What technology area does this patent fall under?

Primary CPC classification G06F21/55. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Mar 31 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Dynamic loading and configuation of threat detectors based on feedback from other nodes

US2016094580A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016094580-A1
Application number	US-201414502684-A
Country	US
Kind code	A1
Filing date	Sep 30, 2014
Priority date	Sep 30, 2014
Publication date	Mar 31, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Artificial Immune Systems (AIS) including the Dendritic Cell Algorithm (DCA) are an emerging method to detect malware in computer systems. The DCA implementation may use an inflammation signal to communicate information among the processes of device or a network or among nodes of a network, where the inflammatory signal indicates a likelihood that a process or a node has been attacked by malicious software. The DCA implementation may dynamically change the malware sensitivity and responsiveness based on the inflammation signals without requiring user intervention. The inflammatory signal includes one or more inflammatory tuples, which may include multiple components such as a strength, a PrimeIndicator, and an optional third element, p. The strength component may be an indication of the magnitude of an attack and provide a degree of certainty of the attack. The PrimeIndicator may be an identifier of the indicator type that is the source of the inflammation tuple.

First claim

Opening claim text (preview).

What is claimed is: 1 . A system for the detection of malicious software comprising: a first node; a second node; a first dendritic cell algorithm (DCA) module associated with the first node, wherein the first DCA module uses the DCA to analyze the first node to determine if malicious software exists; a second dendritic cell algorithm (DCA) module associated with the second node, wherein the second DCA module uses the DCA to analyze the second node to determine if malicious software exists; wherein the first DCA module generates an inflammatory signal indicating a likelihood that the first node has been attacked by malicious software; and wherein the second DCA module receives the generated inflammatory signal from the first DCA module and dynamically changes at least one parameter of at least one indicator within the second DCA module based on the received inflammatory signal from the first DCA module. 2 . The system of claim 1 , wherein the received inflammatory signal comprises a continuous variable having a value within a range of 0 to 1. 3 . The system of claim 1 , wherein the received inflammatory signal has a strength indicator proportional to a degree of certainty that the first node has been attacked by malicious software. 4 . The system of claim 1 , wherein a sensitivity of at least one indicator of the second DCA module is dynamically reduced by the second DCA module in response to the received inflammatory signal. 5 . The system of claim 1 , wherein a sensitivity of at least one indicator of the second DCA module is dynamically increased by the second DCA module in response to the received inflammatory signal. 6 . The system of claim 1 , wherein the received inflammatory signal from the first DCA module comprises at least one tuple, each tuple comprising three components, an indicator of a strength of the attack by malicious software, an identifier of a type of indicator that is under attack by malicious software, and a set of parameters for an initialization of at least one indicator within the second DCA module. 7 . The system of claim 6 , wherein at the least one parameter of the at least one indicator within the second DCA module is dynamically changed by the second DCA module based on at least one of the components of the inflammatory signal. 8 . The system of claim 1 , wherein the second DCA module automatically changes the at least one parameter of the at least one indicator within the second DCA module solely on the received inflammatory signal from the first DCA module. 9 . The system of claim 1 , wherein the second DCA module automatically loads at least one new indicator solely on the received inflammatory signal from the first DCA module. 10 . The system of claim 1 , wherein the first DCA module dynamically unloads an indicator if the indicator does not identify a harmful antigen over an extended period of time. 11 . A system for the detection of malicious software comprising a first process; a second process; a first dendritic cell algorithm (DCA) module associated with the first process, wherein the first DCA module uses the DCA to analyze the first process to determine if malicious software exists; a second dendritic cell algorithm (DCA) module associated with the second process, wherein the second DCA module uses the DCA to analyze the second process to determine if malicious software exists; wherein the first DCA module generates an inflammatory signal indicating a likelihood that the first process has been attacked by malicious software; and wherein the second DCA module receives the inflammatory signal from the first DCA module and dynamically changes at least one parameter of at least one indicator within the second DCA module based on the received inflammatory signal from the first DCA module. 12 . The system of claim 11 , wherein the received inflammatory signal comprises a continuous variable having a value within a range of 0 to 1. 13 . The system of claim 11 , wherein the received inflammatory signal has a strength indicator proportional to a degree of certainty that the first process has been attacked by malicious software. 14 . The system of claim 11 , wherein a sensitivity of at least one indicator of the second DCA module is dynamically reduced by the second DCA module in response to the received inflammatory signal. 15 . The system of claim 11 , wherein a sensitivity of at least one indicator of the second DCA module is dynamically increased by the second DCA module in response to the received inflammatory signal. 16 . The system of claim 11 , wherein the received inflammatory signal from the first DCA module comprises at least one tuple, each tuple comprising three components, an indicator of a strength of the attack by malicious software, an identifier of a type of indicator that is under attack by malicious software, and a set of parameters for an initialization of at least one indicator within the second DCA module. 17 . The system of claim 16 , wherein the at least one parameter of the at least one indicator within the second DCA module is dynamically changed by the second DCA module based on at least one of the components of the received inflammatory signal. 18 . The system of claim 11 , wherein the second DCA module automatically changes the at least one parameter of at least one indicator within the second DCA module solely on the received inflammatory signal from the first DCA module. 19 . The system of claim 11 , wherein the second DCA module automatically loads at least one new indicator solely on the received inflammatory signal from the first DCA module. 20 . The system of claim 11 , wherein the first DCA module dynamically unloads an indicator if the indicator does not identify a harmful antigen over an extended period of time. 21 . A method of operating a computer network comprising: running a Dendritic Cell Algorithm (DCA) on a first DCA module; identifying a harmful antigen by an indicator of the first DCA module based on predetermined criteria established by the first DCA module; transmitting an inflammatory signal from the first DCA module to a second DCA module based on the identifying a harmful antigen; receiving the transmitted inflammatory signal at the second DCA module; and dynamically changing at least one parameter of at least one indicator of the second DCA module based on the received inflammatory signal. 22 . The method of claim 21 , wherein the received inflammatory signal is comprised of at least one tuple, each tuple comprising at least three components, an indicator of a strength of the attack by malicious software, an identifier of a type of indicator that is under attack by malicious software, and a set of parameters for an initialization of at least one indicator within the second DCA module. 23 . The method of claim 22 , wherein the at least one parameter of at least one indicator within the second DCA module is dynamically changed by the second DCA module based on at least one of the components of the received inflammatory signal. 24 . The method of claim 21 , wherein dynamically changing the at least one parameter of the at least one indicator of the second DCA module is done automatically by the second DCA module solely on the received inflammatory signal from the first DCA module. 25 . The method of claim 21 , wherein dynamically changing the at least one parameter of the at

Assignees

Boeing Co

Inventors

Classifications

G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
H04L67/10
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/1416
Event detection, e.g. attack signature detection · CPC title
G06F21/577
Assessing vulnerabilities and evaluating computer system security · CPC title

Patent family

Related publications grouped by family.

View patent family 55585743

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016094580A1 cover?: Artificial Immune Systems (AIS) including the Dendritic Cell Algorithm (DCA) are an emerging method to detect malware in computer systems. The DCA implementation may use an inflammation signal to communicate information among the processes of device or a network or among nodes of a network, where the inflammatory signal indicates a likelihood that a process or a node has been attacked by malici…
Who is the assignee on this patent?: Boeing Co
What technology area does this patent fall under?: Primary CPC classification G06F21/55. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Mar 31 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).