Method and system for protection against information stealing software
First Claim
1. A method for monitoring a plurality of electronic devices to detect infection by unwanted software, the method comprising:
- installing, using a management unit executing on a processor and in communication with the plurality of electronic devices, a software agent on each of the plurality of electronic devices, each of the software agents configured to perform a login session using a bait that contains artificial sensitive information, and configured to insert parameters into the bait prior to transmission of an electronic output of the plurality of electronic devices;
monitoring, using a traffic analyzer executing on an electronic device, the electronic output; and
analyzing, using a decision system executing on a processor and in communication with the traffic analyzer, the electronic output in response to the bait to determine the existence of unwanted software based on the electronic output including a transmission of the bait unrelated to the login session to another electronic device.
16 Assignments
0 Petitions
Accused Products
Abstract
A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.
213 Citations
18 Claims
-
1. A method for monitoring a plurality of electronic devices to detect infection by unwanted software, the method comprising:
-
installing, using a management unit executing on a processor and in communication with the plurality of electronic devices, a software agent on each of the plurality of electronic devices, each of the software agents configured to perform a login session using a bait that contains artificial sensitive information, and configured to insert parameters into the bait prior to transmission of an electronic output of the plurality of electronic devices; monitoring, using a traffic analyzer executing on an electronic device, the electronic output; and analyzing, using a decision system executing on a processor and in communication with the traffic analyzer, the electronic output in response to the bait to determine the existence of unwanted software based on the electronic output including a transmission of the bait unrelated to the login session to another electronic device. - View Dependent Claims (2, 3, 4, 5, 12, 15)
-
-
6. A system for monitoring a plurality of electronic devices to detect infection by unwanted software, the system comprising:
-
an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a management unit that is in communication with the plurality of electronic devices, the management unit configured to install a software agent on each of the plurality of electronic devices, wherein each of the software agents are configured to perform a login session using a bait that contains artificial sensitive information and insert parameters into the bait before transmission of an electronic output of the plurality of electronic devices; an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a traffic analyzer and in communication with the computer network, the traffic analyzer configured to monitor the electronic output of the plurality of electronic devices; and an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a decision system that is in communication with the traffic analyzer, the decision system configured to determine the existence of unwanted software based on a transmission of the bait unrelated to the login session by one of the plurality of electronic devices to another electronic device. - View Dependent Claims (7, 13, 14, 16)
-
-
8. A method for monitoring a first group of electronic devices to detect infection by unwanted software, the method comprising:
-
installing a software agent on each of the electronic devices of the first group, the software agent being configured to perform a login session using a bait that contains artificial sensitive information for each one of the electronic devices of the first group, wherein the software agent is further configured to insert parameters into the bait prior to transmission of a first electronic output of the first group of electronic devices; monitoring, using a first electronic device, the first electronic output to a network from at least one electronic device of the first group; monitoring, using the first electronic device, a second electronic output to the network from at least one of the electronic devices of a second group of electronic devices; and analyzing the first and second electronic output to identify that the first electronic output includes a transmission of the bait unrelated to the login session to a third electronic device to determine the existence of unwanted software within the first group. - View Dependent Claims (9, 17)
-
-
10. A system for monitoring a first group of electronic devices to detect infection by unwanted software, the system comprising:
-
an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a management unit for installing a software agent on each of the electronic devices of the first group, the software agent being configured to perform a login session using a bait that contains artificial sensitive information on each of the electronic devices of the first group, and to insert parameters into the bait prior to transmission of an electronic output by the first group of electronic devices; an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a traffic analyzer executing on a first electronic device and in communication with the first group and a second group of electronic devices by a computer network, the traffic analyzer configured to analyze the electronic output from the first group and an electronic output from the second group of electronic devices; and an electronic processor operably coupled to a memory, the memory storing processor instructions implementing a decision system in communication with the traffic analyzer, the decision system configured to compare the output of the first group of electronic devices with the output from the second group of electronic devices in order to identify that the electronic output of the first group of electronic devices includes a transmission of the bait unrelated to the login session to a third electronic device to determine the existence of unwanted software within the first group. - View Dependent Claims (11, 18)
-
Specification