SYSTEM AND METHOD FOR IDENTIFYING MALICIOUS ACTIVITIES THROUGH NON-LOGGED-IN HOST USAGE
First Claim
Patent Images
1. A computer implemented method for identifying malware activities, implemented within a computer infrastructure, the method comprising:
- receiving a data communication via a data channel;
determining a user is not interactively logged in to a host; and
identifying the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for identifying malware activities, implemented within a computer infrastructure, includes receiving a data communication via a data channel and determining a user is not interactively logged in to a host. Additionally, the method includes identifying the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host.
11 Citations
20 Claims
-
1. A computer implemented method for identifying malware activities, implemented within a computer infrastructure, the method comprising:
-
receiving a data communication via a data channel; determining a user is not interactively logged in to a host; and identifying the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for identifying malware, the system comprising:
-
a storage, a memory and a central processing unit; first program instructions to receive a data communication via a data channel; second program instructions to determine a user is not interactively logged in to a host; and
;third program instructions to identify the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host, wherein the first, second and third program instructions are stored in the storage for execution by the central processing unit via the memory. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a computer usable storage medium having readable program code embodied in the storage medium, the computer program product includes at least one component operable to:
-
receive a data communication via a data channel; determine one of a user is not interactively logged in to a host and the user is interactively logged in to the host; identify the data communication as a potential malware communication in response to the determining the user is not interactively logged in to the host; identify the data communication as a non-malware communication in response to the determining the user is interactively logged in to the host, wherein; the determining the user is not interactively logged in to the host comprises determining at least one of; the user is not currently logged in to the host; the host is in a screen saver mode; the host is in a keyboard-locked state; and the host is in a screen powered-down mode, and the determining the user is interactively logged in to the host comprises determining; the user is currently logged in to the host; the host is not in the screen saver mode; the host is not in the keyboard-locked state; and the host is not in the screen powered-down mode.
-
Specification