| 发明名称 |
Electronic crime detection and tracking |
| 摘要 |
A system for electronic crime reduction is provided, comprising a computer system, a database, a malware de-compiler, a malware parser, and an inference engine. The database contains information that associates electronic crime attack signature data with at least one of an individual, a group, and a location. The malware de-compiler, when executed on the computer system, translates a first malware executable to an assembly language version. The first malware is associated with an electronic crime that has been committed. The malware parser, when executed on the computer system, analyzes the assembly language version to identify distinctive coding preferences used to develop the first malware. The inference engine, when executed on the computer system, analyzes the distinctive coding preferences identified by the malware parser application in combination with searching the database to identify one of an individual, a group, and a location associated with the electronic crime. |
| 申请公布号 |
US8813050(B2) |
申请公布日期 |
2014.08.19 |
| 申请号 |
US200812132327 |
申请日期 |
2008.06.03 |
| 申请人 |
Isight Partners, Inc. |
发明人 |
Watters John P.;Couch Jonathan M.;Stover Sam F.;Weinberger Michael J.;Doyle Fredrick;MacManus Gregory |
| 分类号 |
G06F9/45;G06F21/56 |
主分类号 |
G06F9/45 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system for electronic crime reduction, comprising:
a computer system; a database containing information that associates electronic crime attack signature data related to at least one of a monetization phase and a laundering phase of an electronic crime business process with at least one of an individual, a group of individuals, and a geographical location, wherein in the monetization phase at least one account is accessed to determine a value of the at least one account and usage information and money is stolen from the at least one account through a fraudulent transaction, and wherein in the laundering phase the stolen money is transferred through at least one of another account and asset to hide the stolen money from possible investigators; a malware de-compiler application that, when executed on the computer system, translates a first malware executable to an assembly language version of the first malware, wherein the first malware is associated with an electronic crime that has been committed, and wherein the first malware is observed in at least one of the monetization phase and the laundering phase; a malware parser application that, when executed on the computer system, analyzes the assembly language version of the first malware to identify distinctive coding preferences exhibited by a malware developer in drafting assembly language source code, wherein the distinctive coding preferences exhibited by the malware developer in drafting assembly language source code are indicative of at least one individual that developed the first malware or at least one group of individuals that developed the first malware; and an inference engine application that, when executed on the computer system, analyzes the distinctive coding preferences identified by the malware parser application in combination with searching the database and, based on the analysis, identifies one or more of the at least one individual that developed the first malware, the at least one group of individuals that developed the first malware, and a geographical location of the origination of the electronic crime. |
| 地址 |
Dallas TX US |
