes “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.

Citations

18 Claims

1. A method for establishing the reputation of message components, the method comprising:
- transmitting over a network communication interface a request for data from a first electronic computing device;
  
  receiving the requested data over the network communication interface;
  
  a processor executing instructions out of a memory breaking the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; and
  
  receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components;
  
  comparing the received plurality of constituent components with the plurality of component parts;
  
  identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; and
  
  associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with a threat.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - transmitting over a network communication interface a second request for additional data from a first electronic computing device;
      
      receiving the additional requested data over the network communication interface;
      
      the processor executing instructions out of the memory breaking the additional received data into a plurality of additional component parts;
      
      storing the plurality of additional component parts in a database;
      
      receiving a second set of information from a second electronic computing device, wherein the received information is associated with a bad reputation and includes a plurality of additional constituent components, and a processor at the second computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components;
      
      comparing the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components;
      
      identifying that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and
      
      associating each of the plurality of additional component parts with a threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with a threat.
  - 3. The method of claim 1, further comprising:
    - periodically transmitting over the network communication interface requests for additional data from the first electronic computing device;
      
      receiving the plurality of additional requested data over the network communication interface;
      
      a processor executing instructions out of a memory breaking the received data into a plurality of additional component parts; and
      
      storing the additional component parts in a database.
  - 4. The method of claim 1, wherein the bad reputation associated with the first set of information is identified by a processor at the second computing device according to one or more votes from one or more users.
  - 5. The method of claim 1, wherein the bad reputation associated with the first set of information is identified by the processor executing instructions out of the memory at the second computing device to include at least one of a computer virus or malware.
  - 6. The method of claim 1, wherein the processor executing instructions out of the memory also generates a signature from the data contained in the message, the signature associated with a recognized pattern in the message.

7. A non-transitory computer-readable storage medium having embodied thereon a program executable by a processor for performing a method for establishing the reputation of message components, the method comprising:
- transmitting over a network communication interface a request for data from a first electronic computing device;
  
  receiving the requested data over the network communication interface;
  
  a processor executing instructions out of a memory breaking the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; and
  
  receiving a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components;
  
  comparing the received plurality of constituent components with the plurality of component parts;
  
  identifying that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; and
  
  associating each of the plurality of component parts with a threat, wherein the database is updated with information indicating that the plurality of component parts are associated with a threat.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable storage medium of claim 7, the program further executable to:
    - transmit over a network communication interface a second request for additional data from a first electronic computing device;
      
      receive the additional requested data over the network communication interface;
      
      break the additional received data into a plurality of additional component parts;
      
      store the plurality of additional component parts in a database;
      
      receive a second set of information from a second electronic computing device, wherein the received information is associated with a bad reputation and includes a plurality of additional constituent components, and a processor at the second computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components;
      
      compare the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components;
      
      identify that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and
      
      associate each of the plurality of the plurality of additional component parts with a threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with a threat.
  - 9. The non-transitory computer-readable storage medium of claim 7, the program further executable to:
    - periodically transmit over the network communication interface requests for additional data from the first electronic computing device;
      
      receive the additional requested data over the network communication interface;
      
      a processor executing instructions out of a memory breaking the received data into a plurality of additional component parts; and
      
      store the additional component parts in a database.
  - 10. The non-transitory computer-readable storage medium of claim 7, wherein the bad reputation associated with the first set of information is identified by a processor at the second computing device according to one or more votes from one or more users.
  - 11. The non-transitory computer-readable storage medium of claim 7, wherein the bad reputation associated with the first set of information is identified by the processor executing instructions out of the memory at the second computing device to include at least one of a computer virus or malware.
  - 12. The non-transitory computer-readable storage medium of claim 7, wherein the processor executing instructions out of the memory also generates a signature from the data contained in the message, the signature associated with a recognized pattern in the message.

13. A system for establishing the reputation of message components, the system comprising:
- a data center electronic computing device including a processor, a memory, and one or more network communication interfaces, wherein the data center electronic computing device;
  
  transmits over a network communication interface of the one or more network communication interfaces a request for data from a first electronic computing device;
  
  receives the requested data over the network communication interface of the one or more network communication interfaces;
  
  breaks the received data into a plurality of component parts, wherein the plurality of component parts are stored in a database; and
  
  receives a first set of information from a second electronic computing device, wherein the received first set of information is associated with a bad reputation and includes a plurality of constituent components, and a processor at the second computing device generates the plurality of constituent components from data contained in a message by breaking the data contained in the message into the plurality of constituent components;
  
  compares the received plurality of constituent components with the plurality of component parts;
  
  identifies that at least one of the constituent components of the plurality of constituent components matches at least one of the component parts; and
  
  associates each of the component parts with a threat, wherein the database is updated with information indicating that the component parts are associated with a threat.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the data center electronic computing device:
    - transmits over a network communication interface of the one or more network communication interfaces a second request for additional data from the first electronic computing device;
      
      receives the additional requested data over the network communication interface of the one or more network communication interfaces;
      
      breaks the additional received data into a plurality of additional component parts;
      
      stores the plurality of additional component parts in a database;
      
      receives a second set of information from a second electronic computing device, wherein the received information is associated with a bad reputation and includes a plurality of additional constituent components, and a processor at the second computing device generates the plurality of additional constituent components from data contained in a second message by breaking the data from the second message into the plurality of additional constituent components;
      
      compares the received plurality of additional constituent components with the plurality of additional component parts and with the plurality of constituent components;
      
      identifies that at least one of the additional constituent components of the plurality of additional constituent components matches at least one of the plurality of additional component parts or at least one of the plurality of constituent components; and
      
      associates each of the plurality of the plurality of additional component parts with a threat, wherein the database is updated with information indicating that the plurality of additional component parts are associated with a threat.
  - 15. The system of claim 13, wherein the data center electronic computing device:
    - periodically transmits over the network communication interface of the one or more network communication interfaces requests for additional data from the first electronic computing device;
      
      receives the additional requested data over the network communication interface of the one or more network communication interfaces;
      
      breaks the received data into a plurality of additional component parts; and
      
      stores the additional component parts in a database.
  - 16. The system of claim 13, wherein the bad reputation associated with the first set of information is identified by a processor at the second computing device according to one or more votes from one or more users.
  - 17. The system of claim 13, wherein the bad reputation associated with the first set of information is identified by the processor executing instructions out of the memory at the second electronic computing device to include at least one of a computer virus or malware.
  - 18. The system of claim 13, wherein the processor executing instructions out of the memory at the second electronic computing device also generates a signature from the data contained in the message, the signature associated with a recognized pattern in the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Yanovsky, Boris, Eikenberry, Scott D., Bilogorskiy, Nick, Bhimaraju, Gayatri, Rachamreddy, Bhuvanasundar

Granted Patent

US 9,672,359 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

H04L 51/04   Real-time or near real-time...

H04L 63/1408   by monitoring network traff...

REAL-TIME NETWORK UPDATES FOR MALICIOUS CONTENT

First Claim

24 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

REAL-TIME NETWORK UPDATES FOR MALICIOUS CONTENT

First Claim

24 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links