US2015186646A1PendingUtilityA1
System, method, and computer program product for dynamically adjusting a level of security applied to a system
Est. expiryApr 29, 2028(~1.8 yrs left)· nominal 20-yr term from priority
Inventors:Gregory William Dalcher
G06F 21/55H04L 63/1425H04L 63/1408G06F 2221/2113G06F 2221/034G06F 21/56G06F 21/577
51
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A system, method, and computer program product are provided for dynamically adjusting a level of security applied to a system. In use, predetermined activity that is at least potentially associated with unwanted activity is identified on a system. Further, a level of security applied to the system is dynamically adjusted, in response to the identification of the predetermined activity.
Claims
exact text as granted — not AI-modified1 . A machine readable medium on which are stored instructions comprising instructions that when executed by a programmable device, cause the programmable device to:
monitor a programmable device at a first level of monitoring; and reduce monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware.
2 . The machine readable medium of claim 1 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
increase monitoring from the second level of monitoring to the first level of monitoring responsive to an identification of the activity, wherein the first level of monitoring and the second level of monitoring monitor different subsets of a memory local to the programmable device.
3 . The machine readable medium of claim 1 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
identify a suspect activity on the device that is predetermined to be associated with an increased vulnerability of the device to malware, the suspect activity identified utilizing the second level of monitoring; adjust to a third level of monitoring of the device in response to the identification of the suspect activity, wherein the third level of monitoring of the device comprises monitoring for one or more additional types of accesses performed by the suspect activity; determine an absence of the suspect activity on the device, wherein the absence is determined utilizing the third level of monitoring of the device; and adjust to the second level of monitoring of the device in response to the determination of the absence of the suspect activity.
4 . The machine readable medium of claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a process connecting to an external network.
5 . The machine readable medium of claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a loading of an executable not contained in a whitelist.
6 . The machine readable medium of claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify an attempt to access a website not contained in a whitelist.
7 . The machine readable medium of claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a change of privileges by a process.
8 . The machine readable medium of claim 3 , wherein the instructions that when executed cause the programmable device to utilize the second level of monitoring comprise instructions that when executed cause the programmable device to scan at least a portion of data associated with the suspect activity for the malware.
9 . The machine readable medium of claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to monitor input and output operations of the device utilizing filter drivers.
10 . The machine readable medium of claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to implement host environment callbacks functions.
11 . The machine readable medium of claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to redirect an interface invocation to a monitoring callback function utilizing a hook.
12 . The machine readable medium of claim 1 , wherein the instructions that when executed cause the programmable device to reduce monitoring to the second level of monitoring comprise instructions that when executed cause the programmable device to reduce monitoring to the second level of monitoring based on a behavioral analysis of the activity and a history of collected events of a predetermined type.
13 . A method, comprising:
determining, utilizing a first level of monitoring of a programmable device, an absence of an activity on the programmable device associated with an increased vulnerability of a programmable device to malware; and adjusting dynamically to a second level of monitoring of the programmable device responsive to the determination, wherein the second level of monitoring monitors fewer types of accesses performed by the activity than the first level of monitoring monitoring a programmable device at a first level of monitoring; and reducing monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware.
14 . The method of claim 13 , further comprising:
identifying a suspect activity on the programmable device that is predetermined to be associated with an increased vulnerability of the device to malware, the suspect activity identified utilizing the second level of monitoring; adjusting to a third level of monitoring of the programmable device in response to the identification of the suspect activity, wherein the third level of monitoring of the programmable device comprises monitoring for one or more additional types of accesses performed by the suspect activity; determining an absence of the suspect activity on the programmable device, wherein the absence is determined utilizing the third level of monitoring of the programmable device; and adjusting to the second level of monitoring of the programmable device in response to the determination of the absence of the suspect activity.
15 . A programmable device, comprising:
a memory; and a processing device operatively communicatively coupled to the memory, wherein instructions are stored in the memory, comprising instructions that when executed cause the processing device to:
monitor a programmable device at a first level of monitoring; and
reduce monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware.
16 . The programmable device of claim 15 , further comprising:
a network connection communicatively coupled to the memory and configured to receive data from a network.
17 . The programmable device of claim 15 , further comprising:
a user interface adapter communicatively coupled to the memory and configured to receive input from a user.
18 . The programmable device of claim 15 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
increase monitoring from the second level of monitoring to the first level of monitoring responsive to an identification of the activity, wherein the first level of monitoring and the second level of monitoring scan different subsets of the memory.
19 . The programmable device of claim 15 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
identify a suspect activity on the programmable device that is predetermined to be associated with an increased vulnerability of the programmable to malware, the suspect activity identified utilizing the second level of monitoring; adjust from the second level of monitoring to a third level of monitoring of the programmable device in response to the identification of the suspect activity, wherein the third level of monitoring of the device comprises monitoring for one or more additional types of accesses performed by the suspect activity; determine an absence of the suspect activity on the programmable device, wherein the absence is determined utilizing the third level of monitoring of the device; and adjust from the third level of monitoring to the second level of monitoring of the device in response to the determination of the absence of the suspect activity.
20 . The programmable device of claim 19 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a process connecting to an external network.Join the waitlist — get patent alerts
Track US2015186646A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.