System and method of reporting and visualizing malware on mobile networks

US 9,069,957 B2
Filed: 10/09/2007
Issued: 06/30/2015
Est. Priority Date: 10/06/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A system that monitors malware within a mobile network, comprising:

a receiver component that obtains data regarding the malware transferred to a plurality of different mobile devices operating in the mobile network, the data comprising;

a first set of malware data, obtained from a first source positioned in the mobile network that monitors network data containing a first plurality of applications transferred to at least a first mobile device of the mobile devices and that scans the first plurality of applications to determine which of the first plurality of applications is a malware application, anda second set of malware data obtained from a second source positioned in the mobile network that monitors network data containing a second plurality of applications transferred to at least a second mobile device of the mobile devices and that scans the second plurality of applications to determine which of the second plurality of applications is a malware application,wherein the first source and the second source are separate from the first mobile device and the second mobile device, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;

an analysis component that processes the first set of malware data and the second set of malware data and generates a malware analysis of the malware applications included within the first plurality of applications transferred to the first mobile device of the mobile network and of the malware applications included within the second plurality of applications transferred to the second mobile device of the mobile network as a function of the data; and

a mitigation component that mitigates effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network management system monitors malware within a mobile network. The system comprises a receiver component that obtains data regarding malware in the mobile network. The data is obtained from a first source and a second source, where the first source is of a different type than the second source. The monitoring system also includes an analysis component that generates a malware analysis of the mobile network as a function of the data.

51 Citations

View as Search Results

29 Claims

1. A system that monitors malware within a mobile network, comprising:
- a receiver component that obtains data regarding the malware transferred to a plurality of different mobile devices operating in the mobile network, the data comprising;
  
  a first set of malware data, obtained from a first source positioned in the mobile network that monitors network data containing a first plurality of applications transferred to at least a first mobile device of the mobile devices and that scans the first plurality of applications to determine which of the first plurality of applications is a malware application, anda second set of malware data obtained from a second source positioned in the mobile network that monitors network data containing a second plurality of applications transferred to at least a second mobile device of the mobile devices and that scans the second plurality of applications to determine which of the second plurality of applications is a malware application,wherein the first source and the second source are separate from the first mobile device and the second mobile device, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;
  
  an analysis component that processes the first set of malware data and the second set of malware data and generates a malware analysis of the malware applications included within the first plurality of applications transferred to the first mobile device of the mobile network and of the malware applications included within the second plurality of applications transferred to the second mobile device of the mobile network as a function of the data; and
  
  a mitigation component that mitigates effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20, 21, 22, 23, 24, 25)
- - 2. The system of claim 1, wherein the first source and the second source are each selected from the group consisting of:
    - a mobile phone, a malware collection agent, a BlueTooth enabled mobile device, a WiFi enabled mobile device, an IEEE 802.x enabled mobile device, a network traffic analyzer, a firewall, a network switch, a network router, a gateway, a network management system, and an Operations, Administration, Maintenance, and Provisioning (OAM&
      
      P) network management system.
  - 3. The system of claim 1, wherein the first source comprises the at least one of the mobile devices, and wherein the second source comprises a network traffic analyzer positioned at the core of the mobile network.
  - 4. The system of claim 1, wherein the mitigation component is configured to perform a preventative action, and wherein the preventative action is selected from the group consisting of:
    - generation of an alert for transmission to at least one of the first and second mobile devices, direction of update of scanner software of the first and second mobile devices, and disablement of a data connection of the first and second mobile devices.
  - 5. The system of claim 1, further comprising:
    - a network analyzer component that obtains a data packet; and
      
