Method and apparatus for detecting malware and recording medium thereof

US 9,361,461 B2
Filed: 05/21/2014
Issued: 06/07/2016
Est. Priority Date: 05/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method of detecting malware in a terminal via a server, the method comprising:

generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals;

calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals;

clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and

in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of detecting malware in a terminal, the method including: generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals; clustering the plurality of generated virtual machines into groups based on respective profile information of each terminal of the plurality of terminals; and in response to the malware being detected in a first terminal among the plurality of terminals, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine, via the second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as a first virtual machine.

13 Citations

View as Search Results

15 Claims

1. A method of detecting malware in a terminal via a server, the method comprising:
- generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals;
  
  calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals;
  
  clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and
  
  in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - obtaining respective configuration information and respective interaction information of each of the plurality of terminals among the plurality of terminals;
      
      calculating respective profile information of each of the plurality of terminals based on the respective configuration information and the respective interaction information; and
      
      exchanging, among the plurality of virtual machines, the calculated profile information among the virtual machines respectively corresponding to the plurality of terminals resulting in the exchanged profile information,wherein the clustering of the generated virtual machines comprises clustering the generated virtual machines based on the exchanged profile information.
  - 3. The method of claim 1, wherein the calculating of the similarity value among the plurality of terminals comprises:
    - storing respective profile information of each terminal of the plurality of terminals in the plurality of virtual machines respectively corresponding to the plurality of terminals; and
      
      exchanging, among the plurality of virtual machines, the stored profile information among the virtual machines respectively corresponding to the plurality of terminals, resulting in the exchanged profile information.
  - 4. The method of claim 3, wherein the exchanging of the stored profile information comprises exchanging the stored profile information among the plurality of virtual machines corresponding to terminals among the plurality of terminals performing communication with one another.
  - 5. The method of claim 1, wherein the providing of the information with respect to the detection of the malware comprises:
    - identifying a group in which the first virtual machine corresponding to the first terminal is included;
      
      detecting the second virtual machine included in the identified group; and
      
      transferring a message including the information with respect to the detection of the malware to the second terminal corresponding to the detected second virtual machine.

6. A method of detecting malware in a terminal, the method comprising:
- transferring information about a profile of the terminal to a virtual machine generated in a server, the virtual machine corresponding to the terminal;
  
  in response to the malware being detected in another terminal which is clustered into the same group as the terminal, receiving information with respect to the detection of the malware from the virtual machine; and
  
  displaying the received information with respect to the detection of the malware,wherein the terminal and the other terminal are clustered into the same group based on a similarity value calculated based on exchanged information about the profile of the terminal among the virtual machines respectively corresponding to the plurality of terminals.
- View Dependent Claims (7)
- - 7. The method of claim 6, further comprising:
    - in response to the malware being detected in the terminal, transferring information with respect to the detection of the malware to the server.

8. A server configured to detect malware of a terminal, the server comprising:
- a memory configured to store a plurality of virtual machines respectively corresponding to a plurality of terminals;
  
  a processor configured to calculate a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines based on respectively corresponding to the plurality of terminals and cluster the plurality of virtual machines based on the calculated similarity value; and
  
  a controller configured to provide, in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, information with respect to the detection of malware to a second terminal among the plurality of terminals corresponding to a second virtual machine, the second virtual machine being clustered into the same group as the first virtual machine.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The server of claim 8,wherein the controller is further configured to:
    - obtain respective configuration information and respective interaction information of each of the plurality of terminals among the plurality of terminals,calculate the respective profile information of each of the plurality of terminals based on the respective configuration information and the respective interaction information that are obtained, andexchange the stored profile information among the virtual machines respectively corresponding to the plurality of terminals, resulting in the exchanged profile information, andwherein the processor is further configured to cluster the stored virtual machines based on the exchanged profile information.
  - 10. The server of claim 8, wherein the memory is further configured to store the respective profile information of each terminal of the plurality of terminals in the plurality of virtual machines respectively corresponding to the plurality of terminals, andwherein, the controller is further configured to exchange the stored profile information among the virtual machines respectively corresponding to the plurality of terminals, resulting in the exchanged profile information.
  - 11. The server of claim 10, wherein the controller is further configured to exchange the stored profile information among plurality of virtual machines corresponding to terminals among the plurality of terminals performing communication with the terminal.
  - 12. The server of claim 8, wherein the controller is further configured to identify a group in which the first virtual machine corresponding to the first terminal is included, to detect the second virtual machine included in the identified group, and to transfer a message including the information with respect to the detection of the malware to the second terminal corresponding to the second virtual machine.

13. A terminal device configured to detect malware, the terminal device comprising:
- a transferor configured to transfer information about a profile of the terminal device to a virtual machine generated in a server, the virtual machine corresponding to the terminal;
  
  a receiver configured to, in response to the malware being detected in another terminal device which is clustered into the same group as the terminal, receive information with respect to a detection of malware from the virtual machine; and
  
  a display configured to display the received information with respect to the detection of the malware,wherein the terminal and the other terminal are clustered into the same group based on a similarity value calculated based on exchanged information about the profile of the terminal among the virtual machines respectively corresponding to the plurality of terminals.
- View Dependent Claims (14)
- - 14. The terminal device of claim 13, wherein the transferor is further configured to, in response to the malware is detected in the terminal, transfer information with respect to a detection of malware to the server.

15. A non-transitory computer-readable recording medium having recorded thereon a program for detecting malware in a terminal via a server, the method comprising:
- generating a plurality of virtual machines in the server, the plurality of virtual machines respectively corresponding to a plurality of terminals;
  
  calculating a similarity value among the plurality of terminals based on exchanged profile information among the virtual machines respectively corresponding to the plurality of terminals;
  
  clustering the plurality of generated virtual machines into groups based on the calculated similarity value; and
  
  in response to the malware being detected in a first terminal among the plurality of terminals corresponding to a first virtual machine among the plurality of virtual machines, providing information with respect to the detection of the malware to a second terminal among the plurality of terminals corresponding to a second virtual machine among the plurality of virtual machines, the second virtual machine being clustered into the same group as the first virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Mitra, Bivas
Primary Examiner(s)
Lee, Jason

Application Number

US14/283,496
Publication Number

US 20140351934A1
Time in Patent Office

748 Days
Field of Search

726/23, 726/24
US Class Current

1/1
CPC Class Codes

G06F 21/567 using dedicated hardware

Method and apparatus for detecting malware and recording medium thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting malware and recording medium thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links