Apparatus, and system for determining and cautioning users of internet connected clients of potentially malicious software and method for operating such
First Claim
1. A method for operating a customer data collection and protection apparatus which has a processor configured by a software product and a computer-readable local store of categorized targets comprises:
- transmitting to a central server reports on traffic to targets not categorized, wherein targets comprise actual Internet Protocol addresses;
receiving from the central server an update containing a list of uncategorized targets which are either a source or a destination of traffic patterns which suggest suspicious, malicious, or infectious behavior, wherein a target is an IP address for a real or fictitious host;
presenting end users with at least one warning of possible infection, malicious code, or suspicious behavior and controls for a malware cleanup tool,detecting a system visiting or attempting to connect to at least one suspicious, malicious, and/or infectious target based on the list received from the central server; and
observing, measuring, and recording meta data on traffic or attempts to connect to an uncategorized target, wherein meta data includes how many sources per unit time per destination.
9 Assignments
0 Petitions
Accused Products
Abstract
A system at a central server and at a plurality of web filters is installed to observe traffic and to protect users from attempting connection to suspicious, malicious, and/or infectious targets. Targets are defined as Uniform Resource Identifiers (URI) and Internet Protocol (IP) addresses. Traffic is collected, analyzed, and reported for further analysis. Behavior is analyzed for each client attempting a connection to an uncategorized target. IP addresses and URIs are evaluated toward placement in either a Trusted target store or an Anomalous target store. The accumulated content of Anomalous target store is provided back to the Network Service Subscriber Clients. Warnings and tools are presented when appropriate.
13 Citations
3 Claims
-
1. A method for operating a customer data collection and protection apparatus which has a processor configured by a software product and a computer-readable local store of categorized targets comprises:
-
transmitting to a central server reports on traffic to targets not categorized, wherein targets comprise actual Internet Protocol addresses; receiving from the central server an update containing a list of uncategorized targets which are either a source or a destination of traffic patterns which suggest suspicious, malicious, or infectious behavior, wherein a target is an IP address for a real or fictitious host; presenting end users with at least one warning of possible infection, malicious code, or suspicious behavior and controls for a malware cleanup tool, detecting a system visiting or attempting to connect to at least one suspicious, malicious, and/or infectious target based on the list received from the central server; and observing, measuring, and recording meta data on traffic or attempts to connect to an uncategorized target, wherein meta data includes how many sources per unit time per destination.
-
-
2. A method for operation of a central server which has a processor configured by a software product to detect and distribute identifiers of suspicious, infectious, and malicious targets comprises:
-
receiving from a plurality of web filter apparatus reports on traffic to or attempts to connect with uncategorized targets wherein targets are actual Internet Protocol addresses; applying by an analysis circuit rules and patterns which determine that traffic patterns suggest suspicious, malicious, or infectious behavior on the part of a sender; packaging by an update packaging circuit a list of uncategorized targets which are either a source or a destination of traffic patterns which suggest suspicious, malicious, or infectious behavior; and provisioning by an update distribution circuit the plurality of web filter apparatus with an update containing warnings, malware cleanup tools, and said list of uncategorized targets having suspicious, malicious, or infectious behavior.
-
-
3. A system comprising;
-
a network, attached computer systems, and instructions which when executed cause a central server to receive reports on uncategorized targets, to analyze traffic to and concerning said uncategorized targets, to distribute updates to a local store of categorized targets, wherein targets comprise actual Internet Protocol address; a circuit to report IP application traffic which has as a destination IP addresses which are not found in the local store of categorized targets; a circuit to receive and store an updated list of suspicious, malicious, or infectious targets, and a circuit to redirect a request to a target to a link to a warning to the operator of a client apparatus which has requested from or transmitted to one of the suspicious, malicious, or infectious targets on said list; wherein said central server comprises; a receiver circuit to receive reports on traffic to targets not categorized, wherein targets comprise actual Internet Protocol addresses; an analysis circuit to determine that traffic patterns suggest suspicious, malicious, or infectious behavior on the part of a sender; an update packaging circuit to assemble a list of uncategorized targets which are either a source or a destination of traffic patterns which suggest suspicious, malicious, or infectious behavior, and an update distribution circuit which transmits to or responds to requests from a plurality of customer data collection and protection apparatuses.
-
Specification