Browse Prior Art Database

Method and System to Reduce Security Threats Through Dynamic Use of Trending Terms

IP.com Disclosure Number: IPCOM000214905D
Publication Date: 2012-Feb-10
Document File: 3 page(s) / 56K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method and system to reduce attack vectors and incidence of malware in the end-user IT environment. The method provides dynamic updating, in near-real time, of malware protection systems to enable them to address new threats as they occur.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Method and System to Reduce Security Threats Through Dynamic Use of Trending Terms

When a highly popular and/or viral media topic arises on the Internet, it is immediately used by attackers to lure end-users toward malicious sites or to propagate malware within the network. Examples of trending-related postings with malicious intent include, but are not limited to:


• Emails or links to websites circulated on the Internet claiming to contain pictures of a significant event, but in fact they only contain malware or linked to sites with malware


• Trending topic links that prompt users to accept the download of a file and then installs a fake antivirus on their computers when they do so


• Search terms related to trending topics that cause the user to expose their computer to malware attack

The disclosed solution is a method and system to reduce attack vectors and incidence of malware in the end-user IT environment, comprising:

• Use of top trending terms from public Internet media sources (e.g., news feeds, search engines, social media, etc.)
• Dynamically created threat signatures


• System to provide those threat signatures in near real-time to existing security solutions for protection against email spam, viruses, network/host intrusions, phishing, and pharming

The advantage this invention provides is the dynamic updating, in near-real time, of malware protection systems to enable them to address new threats as they occur. This invention stays ahead of attacks by monitoring the public media environment on a real-time basis, collecting and analyzing trending terms, and automatically updating security management applications based on those trending terms before attacks start to occur. This forms a unique integration of existing elements, which accomplishes real-time identification of zero-day trending terms to be utilized in security management solutions.

Figure 1*: The system for this invention

1


Page 02 of 3

Using the system shown in Figure 1, the invention works as follows:

1. The Trending Term Retrieval Service creates a programmatic feed of trending terms from Internet search engines, news sites, and social websites. The mechanism for doing this varies between data sources. For example, the Twitter* and/or Facebook* APIs are examples of existing APIs that could be used at this stage. The collection of top trending words/phrases occurs, ideally, on a configurable, periodic basis.

2. The Trending Te...