| CPC H04L 63/0884 (2013.01) [H04L 61/4511 (2022.05); H04L 63/0272 (2013.01); H04L 63/0281 (2013.01); H04L 67/02 (2013.01); H04L 67/10 (2013.01); H04L 67/1001 (2022.05); H04L 67/125 (2013.01); H04L 67/51 (2022.05); H04L 67/56 (2022.05); H04L 67/563 (2022.05); H04L 67/564 (2022.05); H04L 69/162 (2013.01); H04L 2101/663 (2022.05)] | 17 Claims |
|
1. A non-transitory computer-readable medium configured to store executable instructions enabling a processor of a user device to perform the steps of:
intercepting network packets originating from one or more source applications operating on the user device,
discovering an origin source application of the one or more source applications associated with the network packets bound for a private address space,
recording a tuple associated with the discovered origin source application, the tuple defining a sequenced list related to the source application comprising any of an application name and a network type,
sending the tuple regarding the discovered origin source application to a cloud server to request an analysis of the tuple,
upon receiving an allow instruction from the cloud server, allowing the network packets to flow normally to a destination associated with the private address space, and
upon receiving a deny instruction from the cloud server, dropping the network packets, wherein upon receiving a caution instruction from the cloud server, the executable instructions further enable the processor to allow the network packets to flow normally and redirect a copy of the network packets and additional network transaction information to the cloud server for further analysis of the tuple.
|