SYSTEM AND METHODS THEREOF FOR IDENTIFICATION OF SUSPICIOUS SYSTEM PROCESSES
First Claim
1. A computerized method for identification of suspicious processes executing on an end-point device communicatively connected to network, the network communicatively connected to a server, the method comprising:
- receiving, by the server, a record of at least one process, initiated by and executing on the end-point device;
identifying one or more parameters associated with the at least one process, wherein the one or more parameters indicate on at least whether the at least one process is a familiar or unfamiliar process;
identifying, corresponding to the identified one or more parameters, a first time pointer;
identifying a second time pointer at which a user associated with the end-point device initiated a user dependent process;
performing an action based on whether the second time pointer occurred before the first time pointer and whether the at least one process was initiated by the user in view of identification of user dependent processes and corresponding attribution.
2 Assignments
0 Petitions
Accused Products
Abstract
A computerized method for identification of suspicious processes executing on an end-point device communicatively connected to network, the network communicatively connected to a server, the method comprising receiving, by the server, a record of at least one process, initiated by and executing on by the end-point device. One or more parameters associated with the at least one process are identified. A first time pointer is identified corresponding to the identified one or more parameters, a first time pointer. A second time pointer at which a user associated with the end-point device initiated a user dependent process is identified. Whether the second time pointer occurred before the first time pointer is identified. It is determined whether the at least one process was initiated by the user based on identification of user dependent processes and corresponding attribution. An action is performed based on the above determination.
3 Citations
17 Claims
-
1. A computerized method for identification of suspicious processes executing on an end-point device communicatively connected to network, the network communicatively connected to a server, the method comprising:
-
receiving, by the server, a record of at least one process, initiated by and executing on the end-point device; identifying one or more parameters associated with the at least one process, wherein the one or more parameters indicate on at least whether the at least one process is a familiar or unfamiliar process; identifying, corresponding to the identified one or more parameters, a first time pointer; identifying a second time pointer at which a user associated with the end-point device initiated a user dependent process; performing an action based on whether the second time pointer occurred before the first time pointer and whether the at least one process was initiated by the user in view of identification of user dependent processes and corresponding attribution. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for identification of suspicious processes executing on an end-point device, comprising:
-
an interface to an enterprises'"'"' system; a mining unit for identification of at least one process initiated in the enterprise'"'"'s system; a processing unit; a memory coupled to the processing unit, the memory contains therein instructions that when executed by the processing unit configure the apparatus to identify suspicious processes, wherein the processing unit receives a record of the at least one process, the process executing on the end-point device and initiated by the end-point device, wherein the processing unit identifies one or more parameters associated with the at least one process and identifies a first time pointer at which the at least one process was initiated based on the one or more parameters, wherein the one or more parameters indicate on at least whether the at least one process is a familiar or unfamiliar process, wherein the processing unit identifies a second time pointer at which a user associated with the end-point device initiated a user dependent process and further determines whether the second time pointer occurred before the first time pointer, wherein the processing unit determines whether the at least one process was initiated by the user and takes appropriate action. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A computer program product including a computer readable medium comprising computer executable program recorded on a computer readable non-transitory storage medium, said computer executable program code when executed causing a computer to:
-
a) receive, by a server, a record of at least one process, initiated by and executing on by the end-point device; b) identify one or more parameters associated with the at least one process; c) identify, corresponding to the identified one or more parameters, a first time pointer, wherein the one or more parameters indicate on at least whether the at least one process is a familiar or unfamiliar process; d) identify a second time pointer at which a user associated with the end-point device initiated a user dependent process; e) determine whether the second time pointer occurred before the first time pointer; and f) determine, whether the at least one process was initiated by the user, based on identification of user dependent processes and corresponding attribution; and g) perform an action based on the determining in step e and step f. - View Dependent Claims (14, 15, 16, 17)
-
Specification