Method and system for remotely detecting parasite software
| Title: | Method and system for remotely detecting parasite software |
|---|---|
| Patent Number: | 8,065,413 |
| Publication Date: | November 22, 2011 |
| Appl. No: | 12/638421 |
| Application Filed: | December 15, 2009 |
| Abstract: | An IP usage pattern of a first computer system is monitored by a second computer system that is remotely located from the first computer system. The second computer system is associated with an ISP. First parasite software may be identified based on an abnormal change in the IP usage pattern. The abnormal change in the IP usage pattern may be detected by comparing the IP usage pattern to a baseline model of IP usage for the first computer system. Anti-parasite software associated with the first parasite software may be forwarded from the ISP to the first computer system. |
| Inventors: | Armanino, Frederick (San Antonio, TX, US); Meng, Kevin (San Ramon, CA, US); Ou, Sam (San Ramon, CA, US); Gemelos, Steven (Cupertino, CA, US) |
| Assignees: | AT&T Intellectual Property I, L.P. (Atlanta, GA, US) |
| Claim: | 1. A method comprising: monitoring an internet protocol usage pattern of a first computer system at a second computer system of an internet service provider that is remotely located from the first computer system; using the second computer system to identify first parasite software at the first computer system based on an abnormal change in the internet protocol usage pattern, wherein the abnormal change in the internet protocol usage pattern is detected by comparing the internet protocol usage pattern to a baseline model of internet protocol usage for the first computer system; and in response to identifying the first parasite software, forwarding anti-parasite software from the internet service provider to the first computer system. |
| Claim: | 2. The method of claim 1 , wherein the anti-parasite software automatically mitigates the first parasite software. |
| Claim: | 3. The method of claim 1 , wherein the internet service provider charges a fee to automatically mitigate the first parasite software when the first computer system is associated with a basic tier internet service subscriber. |
| Claim: | 4. The method of claim 1 , wherein the first parasite software is automatically mitigated by the internet service provider without an additional charge when the first computer system is associated with an advanced tier internet service subscriber. |
| Claim: | 5. The method of claim 1 , further comprising: using the second computer system to identify second parasite software at the first computer system based on a second abnormal change in the internet protocol usage pattern, the second abnormal change associated with the second parasite software; and in response to identifying the second parasite software, forwarding second anti-parasite software from the internet service provider to the first computer system to automatically mitigate the second parasite software. |
| Claim: | 6. The method of claim 1 , wherein the first computer system is communicatively coupled to the second computer system via a digital subscriber line access multiplexer. |
| Claim: | 7. The method of claim 6 , wherein the second computer system is co-located with the digital subscriber line access multiplexer. |
| Claim: | 8. The method of claim 1 , wherein the first computer system is communicatively coupled to the second computer system via one of a satellite internet service, a terrestrial wireless internet service, and a cable-modem-based internet service. |
| Claim: | 9. The method of claim 1 , wherein the first computer system includes a mobile communication device. |
| Claim: | 10. A system comprising: a processor; an internet protocol usage monitor associated with an internet service provider, the internet protocol usage monitor executable by the processor to monitor an internet protocol usage pattern of a remotely-located computer system; a database that stores a baseline model of internet protocol usage for the remotely-located computer system; an abnormal internet protocol usage detector associated with the internet service provider, responsive to the internet protocol usage monitor, the abnormal internet protocol usage detector executable by the processor to identify parasite software at the remotely-located computer system based on an abnormal change in the internet protocol usage pattern, wherein the abnormal internet protocol usage detector detects the abnormal change in the internet protocol usage pattern by comparing the internet protocol usage pattern to the baseline model of internet protocol usage for the remotely-located computer system; and a parasite software mitigator associated with the internet service provider, the parasite software mitigator executable by the processor to forward anti-parasite software from the internet service provider to the remotely-located computer system to automatically mitigate the parasite software in response to identifying the parasite software. |
| Claim: | 11. The system of claim 10 , wherein the internet protocol usage pattern includes at least one of a time-of-day usage pattern, a data volume pattern, an internet protocol service pattern, and a pattern of one or more transfer protocols that are used by the remotely-located computer system. |
| Claim: | 12. The system of claim 11 , wherein the one or more transfer protocols include one or more of hypertext transfer protocol, simple mail transfer protocol, peer-to-peer protocol, voice over internet protocol, and file transfer protocol. |
| Claim: | 13. The system of claim 10 , wherein the baseline model of internet protocol usage for the remotely-located computer system indicates that only hypertext transfer protocol sessions are initiated from the remotely-located computer system, and wherein the abnormal change in the internet protocol usage pattern includes an initiation of a file transfer protocol session from the remotely-located computer system. |
| Claim: | 14. A method comprising: monitoring an internet protocol usage pattern of a first computer system at a second computer system that is remotely located from the first computer system, wherein the second computer system is associated with an internet service provider; identifying parasite software at the first computer system based on an abnormal change in the internet protocol usage pattern associated with the parasite software, wherein the abnormal change in the internet protocol usage pattern is detected by comparing the internet protocol usage pattern to a baseline model of internet protocol usage for the first computer system; determining whether the first computer system is associated with one of a basic tier internet service subscriber and an advanced tier internet service subscriber; and upon determining that the first computer system is associated with the advanced tier internet service subscriber, forwarding anti-parasite software from the internet service provider to the first computer system to automatically mitigate the parasite software. |
| Claim: | 15. The method of claim 14 , wherein the parasite software is automatically mitigated by the internet service provider without an additional charge when the first computer system is associated with the advanced tier internet service subscriber. |
| Claim: | 16. The method of claim 15 , further comprising: upon determining that the first computer system is associated with the basic tier internet service subscriber, forwarding the anti-parasite software from the internet service provider to the first computer system to automatically mitigate the parasite software; and sending a billing statement from the internet service provider to a user associated with the first computer system, wherein the billing statement indicates that the parasite software was automatically mitigated by the internet service provider. |
| Claim: | 17. The method of claim 15 , wherein the anti-parasite software is not forwarded to the first computer system upon determining that the first computer system is associated with the basic tier internet service subscriber. |
| Claim: | 18. The method of claim 15 , wherein the parasite software includes one of spyware and adware. |
| Claim: | 19. The method of claim 15 , wherein the baseline model of internet protocol usage includes a device-specific baseline model that is determined based on a pattern of internet protocol usage associated with the first computer system. |
| Claim: | 20. The method of claim 15 , wherein the baseline model of internet protocol usage includes a general baseline model that is determined based on a general model of internet protocol usage. |
| Current U.S. Class: | 709/224 |
| Patent References Cited: | 6085324 July 2000 Ogram 7092398 August 2006 Schweitzer 7293081 November 2007 Motoyama et al. 2003/0140137 July 2003 Joiner et al. 2004/0193923 September 2004 Hammond et al. 2006/0028996 February 2006 Huegen et al. 2008/0294780 November 2008 Lanahan et al. 2008/0307488 December 2008 Hammond et al. |
| Primary Examiner: | Addy, Thjuan K |
| Attorney, Agent or Firm: | Toler Law Group |
| Accession Number: | edspgr.08065413 |
| Database: | USPTO Patent Grants |
| Language: | English |
|---|