US2012246727A1PendingUtilityA1

System that provides early detection, alert, and response to electronic threats

43
Assignee: ELOVICI YUVALPriority: Feb 4, 2008Filed: Mar 30, 2012Published: Sep 27, 2012
Est. expiryFeb 4, 2028(~1.6 yrs left)· nominal 20-yr term from priority
H04L 63/145H04L 63/0414H04L 43/00H04L 63/1441
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The invention is a computer system that provides early detection alert and response to electronic threats (eThreats) in large wide area networks. The system harnesses the processing power of dedicated hardware, software residing in specialized servers, distributed personal computers connected to the network, and the human brain to provide multi-layered early detection, alarm and response. The layers comprise a Protection Layer, a Detection Layer, an Expert Analysis Layer, and a Collaborative Detection & Protection Layer. A Dynamic Sandbox Protection Layer associated with the distributed personal computers connected to the network can optionally be part of the system of the invention.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A collaborative electronic threat (eThreat) detection module for detecting and responding to eThreats in a wide area network,
 wherein the collaborative eThreat detection module is configured for receiving monitored computer parameters from a plurality of protection and feedback agents, each protection and feedback agent being configured for being executed on a computer of a plurality of computers connected to the wide area network;   wherein each protection and feedback agent is further configured for recognizing eThreats residing on the computer; and   wherein each protection and feedback agent is configured for monitoring computer parameters of the computer and for supplying the monitored computer parameters to the collaborative eThreat detection module;   wherein the collaborative eThreat detection module is further configured for aggregating the monitored computer parameters supplied by the plurality of protection and feedback agents in order to identify computer files causing the said computer parameters.   
     
     
         22 . The collaborative eThreat detection module according to  claim 21 ,
 wherein the monitored computer parameters are at least one of the group consisting of process information, network statistics, memory usage, file system activity, CPU usage, and registry access.   
     
     
         23 . The collaborative eThreat detection module according to  claim 21 ,
 wherein the collaborative eThreat detection module is adapted for updating the plurality of protection and feedback agents with a new eThreat signature;   wherein the new eThreat signature indicates whether a computer file on one of the plurality of the computers contains a malware or whether a computer behaviour is due to execution of a malware on the computer.   
     
     
         24 . The collaborative eThreat detection module according to  claim 23 ,
 wherein the new eThreat signature is generated by applying an association rules mining technique to the aggregated computer parameters supplied by the plurality of protection and feedback agents.   
     
     
         25 . A protection and feedback agent, configured for being executed on a computer connected to a wide area network;
 wherein the protection and feedback agent is configured for monitoring computer parameters of the computer and for supplying the monitored computer parameters to a collaborative eThreat detection module, which collaborative eThreat detection module is configured for detecting and responding to eThreats in the wide area network;   wherein the protection and feedback agent is configured for receiving a signature identifying a malware being executed on the computer;   wherein the signature is generated after aggregating the monitored computer parameters.   
     
     
         26 . The protection and feedback agent according to  claim 25 ,
 wherein the monitored computer parameters are at least one of the group consisting of process information, network statistics, memory usage, file system activity, CPU usage, and registry access.   
     
     
         27 . The protection and feedback agent according to  claim 25 ,
 wherein the protection and feedback agent is configured for supplying all of the monitored computer parameters to the collaborative eThreat detection module.   
     
     
         28 . The protection and feedback agent according to  claim 25 ,
 wherein the protection and feedback agent is configured for establishing a secure connection to the collaborative eThreat detection module in order to supply the monitored computer parameters.   
     
     
         29 . The protection and feedback agent according to  claim 26 ,
 wherein each of the computer parameters is monitored in conjunction with an associated time stamp;   wherein the time stamp is considered when aggregating the monitored computer parameters.   
     
     
         30 . An electronic threat (eThreat) detection system that provides early detection and response to eThreats in a wide area network, the eThreat detection system comprising:
 a collaborative eThreat detection module; and   a plurality of protection and feedback agents, each of the protection and feedback agents being configured for being executed on a computer of a plurality of computers connected to the wide area network;   wherein each protection and feedback agent is configured for monitoring computer parameters of the computer and for supplying the monitored computer parameters to the collaborative eThreat detection module;   wherein the protection and feedback agent is configured for receiving a signature identifying a malware being executed on the computer;   wherein the collaborative eThreat detection module is configured for receiving the monitored computer parameters from the plurality of protection and feedback agents; and   wherein the collaborative eThreat detection module is configured for aggregating the monitored computer parameters supplied by the plurality of protection and feedback agents in order to identify computer files causing the said computer parameters.   
     
     
         31 . The eThreat detection system according to  claim 30 ,
 further comprising a secure network connection component;   wherein the secure network component is configured for creating a secure network connection from each of the plurality of protection and feedback agents to the collaborative eThreat detection module;   wherein the monitored computer parameters of the computer are transmitted via the secure network connection to the collaborative eThreat detection module.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.