MOBILE MALWARE DETECTION AND USER NOTIFICATION

US 20160232349A1
Filed: 02/09/2015
Published: 08/11/2016
Est. Priority Date: 02/09/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

detecting, by a malware detection gateway device associated with a mobile service provider network, a malware event based on a data stream transmitted to or from a portable computing device communicating with a packet data network via the mobile service provider network; and

causing a malware reporting/notification message to be sent to a user of the portable computing device, by sending, by the malware detection gateway device, a malware indicating message to a lookup device, wherein the malware indicating message comprises an Internet Protocol (IP) address of the portable computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for detecting and responding to malware events associated with mobile/portable computing devices by means of a malware detection gateway device associated with a mobile service provider network are provided. According to one embodiment, a malware detection gateway device associated with a mobile service provider network detects a malware event based on a data stream transmitted to or from a portable computing device communicating with a packet data network via the mobile service provider network. Responsive thereto, the malware detection gateway device causes a malware reporting/notification message to be sent to a user of the portable computing device by sending a malware indicating message, including an Internet Protocol (IP) address of the portable computing device, to a lookup device.

Citations

31 Claims

1. A method comprising:
- detecting, by a malware detection gateway device associated with a mobile service provider network, a malware event based on a data stream transmitted to or from a portable computing device communicating with a packet data network via the mobile service provider network; and
  
  causing a malware reporting/notification message to be sent to a user of the portable computing device, by sending, by the malware detection gateway device, a malware indicating message to a lookup device, wherein the malware indicating message comprises an Internet Protocol (IP) address of the portable computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein said detecting a malware event comprises observing activity of the portable computing device that is indicative of malware resident on the portable computing device.
  - 3. The method of claim 1, wherein said detecting a malware event comprises detecting malicious content within the data stream.
  - 4. The method of claim 3, wherein said detecting malicious content comprises performing pattern matching of content within the data stream with one or more of signatures or rules.
  - 5. The method of claim 1, wherein the malware event is associated with one or more of a virus, a trojan, an exploit, an attack, spyware, an unexpected data stream, blocked content, a security breach and a security violating application.
  - 6. The method of claim 1, wherein the malware indicating message further comprises one or more of a time of detection of the malicious content, a type of malware associated with the malware event, a severity of the malware, a security policy violated, a type of security breach, details of the security breach, and properties of the malware.
  - 7. The method of claim 1, wherein said causing a malware reporting/notification message to be sent to a user of the portable computing device comprises sending, by the malware detection gateway device, the malware reporting/notification message to the user responsive to receiving user details from the lookup device.
  - 8. The method of claim 1, wherein said causing a malware reporting/notification message to be sent to a user of the portable computing device comprises triggering the malware reporting/notification message to be sent by the lookup device responsive to the malware indicating message.
  - 9. The method of claim 1, wherein said causing a malware reporting/notification message to be sent to a user of the portable computing device comprises triggering the the malware reporting/notification message to be sent by a network operator of the mobile service provider network responsive to the malware indicating message.
  - 10. The method of claim 1, wherein the malware reporting/notification message comprises one or more of sending the user one or more of a Short Message Service (SMS) message, a telephone call, an electronic mail (email) message, a Multimedia Messaging Service (MMS) message and wherein the malware reporting/notification message includes information regarding the malware event and giving the user a set time by which to address the malware event.
  - 11. The method of claim 1, wherein the lookup device includes or forms part of a Policy Control and Resource Function (PCRF) of the mobile service provider network.
  - 12. The method of claim 1, wherein the lookup device includes or forms part of a Mobile Device Management (MDM) function of the mobile service provider network.
  - 13. The method of claim 1, wherein the malware indicating message comprises a Diameter message.
  - 14. The method of claim 1, wherein the malware indicating message comprises a Remote Authentication Dial In User Service (RADIUS) message.
  - 15. The method of claim 1, further comprising, responsive to receipt of the malware indicating message, identifying the user by the lookup device based on the IP address.
  - 16. The method of claim 14, further comprising extracting information relating to the user, wherein the information comprises calling patterns, message patterns, application usage patterns, types of content accessed by the portable computing device and user attributes.
  - 17. The method of claim 1, further comprising logging, by the malware detection gateway, information regarding the malware event.

18. A malware detection system operable within a mobile service provider network comprising:
- one or more processors;
  
  a communication interface device;
  
  one or more internal data storage devices operatively coupled to the one or more processors and storing instructions representing;
  
  a malware detection module configured to detect malicious content within a data stream originating from or directed to a portable computing device communicating with a packet data network via the mobile service provider network;
  
  a user lookup module configured to identify a user corresponding to the portable computing device based on a lookup table and a unique identifier associated with the portable computing device; and
  
  a malware-indicating message module configured to query the user lookup module by providing information relating to the detected malicious content and the unique identifier;
  
  a malware reporting module configured to notify the user of the detected malicious content.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. The system of claim 18, wherein the information relating to the detected malicious content comprises one or a combination of a time of detection, a type of malware, severity of the malware, a security policy violated, a type of security breach, details of the security breach and properties of the malware.
  - 20. The system of claim 18, wherein the unique identifier comprises an Internet Protocol (IP) address associated with the portable computing device.
  - 21. The system of claim 18, wherein the malware reporting module is further configured to send a notification to the user in a form of one or more of a Short Message Service (SMS) message, a telephone call, an electronic mail (email) message, a Multimedia Messaging Service (MMS) message and wherein the notification includes information regarding the detected malicious content and giving the user a set time by which to take action to address the detected malicious content.
  - 22. The system of claim 18, wherein malicious content comprises one or a combination of a virus, a trojan, an exploit, an attack, spyware, an unexpected data stream, blocked content and a security breach or a security violation.
  - 23. The system of claim 18, wherein the lookup table forms part of a Policy Control and Resource Function (PCRF) of the mobile service provider network.
  - 24. The system of claim 18, wherein the lookup table forms part of a Mobile Device Management (MDM) function of the mobile service provider network
  - 25. The system of claim 18, wherein the lookup table is stored in a database operatively coupled with the mobile service provider network.
  - 26. The system of claim 18, wherein the malware-indicating message module queries the user lookup module by sending the user lookup module a Diameter message.
  - 27. The system of claim 18, wherein the malware-indicating message module queries the user lookup module by sending the user lookup module a Remote Authentication Dial In User Service (RADIUS) message.
  - 28. The system of claim 18, wherein the user lookup module is further configured to extract information relating to the user, wherein the information comprises calling patterns, message patterns, application usage patterns, types of content accessed by the portable computing device and user attributes.
  - 29. The system of claim 18, wherein the malware detection module is further configured to apply one or more rules to content within the data stream or match the content with one or more signatures.
  - 30. The system of claim 18, further comprising a malware information log generation module configured to log information regarding detected malicious content.
  - 31. The system of claim 18, wherein the portable computing device comprises a smartphone, a mobile phones a Personal Digital Assistant (PDA) or a tablet personal computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Baeder, Rainer

Application Number

US14/617,787
Publication Number

US 20160232349A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/561   Virus type analysis

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04W 12/128   Anti-malware arrangements, ...

H04W 4/12   Messaging; Mailboxes; Annou...

H04W 68/00   User notification, e.g. ale...

MOBILE MALWARE DETECTION AND USER NOTIFICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

MOBILE MALWARE DETECTION AND USER NOTIFICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links