      a malware scanner that evaluates the data packet and generates the data.
  - 6. The system of claim 1, further comprising a client data server that obtains the data from a mobile device within the mobile network.
  - 7. The system of claim 1, wherein the data includes mobile device specific information.
  - 8. The system of claim 1, wherein the malware analysis includes a spreading pattern based upon correlation of the data from the first source and the second source.
  - 9. The system of claim 1, further comprising a communication component that provides an update to a malware scanning algorithm at the first source.
  - 19. The system of claim 1, wherein the analysis component is configured to determine whether the first set of malware data includes an indication that executable code was transferred to or from a first mobile device within the mobile network, and whether the second set of malware data includes an indication that the same executable code was transferred to or from a second mobile device within the mobile network.
  - 20. The system of claim 19, wherein the analysis component is configured to indicate, within the malware analysis, the number of mobile devices within the mobile network to which the same executable code has been transferred.
  - 21. The system of claim 1, wherein the analysis component is configured to indicate, within the malware analysis, whether at least one of the first set of malware data and the second set of malware data indicate that executable code, transferred to or from a mobile device within the mobile network, includes malware.
  - 22. The system of claim 1, wherein the analysis component is configured to determine changes in malware activity levels represented by the data regarding the malware in the mobile network relative to historical malware data for the mobile network, and to indicate, within the malware analysis, the determined changes in the malware activity levels.
  - 23. The system of claim 1, wherein the analysis component is configured to indicate, within the malware analysis, types of malware over time based on the data regarding the malware in the mobile network and historical malware data for the mobile network.
  - 24. The system of claim 1, wherein the analysis component is configured to indicate, within the malware analysis, spread of malware over time based on the data regarding the malware in the mobile network and historical malware data for the mobile network.
  - 25. The system of claim 1, wherein the first source is positioned at a periphery of the mobile network, and wherein the second source is positioned within the core of the mobile network.

10. A method of monitoring a mobile network, comprising:
- obtaining malware data from which mobile device identity information for a plurality of different mobile devices operating in the mobile network is derived, wherein obtaining comprises;
  
  receiving a first set of malware data from a first source positioned in the mobile network that monitors network data containing a first plurality of applications transferred to at least a first mobile device of the mobile devices and that scans the first plurality of applications to determine which of the first plurality of applications is a malware application; and
  
  receiving a second set of malware data from a second source positioned in the mobile network that monitors network data containing a second plurality of applications transferred to at least a second mobile device of the mobile devices and that scans the second plurality of applications to determine which of the second plurality of applications is a malware application, wherein the first source and the second source are separate from the first mobile device and the second mobile device, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;
  
  processing the malware data to produce a malware analysis that facilitates operator comprehension of a malware on the mobile network, wherein the malware analysis provides an indication of the identity information for the mobile devices, and wherein the malware analysis provides indications of whether the malware is present on the identified mobile devices, and wherein the malware analysis provides indications of the malware applications included in the first plurality of applications transferred to the first mobile device of the mobile network and the malware applications included in the second plurality of applications transferred to the second mobile device as a function of the obtained data; and
  
  mitigating effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 26)
- - 11. The method of claim 10, further comprising:
    - receiving the malware data from one of the mobile devices; and
      
      transmitting an acknowledgement of receipt of the malware data to cause the one of the mobile devices to delete the malware data.
  - 12. The method of claim 10, wherein the first source and the second source are each selected from the group consisting of:
    - a mobile phone, a malware collection agent, a BlueTooth enabled mobile device, a WiFi enabled mobile device, an IEEE 802.x enabled mobile device, a network traffic analyzer, a firewall, a network switch, a network router, a gateway, a network management system, and an Operations, Administration, Maintenance, and Provisioning (OAM&
      
      P) network management system.
  - 13. The method of claim 10, wherein mitigating further comprises updating a firewall associated with the mobile network based at least in part on the malware analysis.
  - 14. The method of claim 10, wherein mitigating further comprises directing a network analyzer to intercept data packets based at least in part on the malware analysis, to cause the network analyzer to scan the intercepted data packets for malware.
  - 15. The method of claim 10, herein mitigating further comprises updating a network malware scanning algorithm based at least in part on the malware analysis.
  - 16. The method of claim 10, wherein mitigating further comprises updating a malware scanning algorithm of the first and second mobile devices based at least in part on the malware analysis.
  - 26. The method of claim 10, wherein the identity information for the mobile devices comprises telephone numbers for the mobile devices.

17. A system that facilitates mitigation of malware in a mobile network, comprising:
- means for obtaining data regarding the malware transferred to a plurality of different mobile devices operating in the mobile network, the data comprising;
  
  a first set of malware data obtained from a first source positioned in the mobile network that monitors network data containing a first plurality of applications transferred to at least a first mobile device of the mobile devices and that scans the first plurality of applications to determine which of the first plurality of applications is a malware application, anda second set of malware data obtained from a second source positioned in the mobile network that monitors network data containing a second plurality of applications transferred to at least a second mobile device of the mobile devices and that scans the second plurality of applications to determine which of the second plurality of applications is a malware application,wherein the first and second mobile devices are separate from the first and second sources, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;
  
