The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

H04L 63/10 (2013.01); H04L 12/244 (2013.01); G06F 21/53 (2013.01); G06F 21/6218 (2013.01); H04L 63/145 (2013.01); G06F 2221/2141 (2013.01);

Abstract

Malware detection is often based on monitoring a local application binary and/or process, such as detecting patterns of malicious code, unusual local resource utilization, or suspicious application behavior. However, the volume of available software, variety of malware, and sophistication of evasion techniques may reduce the effectiveness of detection based on monitoring local resources. Presented herein are techniques for identifying malware based on the reputations of remote resources (e.g., web content, files, databases, IP addresses, services, and users) accessed by an application. Remote resource accesses may be reported to a reputation service, which may identify reputations of remote resources, and application reputations of applications that utilize such remote resources. These application reputations may be used to adjust the application policies of the applications executed by devices and servers. These techniques thereby achieve rapid detection and mitigation of newly identified malware through application telemetry in a predominantly automated manner.

Find Patent Forward Citations