P
USRE47558EActiveUtilityPatentIndex 61

System, method, and computer program product for automatically identifying potentially unwanted data as unwanted

Assignee: MCAFEE LLCPriority: Jun 24, 2008Filed: Oct 29, 2014Granted: Aug 6, 2019
Est. expiryJun 24, 2028(~2 yrs left)· nominal 20-yr term from priority
Inventors:GRYAZNOV DMITRY O
G06F 21/552H04L 63/1408G06F 21/56
61
PatentIndex Score
1
Cited by
136
References
46
Claims

Abstract

A system, method, and computer program product are provided for automatically identifying potentially unwanted data as unwanted. In use, data determined to be potentially unwanted (e.g. potentially malicious) is received. Additionally, the data is automatically identified as unwanted (e.g. malicious). Furthermore, the data is stored for use in detecting unwanted data (e.g. malicious data).

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer program product including computer code embodied on a non-transitory computer readable medium, and, when executed by at least one processor, the computer code causes the at least one processor to perform operations comprising:
 computer code for receiving, from at least one source, data by a server, wherein the data is not known to be wanted and wherein the data is not known to be unwanted; 
 computer code for assigning a weight to each of the at least one source from which the data was received; 
 computer code for calculating an aggregate weight from the weights assigned to each of the at least one source from which the data was received; and 
 computer code for automatically identifying by the server that the data is unwanted if based on a determination that the aggregate weight meets a predetermined threshold weight; and 
 computer code for storing the data by the server for use in detecting unwanted data, wherein storing the data includes storing a hash of the data, in response to the identifying. 
 
     
     
       2. The computer program product of  claim 1 , wherein the data is not known to be malicious and wherein the data is not known to be non-malicious. 
     
     
       3. The computer program product of  claim 1 , wherein the data does not match known wanted data and does not match known unwanted data. 
     
     
       4. The computer program product of  claim 1 , wherein the data is automatically received based on monitoring of at least one of an electronic messaging application, file transfer protocol (FTP), and a web site. 
     
     
       5. The computer program product of  claim 1 , wherein the data is automatically identified as unwanted based on the at least one source from which the data is received. 
     
     
       6. The computer program product of  claim 5 , wherein the at least one source includes a security vendor. 
     
     
       7. The computer program product of  claim 5 , wherein the at least one source includes a honeypot. 
     
     
       8. The computer program product of  claim 5 , wherein the data is automatically identified as unwanted if it is determined that other data previously received from the at least one source includes included known unwanted data. 
     
     
       9. The computer program product of  claim 5 , wherein the data is automatically identified as unwanted if it is determined that the data was received by a predefined threshold number of different sources. 
     
     
       10. The computer program product of  claim 5 , wherein the data is automatically identified as unwanted if it is determined that a weight assigned to the at least one source meets a predefined threshold weight. 
     
     
       11. The computer program product of  claim 1 , wherein storing the data includes storing a hash of the data. 
     
     
       12. The computer program product of  claim 1 , further comprising computer code for wherein the computer code causes the at least one processor to perform further operations comprising 
 storing an indication with the data that the data includes potentially unwanted data automatically identified as unwanted. 
 
     
     
       13. The computer program product of  claim 12 , further comprising computer code for wherein the computer code causes the at least one processor to perform further operations comprising 
 identifying the data stored with the indication that the data includes potentially unwanted data automatically identified as unwanted, 
 analyzing the data, and 
 determining whether the data is unwanted based on the analysis. 
 
     
     
       14. The computer program product of  claim 13 , further comprising computer code for wherein the computer code causes the at least one processor to perform further operations comprising 
 updating one of a list of known unwanted data and a list of known wanted data based on the determination whether the data is unwanted. 
 
     
     
       15. The computer program product of  claim 1 , wherein the stored data is utilized for detecting the unwanted data by identifying other received data determined to be potentially unwanted as unwanted if the other received data matches the stored data. 
     
     
       16. A method, comprising:
 receiving, from at least one source, data by a computer processor, wherein the data is not known to be wanted and wherein the data is not known to be unwanted; 
 assigning a weight to each of the at least one source from which the data was received; 
 calculating an aggregate weight from the weights assigned to each of the at least one source from which the data was received; 
 identifying automatically that the data is unwanted if based on a determination that the aggregate weight meets a predetermined threshold weight; and 
 storing the data for use in detecting unwanted data, wherein storing the data includes storing a hash of the data, in response to the identifying. 
 
     
     
       17. A system, comprising:
 a computer processor; and  
 forlogic that is executable by the computer processor and, when executed, causes the computer processor to perform operations including receiving data from at least one source, wherein the data is not known to be wanted and wherein the data is not known to be unwanted, assigning a weight to each of the at least one source from which the data was received, calculating an aggregate weight from the weights assigned to each of the at least one source from which the data was received, identifying automatically that the data is unwanted ifbased on a determination that the aggregate weight meets a predetermined threshold weight, and storing the data for use in detecting unwanted data, wherein storing the data includes storing a hash of the data, in response to the identifying. 
 
     
     
       18. The method of  claim 16 , further comprising:
 identifying the data as unwanted by the computer processor by analyzing the data. 
 
