CN100530208C - 适于病毒防护的网络隔离技术 - Google Patents
适于病毒防护的网络隔离技术 Download PDFInfo
- Publication number
- CN100530208C CN100530208C CN200480031322.7A CN200480031322A CN100530208C CN 100530208 C CN100530208 C CN 100530208C CN 200480031322 A CN200480031322 A CN 200480031322A CN 100530208 C CN100530208 C CN 100530208C
- Authority
- CN
- China
- Prior art keywords
- virus
- network
- packet
- client apparatus
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Abstract
描述了在具有多个服务器计算机和相关联客户机装置的分布式网络中将受感染的客户机装置与未受感染的客户机装置隔离的方法。该方法通过以下步骤执行:将网络有关病毒感染信息相关;根据相关信息确定病毒发作是否出现;当确认病毒发作时,将受感染的客户机装置与未受感染的客户机装置隔离;监视网络中的所有数据分组是否有病毒;识别与病毒相关联的分组类型;以及仅仅阻止识别的分组类型。
Description
技术领域
本发明一般涉及使用计算机的信息分析和屏蔽,并且具体地说,涉及用于从传送的媒体截接和删除计算机病毒与蠕虫的配置和方法。
背景技术
随着因特网的日益普及,现有每天有成千上百万的用户从其主机连接到因特网以进行电子商务交易,执行信息搜索和/或下载可执行程序以增强其自己的主机的功能和性能。这些用户与其它主机服务器之间在因特网上的交互一般涉及传送一定量的数据,这些数据可包括静态可显示信息和可执行的计算机代码。一般而言,静态可显示信息指要在主机上显示的静态信息,而可执行代码或“可执行的”指配置为在主机上执行以执行某一任务的计算机指令。
通常,因特网的大部分可下载数据是有用或至少无害的内容材料。然而,存在着一类可执行代码,如果该类执行代码下载并在主机上执行,则可能对操作系统、硬件和/或主机的其它软件施以严重破坏。这些可执行文件包括通常所述的计算机病毒和/或蠕虫。
计算机病毒是一段通常伪装成其它内容的编程代码,它可导致一些意外且通常不良的事件(对于受害者而言)。病毒通常设计为可跨网络连接自动扩展到其它计算机用户。例如,通过将病毒做为电子邮件消息的附件发送,通过从其它网站下载受感染的程序设计,和/或通过从软盘或CD-ROM将它们导入计算机,均可传送病毒。处理电子邮件消息、下载文件或软盘的源应用通常意识不到病毒。一些病毒在其代码执行时施以其影响;其它的病毒处于静止,直至环境促使计算机执行其代码。一些病毒十分有害,导致硬盘需要重新格式化或以不必要的业务阻塞网络。
计算机蠕虫很类似于病毒,表现在蠕虫是一个小的软件,使用计算机网络和安全漏洞自身拷贝。蠕虫的副本扫描网络以检测是否另一机器具有特定的安全漏洞。安全漏洞一旦被发现,蠕虫便使用该安全漏洞而自身拷贝到新机器,然后使用新感染的计算机开始自身拷贝,以便感染连接到该计算机的其它计算机。虽然蠕虫不改变文件,但驻留在活动存储器中并自身拷贝,蠕虫使用自动且用户通常看不到的操作系统的部分。因此,通常只在蠕虫不受控制的拷贝消耗系统资源,从而减慢或停止其它任务时才受注意。
