| 发明名称 |
ANTI-MALWARE DETECTION AND REMOVAL SYSTEMS AND METHODS |
| 摘要 |
An anti-malware system including at least one database, remote from a plurality of computers to be protected, which stores identification of computer applications resident on the computers to be protected and an application-specific communications footprint for the computer applications, and at least one server, remote from the plurality of computers to be protected, and being operative to calculate a reference computer-specific communications composite pattern based on multiple application-specific communications footprints for applications installed on the computers to be protected, calculate a current computer-specific communications composite pattern based on actual communications of at least one the plurality of computers to be protected, and provide an alert when the current computer-specific communications composite pattern of the at least one of the plurality of computers to be protected differs from the reference computer-specific communications composite pattern of the at least one of the plurality of computers to be protected. |
| 申请公布号 |
US2016142425(A1) |
申请公布日期 |
2016.05.19 |
| 申请号 |
US201615001272 |
申请日期 |
2016.01.20 |
| 申请人 |
CHECKPOINT MOBILE SECURITY LTD |
发明人 |
SHAULOV MICHAEL;BOBROV OHAD |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting malware, the method comprising:
storing, on at least one database, remote from a plurality of computers to be protected:
identification of said computer applications resident on each of said computers to be protected; and,an application-specific communications footprint for each of said computer applications; and, calculating a reference computer-specific communications composite pattern based on multiple application-specific communications footprints for applications installed on each of said computers to be protected; calculating a current computer-specific communications composite pattern based on actual communications of at least one of said plurality of computers to be protected; and, providing an alert when said current computer-specific communications composite pattern of said at least one of said plurality of computers to be protected differs from said reference computer-specific communications composite pattern of said at least one of said plurality of computers to be protected as indicated by at least one metric. |
| 地址 |
TEL AVIV IL |
