| 发明名称 | Detecting malware communication on an infected computing device | ||
| 摘要 | Rules describing attributes of malicious data requests, commonly generated by malware, are determined and stored. For example, a behavior server executes different types of malware and analyzes the data requests produced by the malware to identify attributes common to different malicious data requests. The rules describing malicious data request attributes are stored and subsequent data requests are compared to the stored rules to identify malicious data requests. If a data request has one or more attributes in common with attributes of malicious data requests, the data request is blocked. This allows attributes of a data request to be used to prevent malware executing on a client device from communicating with a malicious server. | ||
| 申请公布号 | US8893278(B1) | 申请公布日期 | 2014.11.18 |
| 申请号 | US201113181106 | 申请日期 | 2011.07.12 |
| 申请人 | Trustwave Holdings, Inc. | 发明人 | Chechik Daniel |
| 分类号 | G06F11/00;H04L29/06;G06F21/56 | 主分类号 | G06F11/00 |
| 代理机构 | Hanley, Flight & Zimmerman, LLC | 代理人 | Hanley, Flight & Zimmerman, LLC |
| 主权项 | 1. A gateway to couple a client device to a data source, the gateway comprising: a behavior store including a rule identifying attributes associated with malicious data requests, the attributes including a User Agent field; and a detection module to, upon receipt of a response to a data request previously received by the gateway, determine whether the data request is a malicious request by comparing a request attribute of the data request to the attributes associated with the malicious data requests, the detection module to, responsive to the identification of the malicious request, prevent transmission of the response to the malicious request, at least one of the behavior store and the detection module is implemented by hardware. | ||
| 地址 | Chicago IL US | ||