Identification of malicious activities through non-logged-in host usage

US 9,069,964 B2
Filed: 01/13/2014
Issued: 06/30/2015
Est. Priority Date: 12/16/2008
Status: Active Grant

First Claim

Patent Images

1. A computer system for identifying malware, the computer system comprising:

one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories, the program instructions comprising;

program instructions to receive a data communication simulating manual interaction between a user of a computer and the computer, wherein the data communication simulates manual user input, via a keyboard, to a chat session;

program instructions to determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication; and

program instructions, responsive to the classification of the data communication as a potential malware communication, to determine a program within the computer which initiated the data communication and delete the program which initiated the data communication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and associated computer program product for identifying malware. The system includes one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories. The program instructions include program instructions to receive a data communication simulating manual interaction between a user of the computer and the computer. The program instructions may determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication.

20 Citations

View as Search Results

11 Claims

1. A computer system for identifying malware, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories, the program instructions comprising;
  
  program instructions to receive a data communication simulating manual interaction between a user of a computer and the computer, wherein the data communication simulates manual user input, via a keyboard, to a chat session;
  
  program instructions to determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication; and
  
  program instructions, responsive to the classification of the data communication as a potential malware communication, to determine a program within the computer which initiated the data communication and delete the program which initiated the data communication.

2. A computer system for identifying malware, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more computer-readable storage devices, and program instructions stored on the one or more storage devices for execution by the one or more processors via the one or more memories, the program instructions comprising;
  
  program instructions to receive a data communication simulating manual interaction between a user of a computer and the computer;
  
  program instructions to determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication; and
  
  program instructions, responsive to the classification of the data communication as a potential malware communication, to determine a program within the computer which initiated the data communication and delete the program which initiated the data communication,wherein the program instructions to determine that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer determines that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer by determining that a user was logged on to the computer approximately at the time the data communication was received by the computer and the computer was at approximately the time the data communication was received by the computer, in a screen saver mode, in a keyboard-locked state, or in a screen powered-down mode.

3. A computer program product for identifying malware, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on the one or more storage devices, the program instructions comprising;
  
  program instructions to receive a data communication simulating manual interaction between a user of a computer and the computer, wherein the data communication simulates manual user input, via a keyboard, to a chat session; and
  
  program instructions to determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication.
- View Dependent Claims (4, 5)
- - 4. The computer program product of claim 3, further comprising:
    - program instructions, responsive to the classification of the data communication as a potential malware communication, to determine a program within the computer which initiated the data communication and delete the program which initiated the data communication.
  - 5. The computer program product of claim 3, wherein the program instructions to determine that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer determines that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer by determining that a user was logged on to the computer approximately at the time the data communication was received by the computer and the computer was at approximately the time the data communication was received by the computer, in a screen saver mode, in a keyboard-locked state, or in a screen powered-down mode.

6. A computer program product for identifying malware, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on the one or more storage devices, the program instructions comprising;
  
  program instructions to receive a data communication simulating manual interaction between a user of a computer and the computer; and
  
  program instructions to determine that no user was interactively logged on to the computer approximately at a time the data communication was received by the computer, and in response, classify the data communication as a potential malware communication,wherein the program instructions to determine that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer, determines that no user was interactively logged on to the computer approximately at the time the data communication was received by the computer, by determining that a user was logged on to the computer approximately at the time the data communication was received by the computer and the computer was at approximately the time the data communication was received by the computer, in a mode or state selected from the group consisting of a screen saver mode, a keyboard-locked state, or a screen powered-down mode.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The computer program product of claim 6, wherein the mode or state is the screen saver mode.
  - 8. The computer program product of claim 6, wherein the mode or state is the keyboard-locked state.
  - 9. The computer program product of claim 6, wherein the mode or state is the screen powered-down mode.
  - 10. The computer program product of claim 6, wherein the data communication simulates manual user input via a keyboard.
  - 11. The computer program product of claim 6, further comprising:
    - program instructions, responsive to the classification of the data communication as a potential malware communication, to determine a program within the computer which initiated the data communication and delete the program which initiated the data communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Ollmann, Gunter D.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US14/153,138
Publication Number

US 20140130169A1
Time in Patent Office

533 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/568   eliminating virus, restorin...

Identification of malicious activities through non-logged-in host usage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Identification of malicious activities through non-logged-in host usage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links