The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Feb. 17, 2015
Filed:
Aug. 09, 2013
Narus, Inc., Sunnyvale, CA (US);
Luca Invernizzi, Goleta, CA (US);
Stanislav Miskovic, San Jose, CA (US);
Ruben Torres, Sunnyvale, CA (US);
Sabyasachi Saha, Sunnyvale, CA (US);
Christopher Kruegel, Santa Barbara, CA (US);
Antonio Nucci, San Jose, CA (US);
Sung-Ju Lee, Redwood City, CA (US);
Giovanni Vigna, Santa Barbara, CA (US);
Narus, Inc., Sunnyvale, CA (US);
Abstract
A method for detecting a malicious activity in a network. The method includes obtaining file download flows from the network, analyzing, the file download flows to generate malicious indications using a pre-determined malicious behavior detection algorithm, extracting a file download attribute from a suspicious file download flow of a malicious indication, wherein the file download attribute represents one or more of the URL, the FQDN, the top-level domain name, the URL path, the URL file name, and the payload of the suspicious file download flow, determining the file download attribute as being shared by at least two suspicious file download flows, identifying related suspicious file download flows and determining a level of association between based at least on the file download attribute, computing a malicious score of the suspicious file download flow based on the level of association, and presenting the malicious score to an analyst user of the network.