Cyber attack early warning system
First Claim
1. A computerized method, comprising:
- receiving data associated with an attack alert, the attack alert indicating detection of a malware attack from a remote source;
classifying the received data to produce a classified result, the classified result is to identify at least a type of the malware attack;
analyzing the classified result using an attack-specific engine that is configured to analyze the classified result according to the identified malware attack and generate an attack-specific result, the analyzing of the classified result comprises comparing, by each of a plurality of attack cores, features included in the classified results to features associated with a known type of malware attack, wherein each attack core of the plurality of attack cores is configured as a plug-in;
computing an attack value based on the attack-specific result and an analysis of potential attack targets, wherein the attack value is compared to a threshold value to determine whether or not to generate an early warning alert; and
generating the early warning alert when the attack value matches or exceeds the threshold value.
7 Assignments
0 Petitions
Accused Products
Abstract
An early warning system and method for generating an alert regarding a potential attack on a client device is provided for based on real-time analysis. The early warning system and method generally comprise receiving data associated with an attack alert, wherein the attack alert corresponds to an electrical signal that indicates detection of a malware attack from a remote source. The received data is analyzed using an attack-specific engine that is configured to generate an attack-specific result. An attack value is computed based on the attack-specific result and a consideration of potential attack targets, wherein the attack value is compared to a threshold value so as to determine whether or not to generate an early warning alert. An early warning alert is generated when the attack value matches or exceeds the threshold value.
-
Citations
20 Claims
-
1. A computerized method, comprising:
-
receiving data associated with an attack alert, the attack alert indicating detection of a malware attack from a remote source; classifying the received data to produce a classified result, the classified result is to identify at least a type of the malware attack; analyzing the classified result using an attack-specific engine that is configured to analyze the classified result according to the identified malware attack and generate an attack-specific result, the analyzing of the classified result comprises comparing, by each of a plurality of attack cores, features included in the classified results to features associated with a known type of malware attack, wherein each attack core of the plurality of attack cores is configured as a plug-in; computing an attack value based on the attack-specific result and an analysis of potential attack targets, wherein the attack value is compared to a threshold value to determine whether or not to generate an early warning alert; and generating the early warning alert when the attack value matches or exceeds the threshold value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
one or more processors; a storage module communicatively coupled to the one or more processors, the storage module including an input engine to receive data associated with an attack alert that indicates detection of a malware attack from a remote source, and classify the received data to produce a classified result, the classified result is to identify at least a type of the malware attack, an attack-specific engine, communicatively coupled to the input engine, to analyze the classified result according to the identified malware attack and to generate an attack-specific result, the attack-specific engine comprises (i) a plurality of attack cores and (ii) routing logic configured to route the classified result to at least one of the plurality of attack cores, each of the plurality of attack cores being configured as a plug-in that compares features included in the classified results with features associated with a known malware attack, a correlation engine communicatively coupled to the attack-specific engine, the correlation engine to compute an attack value based on the attack-specific result and a consideration of potential attack targets, wherein the attack value is compared to a threshold value to determine whether or not to generate an early warning alert, and reporting engine communicatively coupled to the correlation engine, the reporting engine to generate an early warning alert when the attack value matches or exceeds the threshold value. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification