System, method, and apparatus for providing network security

US 9,332,028 B2
Filed: 01/24/2014
Issued: 05/03/2016
Est. Priority Date: 01/25/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

proactively monitoring network traffic activity of a networked computing device within a protected domain in real-time, using a hardware processor;

in response to monitoring the network traffic activity of the networked computing device, determining that potential malware has been received at the networked computing device; and

in response to determining that potential malware has been received at the networked computing device, moving the potential malware from the networked computing device into an isolation hypervisor for analysis, wherein the analysis is performed during system interrupts by an Analytical Neural Network Interface (ANNI) enabling the ANNI to execute additional computations even though other networked computing devices of the protected domain are not executing any code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatuses for proactively protecting a computing network are disclosed. A proactive security mechanism is disclosed, among other things, with the ability to monitor a protected domain in real-time and safely identify inoculation procedures for responding to threats introduced to the protected domain via malware. The proactive security mechanism includes an Artificial Neural Network Interface (ANNI) configured to execute at least some features of the proactive security mechanism.

66 Citations

View as Search Results

18 Claims

1. A method, comprising:
- proactively monitoring network traffic activity of a networked computing device within a protected domain in real-time, using a hardware processor;
  
  in response to monitoring the network traffic activity of the networked computing device, determining that potential malware has been received at the networked computing device; and
  
  in response to determining that potential malware has been received at the networked computing device, moving the potential malware from the networked computing device into an isolation hypervisor for analysis, wherein the analysis is performed during system interrupts by an Analytical Neural Network Interface (ANNI) enabling the ANNI to execute additional computations even though other networked computing devices of the protected domain are not executing any code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the isolation hypervisor comprises a virtual machine that enables the potential malware to be safely booted within a virtual environment such that it can be decompiled for forensics.
  - 3. The method of claim 2, further comprising:
    - decompiling the potential malware within the isolation hypervisor;
      
      determining that the potential malware corresponds to actual malware;
      
      determining a signature unique to the actual malware; and
      
      storing the signature unique to the actual malware such that the signature unique to the actual malware is available for analysis at all computing devices connected to a protected domain.
  - 4. The method of claim 3, further comprising:
    - tracing a route path of the actual malware; and
      
      determining a source of the actual malware.
  - 5. The method of claim 1, wherein proactively monitoring network traffic activity of the networked computing device in real-time comprise analyzing at least one of the following:
    - contents of one or more packets received at the networked computing device;
      
      contents of one or more packet fragments received at the networked computing device;
      
      contents of one or more packet headers received at the networked computing device; and
      
      routines being executed by the networked computing device.
  - 6. The method of claim 5, further comprising:
    - monitoring user behavior at the networked computing device in addition to monitoring network traffic activity at the networked computing device.
  - 7. The method of claim 1, wherein the Analytical Neural Network Interface (ANNI) is used to at least one of monitor activity at the networked computing device, determine that the potential malware has been received at the networked computing device, and place the potential malware into the hypervisor.
  - 8. The method of claim 7, wherein the ANNI is used to analyze the potential malware in the isolation hypervisor.
  - 9. The method of claim 7, wherein the ANNI is executed in at least one of a Central Processing Unit (CPU), Graphics Processing Unit (GPU), and Accelerated Processing Unit (APU).
  - 10. The method of claim 1, further comprising:
    - deploying sensors at one or more facilities outside of the protected domain;
      
      analyzing, via the deployed sensors, at least one of behavioral and hacking trends; and
      
      based on the analysis at the deployed sensors, creating one or more countermeasures for execution within the protected domain in response to the at least one of behavioral and hacking trends.

11. A non-transitory computer-readable medium comprising processor-executable instructions that, when executed by a microprocessor, perform a method, the method comprising:
- proactively monitoring network traffic activity of a networked computing device within a protected domain in real-time;
  
  in response to monitoring the network traffic activity of the networked computing device, determining that potential malware has been received at the networked computing device; and
  
  in response to determining that potential malware has been received at the networked computing device, moving the potential malware from the networked computing device into an isolation hypervisor for analysis, wherein the analysis is performed during system interrupts by an Analytical Neural Network Interface (ANNI) enabling the ANNI to execute additional computations even though other networked computing devices of the protected domain are not executing any code.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the isolation hypervisor comprises a virtual machine that enables the potential malware to be safely booted within a virtual environment such that it can be decompiled for forensics.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the method further comprises:
    - decompiling the potential malware within the isolation hypervisor;
      
      determining that the potential malware corresponds to actual malware;
      
      determining a signature unique to the actual malware; and
      
      storing the signature unique to the actual malware such that the signature unique to the actual malware is available for analysis at all computing devices connected to a protected domain.
  - 14. The non-transitory computer-readable medium of claim 13, wherein the method further comprises:
    - tracing a route path of the actual malware; and
      
      determining a source of the actual malware.
  - 15. The non-transitory computer-readable medium of claim 11, wherein proactively monitoring network traffic activity of the networked computing device in real-time comprise analyzing at least one of the following:
    - contents of one or more packets received at the networked computing device;
      
      contents of one or more packet fragments received at the networked computing device;
      
      contents of one or more packet headers received at the networked computing device; and
      
      routines being executed by the networked computing device.
  - 16. The non-transitory computer-readable medium of claim 11, wherein the Analytical Neural Network Interface (ANNI) is used to at least one of monitor activity at the networked computing device, determine that the potential malware has been received at the networked computing device, and place the potential malware into the isolation hypervisor.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the ANNI is used to analyze the potential malware in the isolation hypervisor.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the ANNI is executed in at least one of a Central Processing Unit (CPU), Graphics Processing Unit (GPU), and Accelerated Processing Unit (APU).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Remtcs Inc.
Original Assignee
Remtcs Inc.
Inventors
Xaypanya, Tommy, Malinowski, Richard E.
Primary Examiner(s)
Thiaw, Catherine

Application Number

US14/163,186
Publication Number

US 20140215621A1
Time in Patent Office

830 Days
Field of Search

726 22- 24
US Class Current

1/1
CPC Class Codes

H04L 63/145 the attack involving the pr...

System, method, and apparatus for providing network security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and apparatus for providing network security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links