System and method of malware sample collection on mobile networks
First Claim
Patent Images
1. A collection agent network device, comprising:
- a first network interface communicatively coupled to a mobile network comprising a plurality of mobile devices, wherein the first network interface is operably adapted for intercepting a network data sample destined for one of the mobile devices of the plurality of mobile devices of the mobile network before the network data sample arrives at the one of the mobile devices, wherein the collection agent network device is separate from the one of the mobile devices;
a protocol handler processing unit operably adapted to receive the network data sample from the first network interface, determine whether the network data sample includes executable code that is executable by the one of the mobile devices, and to extract the executable code from the network data sample when the network data sample is determined to include the executable code; and
a second network interface operably adapted for receiving the executable code from the protocol handler processing unit and for sending the executable code to a sample collection center when the protocol handler processing unit determines that the network data sample includes executable code that is executable by the one of the mobile devices, wherein the sample collection center is separate from the collection agent network device and the plurality of mobile devices of the mobile network.
15 Assignments
0 Petitions
Accused Products
Abstract
A collection agent monitors a mobile network for data samples containing executable code. The collection agent accepts executables and forwards them to a sample collection center for further analysis, reporting, or in some instances initiating one or more mitigating actions. Depending on the network protocol being monitored, the collection agent responds to connection attempts from nearby mobile devices.
-
Citations
20 Claims
-
1. A collection agent network device, comprising:
-
a first network interface communicatively coupled to a mobile network comprising a plurality of mobile devices, wherein the first network interface is operably adapted for intercepting a network data sample destined for one of the mobile devices of the plurality of mobile devices of the mobile network before the network data sample arrives at the one of the mobile devices, wherein the collection agent network device is separate from the one of the mobile devices; a protocol handler processing unit operably adapted to receive the network data sample from the first network interface, determine whether the network data sample includes executable code that is executable by the one of the mobile devices, and to extract the executable code from the network data sample when the network data sample is determined to include the executable code; and a second network interface operably adapted for receiving the executable code from the protocol handler processing unit and for sending the executable code to a sample collection center when the protocol handler processing unit determines that the network data sample includes executable code that is executable by the one of the mobile devices, wherein the sample collection center is separate from the collection agent network device and the plurality of mobile devices of the mobile network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of detecting malware for use in a mobile environment, the method comprising:
-
intercepting network communications destined for mobile devices in the mobile environment, wherein the network communications conform to a wireless protocol; determining whether a sample of the network communications destined for one of the mobile devices contains executable code; when the sample is determined to include executable code; accepting the executable code; verifying the executable code is executable by the one of the mobile devices; and when the executable code is verified to be executable by the one of the mobile devices, sending, by a collection agent network device comprising a processing unit and separate from the mobile devices, the executable code to a sample collection center, wherein the collection agent network device is communicatively coupled to the mobile network. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A wireless sample collection system, comprising:
-
A processor and a computer-readable storage medium having stored thereon instructions that, when executed by the processor, cause the processor to; intercept network communications destined for mobile devices in a mobile environment, wherein the network communications conform to a wireless network protocol; determine whether a sample of the network communications destined for one of the mobile devices contains executable code; accept the executable code when the sample includes the executable code; verify that the executable code is executable by the one of the mobile devices when the sample includes the executable code; and send, when the sample includes the executable code and when the executable code is verified to be executable by the one of the mobile devices, the executable code to a network management system, wherein the wireless sample collection system is communicatively coupled to the mobile network, and wherein the wireless sample collection system is separate from the mobile devices. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a processor of a collection agent network device to:
-
intercept network communications destined for mobile devices in a mobile environment, wherein the network communications conform to a wireless protocol; determine whether a sample of the network communications destined for one of the mobile devices contains executable code; when the sample is determined to include executable code; verify that the executable code is executable by the one of the mobile devices; and when the executable code is verified to be executable by the one of the mobile devices, send the executable code to a sample collection center, wherein the collection agent network device is communicatively coupled to the mobile network, and wherein the collection agent network device is separate from the mobile devices.
-
Specification