为防止蠕虫,计算机网络(如公司局域网或广域网)的用户和管理员长期以来采用了设计成检测和阻止蠕虫感染计算机系统的多种工具。例如,在公司局域网(LAN)中,网络管理员可采用代理服务器(置于LAN的主机与因特网之间)及各个计算机,以执行设计成防止蠕虫感染的多种防御策略中的任一策略。一个此类防御策略依赖计算机动作的行为监控。在行为监控中,保持了有关每个计算机采取的动作的历史数据库,该数据库随后由监控程序(启发式引擎)用于比较特定计算机执行的当前动作。在行为监控程序认为当前动作与历史标准实质上不同的那些情况下,行为监控程序将该特定的计算机标记为可能被蠕虫感染。一旦这样标记,便可采用适当的动作。
在每天防止计算机病毒和其它终端装置病毒的努力中,最终用户不断寻找接种的方式以防止此类病毒。由于常规的防病毒技术一般依赖已经识别的病毒,因此,即使对于防病毒防火墙和各种其它防病毒保护软件和协议严密防护的公司网络,一些病毒仍实现对网络的渗透和感染,从而造成极大的损害。具体而言,常规防病毒保护通常对防止已知的计算机病毒有效,但对阻止未知的病毒可能无效。因此,诸如连接到局域网(LAN)或广域网(WAN)的计算机等终端装置对于未知病毒一般无法使用常规防病毒软件而引用有效的防病毒保护。
连接到网络的终端装置或计算机受到渗透到网络中的未知病毒的攻击时,网络管理程序负责防护此类攻击并尽快将网络恢复到正常操作状态。网络中的准备程度取决于知道病毒成功渗透公司网络的概率。
入侵检测系统(IDS)产品通过扫描查找协议层中异常的网络分组而抵消网络类型的攻击,包括一种在主机基础IDS中称为应用行为监控(ABM)的方法。ABM跟踪了解目标应用的行为模式,并通过允许良性(已知)行业模式通过禁止或阻止未知或恶性的行为模式而保护网络系统。
常规防病毒软件设置特殊的警报级别以便网络系统的系统管理员及早检测到病毒发作。警报级别的设置变得很重要。如果警报级别设得太低,则可能引起错误的计算机病毒确定,从而使良性应用被错误地认为是病毒。如果警报级别设得太高,则某些计算机病毒将未被检测到并被允许进入网络。
常规防病毒软件仍依赖防病毒服务提供商的支持系统生成治疗措施。此类实践严重依赖服务提供商获得病毒样本、实施病毒分析、生成适当的治疗措施及将它们部署到最终用户方面的响应时间。虽然此类支持系统在某些级别可能有效,但某些最终用户(如公司网络的系统管理员)仍需要提供更佳提前时间和效率以防止计算机病毒突然发作的解决方案。
因此,在技术上需要一种克服本领域中至少上述缺陷的网络级别防病毒方法和系统。一般而言,在技术上需要一种具有用于预计和检测计算机病毒发作的多级别防病毒功能的防病毒方法和系统。具体而言,需要一种提供受感染客户机装置和还未受感染的客户机装置隔离的系统和方法。
发明内容
为实现上述需要,并且根据本发明的目的,描述了用于监控网络以查找计算机病毒的系统和方法。
在第一实施例中,描述了在具有多个服务器计算机和相关联客户机装置的分布式网络中将受感染的客户机装置与未受感染的客户机装置隔离的方法。该方法通过以下步骤执行:将网络有关病毒感染信息相关;根据相关信息确定病毒发作是否出现;当确认病毒发作时,将受感染的客户机装置与未受感染的客户机装置隔离;监视网络中的所有数据分组是否有病毒;识别与病毒相关联的分组类型;以及仅仅阻止识别的数据分组。
在另一个实施例中,描述可在具有多个服务器计算机和相关联客户机装置的分布式网络中执行的计算机程序产品、用于将受感染的客户机装置与未受感染的客户机装置隔离的计算机程序产品。上述计算机程序产品包括:用于将网络有关病毒感染信息相关、根据相关信息确定病毒发作是否出现的计算机代码;用于在确认病毒发作时将受感染的客户机装置与未受感染的客户机装置隔离的计算机代码;用于监视网络中的所有数据分组是否有病毒的计算机代码;用于识别与病毒相关联的分组类型的计算机代码;用于仅仅阻止识别的数据分组的计算机代码;以及用于存储代码的计算机可读媒体。
附图说明
通过参照结合附图的以下说明,可最好地理解本发明及其其它优点。
图1显示根据本发明实施例,具有网络病毒监视器的分布式网络;
图2是具有活动网络病毒监视器的图1所示分布式网络;
图3显示图1的分布式网络,由此网络病毒监视器在登记所有连接的客户机装置;
