System and method for malware containment
First Claim
1. A malware containment method comprising:
- detecting a digital device upon connection with a communication network;
temporarily redirecting network data from the digital device by configuring a network switch of the communication network to direct the network data from the digital device to a controller coupled to the communication network; and
analyzing the temporarily redirected network data by the controller to detect malware within the digital device by at least configuring a virtual machine to receive the network data and analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack;
continuing to redirect the network data from the digital device until expiration of a predetermined period of time without detection of malware; and
continuing to redirect the network data from the digital device beyond the predetermined period of time when malware is detected.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for malware containment on connection is provided. In exemplary embodiments, digital devices are quarantined for a predetermined period of time upon connection to the communication network. When a digital device is quarantined, all network data transmitted by the digital device is temporarily directed to a controller which then analyzes the network data to identify unauthorized activity and/or malware within the newly connected digital device. An exemplary method to contain malware comprises detecting a digital device upon connection with a communication network, temporarily redirecting network data from the digital device, and analyzing the network data to identify malware within the digital device.
-
Citations
45 Claims
-
1. A malware containment method comprising:
-
detecting a digital device upon connection with a communication network; temporarily redirecting network data from the digital device by configuring a network switch of the communication network to direct the network data from the digital device to a controller coupled to the communication network; and analyzing the temporarily redirected network data by the controller to detect malware within the digital device by at least configuring a virtual machine to receive the network data and analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack; continuing to redirect the network data from the digital device until expiration of a predetermined period of time without detection of malware; and continuing to redirect the network data from the digital device beyond the predetermined period of time when malware is detected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 22)
-
-
11. A malware containment system comprising:
-
a memory to store instructions; and a controller for containing malware comprising; a processor; and a memory coupled to the processor, the memory comprises a quarantine module stored in the memory, the quarantine module that, when executed by the processor, configured to execute instructions stored in the memory to detects a digital device upon connection with a communication network, to temporarily redirect network data from the digital device to the controller, and an analysis module a policy engine stored in the memory, the analysis module that, when executed by the processor, configured to analyzes the temporarily redirected network data to detect malware within the digital device by at least (i) receiving and processing, by configuring a virtual machine, to receive the temporarily redirected network data and (ii) analyzing a response of the virtual machine to the processing of the temporarily redirected network data within the virtual machine to identify a malware attack, wherein the quarantine module is further configured to temporarily redirect the network data until expiration of a predetermined period of time without identifying the malware attack and continuing to redirect the network data beyond the predetermined period of time if the malware attack has been identified. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 44)
-
-
19. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executable by a processor for performing a malware containment method, the method comprising:
-
detecting a digital device upon connection with a communication network; redirecting network data from the digital device until a predetermined period of time expires by configuring a network switch of the communication network to direct the network data from the digital device to a controller coupled to the communication network; analyzing the redirected network data during the predetermined period of time to detect malware within the digital device by at least configuring a virtual machine to receive the network data and analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack; and generating an unauthorized activity signature directed to the newly detected malware associated with the malware attack, wherein the redirecting of the network data from the digital device (i) continues until expiration of the predetermined period of time without detection of malware and (ii) continues after the predetermined period of time expires when the malware is detected during the predetermined period of time. - View Dependent Claims (20, 21)
-
-
23. A malware containment method comprising:
-
detecting a digital device upon connection with a communication network; temporarily redirecting network data from the digital device by configuring a network switch of the communication network to direct the network data from the digital device to a controller coupled to the communication network; and analyzing the temporarily redirected network data to detect malware within the digital device by at least configuring a virtual machine to receive the network data and analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack; and generating an unauthorized activity signature based on detection of the malware, the unauthorized activity signature is used to subsequently identify the malware and mitigate vulnerabilities including changing a setting in a browser application on the digital device. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A malware containment system controller, comprising:
-
a processor; and a memory coupled to the processor, the memory comprises; a quarantine module stored in the memory and configured, when executed by the processor, to detect a digital device upon connection with a communication network, to temporarily redirect network data from the digital device to the controller; an analysis module stored in the memory and configured, when executed by the processor, to analyze the temporarily redirected network data to detect malware within the digital device by at least (i) receiving and processing the temporarily redirected network data by a virtual machine and (ii) analyzing a response of the virtual machine to the processing of the temporarily redirected network data to identify a malware attack, and a signature module stored in the memory and configured, when executed by the processor, to generate an unauthorized activity signature based on detection of the malware, the unauthorized activity signature is used to subsequently identify the malware and mitigate vulnerabilities including changing a setting in a browser application on the digital device. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 45)
-
-
40. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executable by a processor for performing a malware containment method comprising:
-
detecting a digital device upon connection with a communication network; redirecting network data from the digital device until a predetermined period of time expires by configuring a network switch of the communication network to direct the network data from the digital device to a controller coupled to the communication network; analyzing the redirected network data during the predetermined period of time to detect malware within the digital device by at least configuring a virtual machine to receive the network data and analyzing a response of the virtual machine to processing of the network data within the virtual machine to identify a malware attack; generating an unauthorized activity signature directed to the newly detected malware associated with the malware attack, the unauthorized activity signature is further used to subsequently mitigate vulnerabilities in one of an application or an operating system that is susceptible to the malware by changing a setting in the application or the operating system. - View Dependent Claims (41, 42, 43)
-
Specification