Systems and methods for automatically detecting backdoors
US-8990944-B1 · Mar 24, 2015 · US
Method and apparatus for detecting irregularities on a device
US9767278B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9767278-B2 |
| Application number | US-201414484633-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 12, 2014 |
| Priority date | Sep 13, 2013 |
| Publication date | Sep 19, 2017 |
| Grant date | Sep 19, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for the detection of irregularities, such as fraud or malware, running on a device, is disclosed. The system comprises a monitoring program for reviewing data relating to operation of the device, a device profile including data items relating to typical operation of the device generated from messages relating to the device; and an alert module for generating an alert on detection of unusual activity relating to the device.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for the detection of irregularities of a device, the system comprising: a hardware processor; and a memory communicatively coupled with the hardware processor, the memory storing instructions which when executed by the hardware processor performs a method, the method comprising: creating, by a monitoring program, a device baseline profile comprising data items relating to a typical operation of the device, the data items comprising at least two of: (i) ports associated with processes, (ii) addresses of connectable devices, and (iii) volumes of data; storing, in a user profile database, the device baseline profile; receiving, by the monitoring program, new ones of data items indicative of a current operation of the device; determining, by the monitoring program, whether the new ones of data items deviate from the typical operation of the device by comparing the new ones of data items to the stored device baseline profile; based on the determining, updating, by the monitoring program, the stored device baseline profile to create an updated device baseline profile with the new ones of data items if the new ones of data items do not deviate from the typical operation of the device; and based on the determining, generating, by an alert module, an alert based on detection of the deviating from the typical operation of the device, the deviating from the typical operation of the device being transferring unusual amounts of data, continually accessing a new website, connecting to an unexpected IP address, or using an infrequently used port. 2. The system of claim 1 , wherein the irregularities are one or more of malware or fraud. 3. A method for the detection of irregularities of a device, the method comprising: reviewing, by a monitoring program, data items of a device; detecting, by the monitoring program, a plurality of the data items relating to a typical operation of the device; creating, by the monitoring program, a device baseline profile including the plurality of the data items relating to the typical operation of the device, the plurality of the data items comprising at least two of: (i) ports associated with processes, (ii) addresses of connectable devices, and (iii) volumes of data; receiving, by the monitoring program, new ones of data items indicative of a current operation of the device; determining, by the monitoring program, whether the new ones of data items deviate from the typical operation of the device by comparing the new ones of data items to the device baseline profile; based on the determining, updating, by the monitoring program, the device baseline profile to create an updated device baseline profile with the new ones of data items if the new ones of data items do not deviate from the typical operation of the device; and based on the determining, generating an alert based on the determining of the deviating from the typical operation of the device, the deviating from the typical operation of the device being transferring unusual amounts of data, continually accessing a new website, connecting to an unexpected IP address, or using an infrequently used port. 4. A method for the detection of irregularities in a network, the network comprising at least one computer having a plurality of outgoing connections and a plurality of incoming connections connected to one or more servers and wherein a plurality of processes are running on the at least one computer, the method comprising the steps of: continuously receiving, by a monitoring program, data items relating to the network, the computer, and messages exchanged within the network, the monitoring program connected to the network; automatically reviewing, by the monitoring program, the received data items; detecting a plurality of the data items relating to a typical operation of a device; creating, by the monitoring program, and storing in a database a device baseline profile including the plurality of the data items relating to the typical operation of the device connected to the network, the plurality of the data items comprising at least two of: (i) ports associated with processes, (ii) addresses of connectable devices, and (iii) volumes of data; receiving, by the monitoring program, new ones of data items indicative of a current operation of the device; determining, by the monitoring program, whether the new ones of data items deviate from the typical operation of the device by comparing the new ones of data items to the stored device baseline profile; based on the determining, updating, by the monitoring program, the stored device baseline profile to create an updated device baseline profile with the new ones of data items if the new ones of data items do not deviate from the typical operation of the device; and based on the determining, generating an alert based on the determining of the deviating from the typical operation of the device, the deviating from the typical operation of the device being transferring unusual amounts of data, continually accessing a new website, connecting to an unexpected IP address, or using an infrequently used port.
Assignees
Inventors
Classifications
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
- G06F21/552Primary
involving long-term monitoring or reporting · CPC title
involving event detection and direct action · CPC title
- H04L63/14Primary
for detecting or protecting against malicious traffic · CPC title
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9767278B2 cover?
- A system and method for the detection of irregularities, such as fraud or malware, running on a device, is disclosed. The system comprises a monitoring program for reviewing data relating to operation of the device, a device profile including data items relating to typical operation of the device generated from messages relating to the device; and an alert module for generating an alert on dete…
- Who is the assignee on this patent?
- Elasticsearch Bv
- What technology area does this patent fall under?
- Primary CPC classification G06F21/552. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 19 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).