| 发明名称 | Identification of infected devices in broadband environments | ||
| 摘要 | Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware. | ||
| 申请公布号 | US9027138(B2) | 申请公布日期 | 2015.05.05 |
| 申请号 | US201213538717 | 申请日期 | 2012.06.29 |
| 申请人 | CenturyLink Intellectual Property LLC | 发明人 | Glenn Michael;Smith Donald J.;Butala John |
| 分类号 | G06F21/00;H04L29/06;G06F21/56;G06F21/55 | 主分类号 | G06F21/00 |
| 代理机构 | Swanson & Bratschun, L.L.C. | 代理人 | Swanson & Bratschun, L.L.C. |
| 主权项 | 1. A method of identifying a malware infection, the method comprising: providing, with a premise gateway, communication between a premise network at a customer premises and an external network outside the customer premises, the premise network comprising a plurality of customer devices, wherein the customer premises is a single-family home and the premise gateway is a residential gateway; analyzing, with a malware detection device at the customer premises, network traffic between the premise network and the external network; tunneling, based on analysis of the network traffic by the malware detection device, traffic from the premise gateway over a virtual private network tunnel to a specified location in an Internet Service Provider network for further analysis of the network traffic; identifying, with the malware detection device, one or more infected customer devices that are infected with malware, based on analysis of the network traffic; and taking, with at least one of the malware detection device or the premise gateway, one or more actions to notify the customer of an identification of the one or more infected customer devices, wherein the one or more actions comprise performing domain name service (“DNS”) redirection to redirect hypertext transfer protocol (“HTTP”) requests from the one or more infected customer devices to a webpage indicating the status of the one or more infected customer devices. | ||
| 地址 | Denver CO US | ||