  means for processing the first set of malware data and the second set of malware data and for generating a malware analysis of the malware applications included within the first plurality of applications transferred to the first mobile device of the mobile network and the malware applications within the second set of applications transferred to the second mobile device of the mobile network based at least in part upon the first malware data and the second malware data andmeans for mitigating effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.
- View Dependent Claims (18)
- - 18. The system of claim 17, wherein the first source and the second source are each selected from the group consisting of:
    - a mobile phone, a malware collection agent, a BlueTooth enabled mobile device, a WiFi enabled mobile device, an IEEE 802.x enabled mobile device, a network traffic analyzer, a firewall, a network switch, a network router, a gateway, a network management system, and an Operations, Administration, Maintenance, and Provisioning (OAM&
      
      P) network management system.

27. A method comprising:
- receiving a first set of malware data from a first source positioned in a mobile network regarding malware applications transferred to at least a first mobile device of a plurality of mobile devices operating in the mobile network, wherein the first source monitors network data containing a first plurality of applications transferred to the first mobile device and scans the first plurality of applications to determine which of the first plurality of applications is a malware application;
  
  receiving a second set of malware data from a second, different source positioned in the mobile network regarding malware applications transferred to at least a second mobile device of the plurality of mobile devices operating in the mobile network, wherein the second source monitors network data containing a second plurality of applications transferred to the second mobile device and scans the second plurality of applications to determine which of the second plurality of applications is a malware application, wherein the first source and the second source are separate from the first mobile device and the second mobile device, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;
  
  analyzing the first set of malware data and the second set of malware data to compare the first set of malware data to the second set of malware data, and to compare the first and second sets of malware data to historical malware data for the mobile network;
  
  generating a malware analysis, based on the analysis of the first and second sets of malware data and the historical malware data, that provides an indication of applications transferred to the mobile devices of the mobile network and an indication of one or more of changes in malware activity levels in the mobile network, types of malware in the mobile network, and spread of malware over time through the mobile network; and
  
  mitigating effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.
- View Dependent Claims (28)
- - 28. The method of claim 27, further comprising:
    - receiving, from the first source, an indication of executable code transferred to or from at least one of the one or more mobile devices; and
      
      receiving, from the second source, an indication of the same executable code transferred to or from at least one of the one or more mobile devices;
      
      wherein generating the malware analysis comprises providing an indication that the same executable code was transferred to or from two or more mobile devices of the mobile network.

29. A non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to:
- receive a first set of malware data from a first source positioned in a mobile network regarding malware applications transferred to at least a first mobile device of a plurality of mobile devices operating in the mobile network, wherein the first source monitors network data containing a first plurality of applications transferred to the first mobile device and scans the first plurality of applications to determine which of the first plurality of applications is a malware application;
  
  receive a second set of malware data from a second, different source positioned in the mobile network regarding malware applications transferred to at least a second mobile device of the plurality of mobile devices operating in the mobile network, wherein the second source monitors network data containing a second plurality of applications transferred to the second mobile device and scans the second plurality of applications to determine which of the second plurality of applications is a malware application, wherein the first source and the second source are separate from the first mobile device and the second mobile device, wherein the second source is of a different type than the first source, and wherein the first source and the second source are located at different positions within the mobile network;
  
  analyze the first set of malware data and the second set of malware data to compare the first set of malware data to the second set of malware data, and to compare the first and second sets of malware data to historical malware data for the mobile network;
  
  generate a malware analysis, based on the analysis of the first and second sets of malware data and the historical malware data, that provides an indication of applications transferred to the mobile devices of the mobile network and an indication of one or more of changes in malware activity levels in the mobile network, types of malware in the mobile network, and spread of malware over time through the mobile network; and
  
  mitigate effects of the malware applications transmitted to the first and second mobile devices based at least in part on an aggregation of the first set of malware data and the second set of malware data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Tuvell, George, Jiang, Chunyu
Primary Examiner(s)
Jeudy, Josnel

Application Number

US11/869,729
Publication Number

US 20080086773A1
Time in Patent Office

2,821 Days
Field of Search

713193-194, 713187-188, 726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/56   Computer malware detection ...

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

H04L 67/75   Indicating network or usage...

System and method of reporting and visualizing malware on mobile networks

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

29 Claims

Specification

Use Cases

Quick Links

Others

System and method of reporting and visualizing malware on mobile networks

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

29 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others