| CPC H04L 63/145 (2013.01) [G06F 21/564 (2013.01); G06F 21/566 (2013.01); G06F 21/568 (2013.01); H04L 41/22 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method comprising:
detecting one or more malicious activities at one or more devices connected to a network;
determining a malware root of the one or more malicious activities;
generating a network-wide malware mapping indicating a hierarchical relationship between all activities spawned by the malware root and the malware root,
wherein the network-wide malware mapping identifies all of the activities spawned by the malware root, including a plurality of activities spawned across a plurality of devices connected to the network as a result of the malware root;
assessing one or more effects of performing a network-wide rollback of at least one malicious activity spawned on at least one of the plurality of devices connected to the network, wherein assessing the one or more effects comprises assessing a risk associated with performing a rollback of an action previously performed on the at least one of the plurality of devices connected to the network wherein the risk is based, at least in part, on a determination indicating whether each activity spawned by the malware root is a malicious activity or a non-malicious activity; and
initiating a network-wide rollback of a plurality of malicious activities spawned across the plurality of devices connected to the network based, at least in part, on the risk associated with performing the rollback of the action previously performed on the at least one of the plurality of devices connected to the network.
|