Malware detection device

US 8,245,296 B2
Filed: 05/23/2008
Issued: 08/14/2012
Est. Priority Date: 05/23/2008
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a memory to store instructions; and

a processor to execute the instructions to;

monitor data transmission between a first device and a second device, the data being transmitted via a pathway, and the pathway being a host-controlled peripheral bus, a peer-to-peer bus, or a point-to-point link;

analyze, using one or more malware signatures, the data transmitted between the first device and the second device;

determine, based on the one or malware signatures, if malware is contained in the data;

interrupt, when malware is contained in the data, transmission of the data between the first device and the second device;

receive, from the first device or the second device, one or more updated malware signatures;

analyze, using the one or more updated malware signatures, subsequent data transmitted between the first device and the second device;

determine, based on the one or more updated malware signatures, if malware is contained in the subsequent data; and

interrupt, when malware is contained in the subsequent data, transmission of the subsequent data between the first device and the second device.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An exemplary malware detection device includes a data pathway provided between a first data transfer device and a second data transfer device and a processor attached to the data pathway. A memory accessible by the processor contains at least one malware signature and instructions for controlling the processor to interconnect the first and second data transfer devices, direct at least a portion of a data transfer across the data pathway to the processor for analysis, independently analyze the portion of the data transfer using the malware signature, identify malware contained in the portion of the data transfer, and interrupt the data transfer based on the identification of malware.

Citations

18 Claims

1. A device, comprising:
- a memory to store instructions; and
  
  a processor to execute the instructions to;
  
  monitor data transmission between a first device and a second device, the data being transmitted via a pathway, and the pathway being a host-controlled peripheral bus, a peer-to-peer bus, or a point-to-point link;
  
  analyze, using one or more malware signatures, the data transmitted between the first device and the second device;
  
  determine, based on the one or malware signatures, if malware is contained in the data;
  
  interrupt, when malware is contained in the data, transmission of the data between the first device and the second device;
  
  receive, from the first device or the second device, one or more updated malware signatures;
  
  analyze, using the one or more updated malware signatures, subsequent data transmitted between the first device and the second device;
  
  determine, based on the one or more updated malware signatures, if malware is contained in the subsequent data; and
  
  interrupt, when malware is contained in the subsequent data, transmission of the subsequent data between the first device and the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 14, 15)
- - 2. The device according to claim 1, where the at least one malware signature includes at least one malware heuristic.
  - 3. The device according to claim 1, where the first device and the second device are each one of a computing system, a data storage unit, or a mobile communication device.
  - 4. The device according to claim 1, where the device is coupled to the first device and the second device.
  - 5. The device according to claim 1, further comprising a sleeve that secures an attachment of the device to at least one of the first device or the second device.
  - 6. The device according to claim 5, where the sleeve is an elastomeric material.
  - 14. The device according to claim 1, where the processor is further to:
    - transmit a request, to the first device or the second device, for the one or more updated malware signatures.
  - 15. The device according to claim 14, where the request includes at least one instruction to cause the first device or the second device to initiate, when the one or more updated malware signatures are not available at the first device or the second device, a network connection with a server to obtain the one or more updated malware signatures.

7. A method, comprising:
- monitoring data transmitted between a first device and a second device, the data being transmitted via a pathway, and the pathway being a host-controlled peripheral bus, a peer-to-peer bus, or a point-to-point link;
  
  analyzing, using one or more malware signatures, the data transmitted between the first device and the second device;
  
  determining, based on the one or more malware signatures, if malware is contained in the data;
  
  interrupting, when malware is contained in the data, transmission of the data between the first device and the second device;
  
  receiving, from the first device or the second device, one or more updated malware signatures;
  
  analyzing, using the one or more updated malware signatures, subsequent data transmitted between the first device and the second device;
  
  determining, based on the one or more updated malware signatures, if malware is contained in the subsequent data; and
  
  interrupting, when malware is contained in the subsequent data, transmission of the subsequent data between the first device and the second device.
- View Dependent Claims (8, 9, 10, 16, 17)
- - 8. The method according to claim 7, further comprising:
    - providing an alert to at least one of the first device or the second device when malware is contained in the data.
  - 9. The method according to claim 7, further comprising:
    - buffering at least a portion of the data prior to the analyzing.
  - 10. The method according to claim 7, further comprising:
    - comparing at least a portion of the data to the one or more malware signatures on a packet-by-packet basis.
  - 16. The method according to claim 7, further comprising:
    - transmitting a request, to the first device or the second device, for the one or more updated malware signatures.
  - 17. The method according to claim 16, where the request includes at least one instruction to cause the first device or the second device to initiate, when the one or more updated malware signatures are not available at the first device or the second device, a network connection with a server to obtain the one or more updated malware signatures.

11. A non-transitory computer-readable storage medium comprising:
- one or more instructions which, when executed by at least one processor, cause the at least one processor to analyze, using the one or more malware signatures, data transmitted between a first device and a second device, the data being transmitted via a pathway, and the pathway being a host-controlled peripheral bus, a peer-to-peer bus, or a point-to-point link;
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to determine, based on the one or more malware signatures, if malware is contained in the data;
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to interrupt, when malware is contained in the data, transmission of the data between the first device and the second device;
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to receive, from the first device or the second device, one or more updated malware signatures;
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to analyze, using the one or more updated malware signatures, subsequent data transmitted between the first device and the second device;
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to determine, based on the one or more updated malware signatures, if malware is contained in the subsequent data; and
  
  one or more instructions which, when executed by the at least one processor, cause the at least one processor to interrupt, when malware is contained in the subsequent data, transmission of the subsequent data between the first device and the second device.
- View Dependent Claims (12, 13, 18)
- - 12. The computer-readable storage medium according to claim 11, where the one or more malware signatures includes at least one malware heuristic.
  - 13. The computer-readable storage medium according to claim 11, where the device is coupled to the first device and the second device.
  - 18. The computer-readable storage medium according to claim 11, further comprising:
    - one or more instructions which, when executed by the at least one processor, cause the at least one processor to transmit a request, to the first device or the second device, for the one or more updated malware signatures, where the request includes at least one instruction to cause the first device or the second device to initiate, when the one or more updated malware signatures are not available at the first device or the second device, a network connection with a server to obtain the one or more updated malware signatures.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Archer, Steven T., Hubner, Paul V., Pate, Kristopher A., Dias, Francisco A.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
RAHMAN, MOHAMMAD L

Application Number

US12/126,571
Publication Number

US 20090293126A1
Time in Patent Office

1,544 Days
Field of Search

726/24, 726/22
US Class Current

726/22
CPC Class Codes

G06F 21/562 Static detection

Malware detection device

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Malware detection device

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links