System and method for malware and network reputation correlation

  • US 9,661,017 B2
  • Filed: 08/31/2015
  • Issued: 05/23/2017
  • Est. Priority Date: 03/21/2011
  • Status: Active Grant
First Claim
Patent Images

1. At least one non-transitory tangible medium comprising logic encoded therein, and when executed by one or more processors the logic causes the one or more processors to:

  • receive a first reputation query including a first network address of a first remote end and a first hash of a first file, the first file associated with a first endhost and an attempt to establish a first network connection to the first remote end;

    identify the first file as malicious based on determining the first network address is associated with a malicious reputation;

    receive a second reputation query including a second network address of a second remote end and a second hash of a second file, the second file associated with a second endhost and an attempt to establish a second network connection to the second remote end; and

    identify the second network address as malicious based on determining the second hash corresponds to the first hash, wherein the second network address is different from the first network address.

View all claims

    Thank you for your feedback