METHOD AND DEVICE FOR DETECTING A SUSPICIOUS PROCESS BY ANALYZING DATA FLOW CHARACTERISTICS OF A COMPUTING DEVICE
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
N/A
Issued Date -
N/A
app pub date -
Mar 14, 2016
filing date -
Mar 20, 2015
priority date (Note) -
Published
status (Latency Note)
Importance
Abstract
Disclosed are methods and devices for detecting a suspicious process. Test values of data flow direction characteristics of a to-be-detected host and sample values of the data flow direction characteristics corresponding to the to-be-detected host in a data flow direction library are acquired, wherein the data flow direction characteristics comprise at least one of a process list and a network egress characteristic, and a data source characteristic. It is then determined that a suspicious process is detected when a test value of the process list is different from a sample value of the process list and/or a test value of the network egress characteristic is different from a sample value of the network egress characteristic in the case that a test value of the data source characteristic is the same as a sample value of the data source characteristic. It can be seen that the disclosed methods and devices for detecting a suspicious process according detect a suspicious process based on the data flow direction characteristics rather than the attack behaviors of applications. Moreover, because data flow direction characteristics change whenever data theft occurs, the methods and devices can accurately detect a suspicious process in which data might be stolen.
First Claim
Family
International Classification(s)
Cited Art Landscape
Patent Citation Ranking
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully