US Patent 10382467 Recursive multi-layer examination for computer network security remediation

Computer-implemented methods and apparatuses for recursive multi-layer examination for computer network security remediation may include: identifying one or more first communications originating from or directed to a first node; identifying at least one of a protocol and an application used for each of the one or more first communications; examining each of the one or more first communications for malicious behavior; receiving a first risk score for each of the one or more first communications responsive to the examining; determining the first risk score associated with one of the one or more first communications exceeds a first predetermined threshold; and indicating the first node and a second node in communication with the first node via the one of the one or more first communications are malicious. Exemplary methods may further include: providing the identified malicious nodes and communications originating from or directed to the malicious nodes.