图4显示图3的分布式网络,由此网络监视器在备用模式操作并标记了病毒事件;
图5显示图2的分布式网络,由此网络病毒监视器内联模式操作;
图6A-6B显示根据本发明实施例,具有由于病毒发作和病毒清洁过程而产生的分割部分的示范分布式网络;
图7显示根据本发明实施例的示范病毒结构和相关联的防病毒结构;
图8显示根据本发明实施例的示范病毒监视器;
图9显示在备用模式操作的图8病毒监视器;
图10显示在备用模式操作的图9所示病毒监视器的示范安全模块和文件扫描模块;
图11显示在内联模式操作的图9所示病毒监视器的示范安全模块和文件扫描模块;
图12显示根据本发明实施例的一个流程图,详细介绍了用于监视网络以检测病毒的进程;
图13显示根据本发明实施例的一个流程图,详细介绍了用于将暂时的新客户机装置引入网络的进程;
图14显示根据本发明实施例的一个流程图,详细介绍了用于将非暂时的新客户机装置引入网络的进程;
图15显示根据本发明实施例的一个流程图,详细介绍了网络段隔离进程;
图16显示根据本发明实施例的一个流程图,详细介绍了病毒清洁进程;
图17显示根据本发明实施例的一个流程图,详细介绍了用于为一组受感染计算机执行自动病毒清洁/治疗措施的进程;
图18显示根据本发明实施例,用于自动治疗和清洁的进程;
图19显示用于执行本发明功能的计算机系统的系统方框图,功能包括对怀疑有计算机病毒、蠕虫的数据分组进行扫描、删除、截断和隔离等。
具体实施方式
现在将详细参考本发明的优选实施例。附图中示出优选实施例的一个示例。虽然结合特定的实施例描述了本发明,但可理解,这不是要将本发明限制为该具体实施例。与此相反,这是要涵盖可包括在如所附权利要求书定义的本发明精神和范围内的替代、修改和等同物。
在网络级别上,常规防病毒软件仍依赖防病毒服务提供商的支持系统生成治疗措施。此类实践严重依赖服务提供商获得病毒样本、实施病毒分析、生成适当的治疗措施及将它们部署到最终用户方面的响应时间。虽然此类系统在一些级别上可能有效,但某些最终用户(如公司网络的系统管理员)仍需要提供更佳提前时间和效率以防止计算机病毒突然发作的解决方案。这是特别重要的,因为网络的大小在增加,并且为网络中的每个组件包含防病毒软件的可行性费用高得无人问津。另外,一旦计算机违反了网络的完整性,识别和清洁受影响计算机均将极为困难、耗时和昂贵。这特别有意义,因为所有受感染的计算机必须被识别、清洁和接种以防止将来感染。
因此,本发明描述了一种网络级别病毒监视系统,能够根据系统管理员的具体需要以多个检查模式中任一模式监视网络业务流。监视提供了病毒攻击的早期警告,从而有利于针对遏制病毒发作的隔离过程。通过提供此类早期警告,网络病毒监视器减少了最终受病毒攻击影响的计算机数量,伴随的是减少了系统修复成本和停机时间量两者。这样,本发明的网络病毒监视器在系统正常运行时间提高和系统损失降低方面提供了大大改进。在此类系统包括在具有多个服务器计算机和相关联客户机装置的分布式网络中时,为提高其效率,所述系统包括耦合到网络病毒/蠕虫感测器的网络病毒感测器自登记模块,被安排成自动自行登记相关联的网络病毒/蠕虫感测器。
在本发明的一个实施例中,监视系统包括耦合到多个互连计算装置的分布式网络的病毒监视装置。在所述实施例中,病毒监视装置包括安排成检测网络的业务流中网络计算机病毒的病毒监视器。监视装置也包括耦合到网络监视器的网络计算机病毒发作警告单元,被安排成提供网络计算机病毒的早期警告。对网络计算机病毒发作警告单元作出响应的网络计算机病毒警告响应单元被安排成隔开受网络计算机病毒影响的网络段,或者阻止网络计算机病毒。
