MALWARE DETECTOR
First Claim
1. A transparent proxy, comprising:
- a) a monitor module configured to examine first data originating from at least one application running on a computing machine towards a remote server, said at least one application expecting a server response from said remote server;
b) a protocol determination module configured to identify the protocol type used for said first data generated from one of said at least one application;
c) a challenge generation module configured to;
i) produce a challenge for said one of said at least one application based upon said protocol type;
ii) send said challenge to said one of said at least one applicationiii) maintain a state related to;
(1) said data; and
(2) said challenge;
d) a response determination module configured to make a determination if an automatic non-interactive application response is received in response to said challenge from said one of said at least one application;
e) a first data control module configured to;
i) allow said first data to continue to said remote server when said determination is valid; and
ii) block said first data to continue to said remote server when said determination is invalid.
4 Assignments
0 Petitions
Accused Products
Abstract
A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
-
Citations
20 Claims
-
1. A transparent proxy, comprising:
-
a) a monitor module configured to examine first data originating from at least one application running on a computing machine towards a remote server, said at least one application expecting a server response from said remote server; b) a protocol determination module configured to identify the protocol type used for said first data generated from one of said at least one application; c) a challenge generation module configured to; i) produce a challenge for said one of said at least one application based upon said protocol type; ii) send said challenge to said one of said at least one application iii) maintain a state related to; (1) said data; and (2) said challenge; d) a response determination module configured to make a determination if an automatic non-interactive application response is received in response to said challenge from said one of said at least one application; e) a first data control module configured to; i) allow said first data to continue to said remote server when said determination is valid; and ii) block said first data to continue to said remote server when said determination is invalid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A transparent proxy, comprising:
-
a) a monitor module configured to examine first data originating from at least one application running on a computing machine towards a remote server, said at least one application expecting a server response from said remote server; b) a protocol determination module configured to identify the protocol type used for said first data generated from one of said at least one application; c) a challenge generation module configured to; i) produce a challenge for said one of said at least one application based upon said protocol type; ii) send said challenge to said one of said at least one application iii) maintain a state related to; (1) said data; and (2) said challenge; d) a response determination module configured to make a determination if an automatic non-interactive application response is received in response to said challenge from said one of said at least one application; e) a first data control module configured to; i) allow said server response from said remote server to be received by said one of said at least one application when said determination was valid; and ii) block said server response from said remote server to be received by the said one of said at least one application when said determination was invalid. - View Dependent Claims (15)
-
-
16. A transparent proxy, comprising:
-
a) a monitor module configured to examine first data originating from at least one application running on a computing machine towards a remote server, said at least one application expecting a server response from said remote server; b) a protocol determination module configured to identify the protocol type used for said first data generated from one of said at least one application; c) a challenge generation module configured to; i) produce a challenge for said one of said at least one application based upon said protocol type; ii) send said challenge to said one of said at least one application iii) maintain a state related to; (1) said data; and (2) said challenge; and d) a response determination module configured to make a determination if an automatic non-interactive application response is received in response to said challenge from said one of said at least one application. - View Dependent Claims (17, 18, 19, 20)
-
Specification