	US RE50,199 E1
	System and method for detecting a malicious activity in a computing environment
Keith Amidon, Los Altos, CA (US); Michael Callahan, Palo Alto, CA (US); Debabrata Dash, San Jose, CA (US); and Gary Golomb, Los Gatos, CA (US)
Assigned to ARISTA NETWORKS, INC., Santa Clara, CA (US)
Filed by AWAKE SECURITY LLC, Santa Clara, CA (US)
Filed on Feb. 22, 2022, as Appl. No. 17/677,084.
Application 17/677,084 is a reissue of application No. 15/042,127, filed on Feb. 11, 2016, granted, now 10,237,287, issued on Mar. 19, 2019.
Int. Cl. G06F 12/14 (2006.01); H04L 9/40 (2022.01); H04L 29/06 (2006.01)

CPC H04L 63/1416 (2013.01) [H04L 63/1433 (2013.01)]

18 Claims

1. A method for detecting a likely [ malware ] threat from a malicious attack [ by malware] , comprising:

monitoring a communication between a user computer and at least one destination computer by a security appliance;

extracting selective information from the communication by the security appliance;

detecting one or more weak signals [ indicative ] of a likely malware threat based on the extracted selective information from the communication, by the security appliance [ , wherein each of the one or more weak signals is associated with one of a plurality of attack phases] ;

evaluating one or more weak signals for the likely malware threat based on a threshold value by the security appliance ~~; and~~ [ , including:

determining a first plurality of threat levels based at least on the one or more weak signals and their associated attack phases;

selecting a highest threat level among the first plurality of threat levels; and

increasing a value of the selected threat level based on interactions of the user computer with at least one destination computer; and ]

initiating a corrective action for the likely malware threat based [ at least ] on the ~~evaluation of the one or more weak signals for the likely malware threat by the security appliance~~ [ increased value of the selected threat level] .