Detecting malicious network content
First Claim
1. A method for detecting malicious content within data storage devices, the method comprising:
- detecting coupling of one or more data storage devices to an interface of a digital device upon insertion of the one or more data storage devices into the interface of the digital device;
quarantining data associated with the one or more data storage devices by (i) redirecting at least a portion of the data, transmitted from the one or more data storage devices, to a controller remotely located from the digital device for analysis and (ii) intercepting access requests from the digital device to access the data;
receiving, by the controller, the redirected data from the one or more data storage devices;
selecting an analysis from a plurality of analysis types based on an estimated amount of time needed for analysis of the redirected data for malware without exceeding a predetermined time allotted for analysis;
analyzing the redirected data with the selected analysis to determine whether the one or more data storage devices store malware; and
based on the determination, identifying whether the one or more data storage devices stores malware by providing a warning signal.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for detecting malicious content on portable data storage devices or remote network servers are provided. In an exemplary embodiment, a system comprises a quarantine module configured to detect one or more portable data storage devices upon insertion of the devices into a security appliance, wherein the security appliance is configured to receive the portable data storage devices, a controller configured to receive from the security appliance, via a communication network, data associated with the portable data storage devices, an analysis module configured to analyze the data to determine whether the data includes malware, and a security module to selectively identify, based on the determination, the one or more portable data storage devices storing the malware.
-
Citations
56 Claims
-
1. A method for detecting malicious content within data storage devices, the method comprising:
-
detecting coupling of one or more data storage devices to an interface of a digital device upon insertion of the one or more data storage devices into the interface of the digital device; quarantining data associated with the one or more data storage devices by (i) redirecting at least a portion of the data, transmitted from the one or more data storage devices, to a controller remotely located from the digital device for analysis and (ii) intercepting access requests from the digital device to access the data; receiving, by the controller, the redirected data from the one or more data storage devices; selecting an analysis from a plurality of analysis types based on an estimated amount of time needed for analysis of the redirected data for malware without exceeding a predetermined time allotted for analysis; analyzing the redirected data with the selected analysis to determine whether the one or more data storage devices store malware; and based on the determination, identifying whether the one or more data storage devices stores malware by providing a warning signal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 34, 35)
-
-
24. A method for detecting malicious content within data storage devices, the method comprising:
-
detecting a connection of a portable storage device to a host device upon insertion of the portable storage device into an interface of the host device; in response to the detected connection, quarantining data stored on the portable storage device by intercepting data transmitted from the portable storage device to the host device, and wherein access requests from the host device to access the data stored on the portable storage device are intercepted to further quarantine the data from the host device; selecting an analysis from a plurality of analysis types based on an estimated amount of time needed for analysis of the intercepted data for malware without exceeding a predetermined time allotted for analysis; analyzing the intercepted data with the selected analysis at a controller in communication with the host device via a communication network to determine whether the intercepted data includes malware; and based on the determination, selectively identifying the portable storage device as storing the malware. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A system for detecting malicious content within portable data storage devices, the system comprising:
-
a quarantine module configured to detect a connection of one or more data storage devices upon insertion of the one or more data storage devices into a digital device, the digital device being configured to receive the one or more data storage devices, wherein the quarantine module is configured to quarantine all data from an IP address of the data storage devices for a period of time by redirecting transmission of the data to a controller, from the one or more data storage devices, and intercepting access requests of the digital device to access the data; and the controller communicatively coupled to the digital device via a communication network, the controller configured to receive at least the redirected data from the quarantine module, the controller includes at least a heuristic module configured to select a heuristic analysis from a plurality of heuristic analysis types based on an estimated amount of time needed for analysis of the redirected data for malware without exceeding a predetermined time and to analyze the redirected data with the selected heuristic analysis to determine whether the redirected data includes malware; and a security module to selectively identify, based on the determination, the one or more data storage devices storing the malware. - View Dependent Claims (44, 45, 46, 47, 48, 49)
-
-
50. A non-transitory machine readable medium having embodied thereon executable code, the executable code being executed by a processor for performing a method for detecting malicious content within data storage devices, the method comprising:
-
detecting coupling of one or more data storage devices to a security appliance upon insertion of the one or more data storage devices into an interface of the security appliance, the security appliance being configured with the interface to receive the one or more data storage devices; quarantining, by the security appliance, data associated with the one or more data storage devices by redirecting the data that is transmitted from the one or more data storage devices to the security appliance to a controller, and intercepting access requests from the security appliance to access the data; receiving from the security appliance, via a communication network, at least the redirected data from the security appliance; selecting an analysis from a plurality of analysis types based on an estimated amount of time needed for analysis of the redirected data for malware without exceeding a predetermined time allotted for analysis; analyzing the redirected data with the selected analysis to determine whether the data includes malware; and based on the determination, selectively identifying the one or more data storage devices storing the malware. - View Dependent Claims (51, 52, 53, 54, 55, 56)
-
Specification