发明名称 |
ANTI-MALWARE DETECTION AND REMOVAL SYSTEMS AND METHODS |
摘要 |
An anti-malware system including at least one database, remote from a plurality of computers to be protected, which stores identification of computer applications resident on the computers to be protected and an application-specific communications footprint for the computer applications, and at least one server, remote from the plurality of computers to be protected, and being operative to calculate a reference computer-specific communications composite pattern based on multiple application-specific communications footprints for applications installed on the computer to be projected, calculate a current computer-specific communications composite pattern based on actual communications of at least one the plurality of computers to be protected, and provide an alert when the current computer-specific communications composite pattern of the at least one of the plurality of computers to be protected differs from the reference computer-specific communications composite pattern of the at least one of the plurality of computers to be protected. |
申请公布号 |
US2016219062(A1) |
申请公布日期 |
2016.07.28 |
申请号 |
US201615086089 |
申请日期 |
2016.03.31 |
申请人 |
CHECKPOINT MOBILE SECURITY LTD |
发明人 |
SHAULOV MICHAEL;Bobrov Ohad |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. An anti-malware system comprising:
at least one database, remote from a plurality of computers to be protected, which stores:
identification of said computer applications resident on each of said computers to be protected; andan application-specific communications footprint for each of said computer applications; and at least one server, remote from said plurality of computers to be protected, and being operative to:
calculate a reference computer-specific communications composite pattern based on multiple application-specific communications footprints for applications installed on each of said computers to be protected;calculate a current computer-specific communications composite pattern based on actual communications of at least one of said plurality of computers to be protected; andprovide an alert when said current computer-specific communications composite pattern of said at least one of said plurality of computers to be protected differs from said reference computer-specific communications composite pattern of said at least one of said plurality of computers to be protected as indicated by at least one metric. |
地址 |
Tel Aviv IL |