     
     
       19. A method, comprising:
 receiving a first data by a client computer; 
 analyzing the first data by the client computer, and determining that the first data is not known to be wanted and wherein the first data is not known to be unwanted; 
 sending the first data to a server computer; 
 receiving, by the server computer, the first data from at least one source including the client computer;  
 assigning a weight to each of the at least one source from which the first data was received by the server computer; 
 calculating an aggregate weight from the weights assigned to each of the at least one source from which the first data was received by the server computer; 
 identifying automatically that the first data is unwanted if based on a determination that the aggregate weight meets a predetermined threshold weight; and 
 storing the first data by the server computer, wherein storing the data includes storing a hash of the data, in response to the identifying. 
 
     
     
       20. The method of  claim 19 , further comprising:
 analyzing the stored first data by the server computer responsive to analysis resources being available; and 
 identifying the stored first data as wanted or unwanted responsive to the act of analyzing the stored first data by the server computer; 
 updating a datastore responsive to the act of identifying the stored first data as wanted or unwanted; and  
 distributing the updated datastore to the client computer. 
 
     
     
       21. The method of  claim 19 , further comprising:
 receiving a second data from the client computer, wherein the second data comprises an identification of the client computer as a previous source of unwanted data. 
 
     
     
       22. The method of  claim 19 , further comprising:
 using the stored first data automatically identified as unwanted for determining that a third data is unwanted. 
 
     
     
       23. The computer program product of  claim 1 , wherein the computer code for automatically identifying by the server that the data as is unwanted without analyzing the data comprises:
 computer code for automatically identifying by the server the data as unwanted responsive to without analyzing the data, based on a second data, without analyzing the first data. 
 
     
     
       24. The method of  claim 16 , wherein the act of identifying the data automatically as unwanted by the computer processor without analyzing the data comprises:
 identifying the data automatically as unwanted by the computer process processor without analyzing the data, responsive to based on a second data. 
 
     
     
       25. The method of  claim 24 , wherein the second data comprises a source from which the data is received. 
     
     
       26. The system of claim 17, wherein the data is not known to be malicious and wherein the data is not known to be non-malicious. 
     
     
       27. The computer program product of claim 1, wherein the computer code further causes the at least one processor to perform further operations comprising
 determining that other received data is unwanted, if a hash of the other received data matches the hash of the data.   
     
     
       28. The computer program product of claim 1, wherein the computer code further causes the at least one processor to perform further operations comprising
 performing an analysis of the data for determining whether the data is actually the unwanted data, once the data is stored.   
     
     
       29. The system of claim 17, wherein the data does not match known wanted data and does not match known unwanted data. 
     
     
       30. The system of claim 17, wherein the data is automatically received based on monitoring of at least one of an electronic messaging application, file transfer protocol (FTP), and a web site. 
     
     
       31. The system of claim 17, wherein the data is automatically identified as unwanted based on the at least one source from which the data is received. 
     
     
       32. The system of claim 31, wherein the at least one source includes a security vendor. 
     
     
       33. The system of claim 31, wherein the at least one source includes a honeypot. 
     
     
       34. The system of claim 31, wherein the data is automatically identified as unwanted if it is determined that other data previously received from the at least one source included known unwanted data. 
     
     
       35. The system of claim 31, wherein the data is automatically identified as unwanted if it is determined that the data was received by a predefined threshold number of different sources. 
     
     
       36. The system of claim 31, wherein the data is automatically identified as unwanted if it is determined that a weight assigned to the at least one source meets a predefined threshold weight. 
     
     
       37. The system of claim 17, wherein the operations further include storing an indication with the data that the data includes potentially unwanted data automatically identified as unwanted. 
     
     
       38. The system of claim 37, wherein the operations further include identifying the data stored with the indication that the data includes potentially unwanted data automatically identified as unwanted, analyzing the data, and determining whether the data is unwanted based on the analysis. 
     
     
       39. The system of claim 38, wherein the operations further include updating one of a list of known unwanted data and a list of known wanted data based on the determination whether the data is unwanted. 
     
     
       40. The system of claim 17, wherein the stored data is further utilized for detecting the unwanted data by identifying other received data determined to be potentially unwanted as unwanted if the other received data matches the stored data. 
     
     
       41. The system of claim 17, wherein the operations further include:
 analyzing the stored data responsive to analysis resources being available;   identifying the stored data as wanted or unwanted responsive to the analyzing the stored data;   updating a datastore responsive to the identifying the stored data as wanted or unwanted; and   distributing the updated datastore to a client computer.   
     
     
       42. The system of claim 17, wherein the operations further include receiving a second data from a client computer, and the second data comprises an identification of the client computer as a previous source of unwanted data. 
     
     
       43. The system of claim 17, wherein the operations further include using the stored data automatically identified as unwanted for determining that a third data is unwanted. 
     
     
       44. The system of claim 17, wherein the operations further include:
 identifying the data automatically as unwanted without analyzing the data, based on a second data.   
     
     
       45. The system of claim 44, wherein the second data comprises a source from which the data is received. 
     
     
       46. The system of claim 17, wherein the operations further include identifying the data as unwanted by analyzing the data.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.