×

METHODS AND SYSTEMS FOR MALWARE HOST CORRELATION

  • US 20170149804A1
  • Filed: 11/20/2015
  • Published: 05/25/2017
  • Est. Priority Date: 11/20/2015
  • Status: Abandoned Application
First Claim
Patent Images

1. A method of detecting malicious network activity, the method comprising:

  • monitoring execution of malicious code on an infected network node;

    detecting a control interaction between the infected network node and a first remote network node;

    recording, in a knowledge base, first information representative of one or more actions taken by the malicious code subsequent to the control interaction;

    monitoring execution of suspect code on a protected network node;

    recording, in a communication log, second information representative of a second network interaction between the protected network node and a second remote network node;

    detecting one or more actions taken by the suspect code consistent with the one or more actions taken by the malicious code represented in the recorded first information; and

    based on detecting the one or more actions taken by the suspect code;

    (a) classifying the protected network node as infected,(b) identifying the second remote network node as a malicious end node, and(c) recording, in the knowledge base, a traffic model based on the recorded second information representative of the second network interaction.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×