现在将在互连客户机装置的网络情境中描述本发明。此类客户机装置可包括台式计算机、膝上型计算机、诸如个人数字助理(或PDA)的瘦客户机装置、嵌入式设备等。虽然是使用互连计算机和计算装置的网络描述,但本发明的范围和意图扩展到病毒和/或蠕虫发现值得攻击的所有那些装置。此外,仅为此论述起见,互连装置彼此通过基于分组的通信协议进行通信。此类协议包括本领域熟知的TCP(传输控制协议)/IP(因特网协议)。TCP是规则集,与IP一起使用以便通过因特网在计算机之间以消息单元形式发送数据。虽然IP负责处理数据的实际输送,但TCP负责留意消息分割成的各个数据单元(称为分组)以便通过因特网有效路由。
例如,在超文本传送协议(HTTP)文件从Web服务器发送时,该服务器中的传输控制协议(TCP)程序层将文件分成一个或多个分组,为分组编号,然后将它们各个转发到IP程序层。虽然每个分组具有相同的目的地IP地址,但它可通过网络不同地路由。在客户机计算机处的另一端,TCP层将各个分组重新组合,并一直等到它们到达以便将它们作为单个文件转发。然而,应注意的是,本发明很适合与如SMTP之类的其它通信协议配合使用。
因此,图1显示根据本发明实施例的在具有网络病毒监视器102的分布式网络100上实现的病毒监视系统。如图所示,网络100是包括多个单独的客户机装置104-116的分布式计算环境。客户机装置可采用任一计算装置形式,具有易受计算机病毒或蠕虫攻击的机上存储器。此类装置包括但不限于计算机(台式和膝上型)和诸如个人数字助理(PDA)的手持式瘦客户机装置。
通常,网络使用地区分类、管理分类和详细的信息划分为分层结构。分层结构因此以具有多级别的图形式显示。因此,网络100按照具有三层分层结构的分层网络体系结构来构建。在此特定体系结构中,各种多服务交换机用于在网络的第一层(即,例如因特网骨干)提供用户服务。
层1交换机(显示为交换机118)可用于合并来自许多用户的业务,并且也可执行根据网络体系结构的业务整形。一些情况下,层1交换机118随后可连接到层2交换机120,而层2交换机120又连接到层3交换机122,从而提供进一步的业务集中。这样,分层体系结构提供扩展网络可缩放性的模块化方式,使电信公司能够在用户要求需要时向网络拓扑增加交换能力。因此,根据包括第1层、第2层、第3层等的多层网络描述网络100。例如,客户机装置104-116形成最低级别层(即,第3级),而病毒监视器102形成下一更高阶层(即,第2级)等。
除提供可缩放性外,网络100的分层体系结构提供网络病毒监视器102的拓扑有利定位。例如,在目前的情况中,病毒监视器102位于层2交换机120与各种客户机装置104-116耦合到的更低级别层3交换机122之间。这样,层2交换机(例如,可直接耦合到因特网骨干)与任一层3交换机之间的所有网络业务可由任一客户机装置前某一点的病毒监视器102监视。通过提供防止可能病毒攻击的壁垒,病毒监视器102为病毒检测、病毒发作保护及需要时的病毒发作清洁和恢复提供了焦点,而这又有效地防止各种客户机装置受到病毒的攻击。应注意的是,入坞端口125可包括在网络100中,安排成接受暂时或访问者客户机装置。
在所述实施例中,每个病毒监视器102耦合到控制器126,而控制器又耦合到服务器计算机128(或多个服务器计算机),每个服务器计算机可配置为具有诸如下面以一定细节描述的监视器、键盘和鼠标等各种用户接口装置的独立服务器计算机。在所述实施例中,服务器计算机128是网络可连接的计算机或服务器装置,如运行UNIX操作系统的工作站,或运行Windows NTTM或Windows XPTM操作系统的计算机。控制器126包括用于存储和获得多个检测规则以检测计算机病毒的规则引擎130和发作防护政策(OPP)分配与执行引擎132,该引擎132提供适合系统管理员使用以防止病毒发作及修复病毒发作引起的任何随后损害的防病毒政策、协议和过程集。应注意的是,在规则引擎130和在OPP分配与执行引擎132中出现的检测规则、政策和过程可根据需要,通过服务器计算机128定期更新。
另外,控制器126(一些情况下可能位于分开的位置)也用于在某种程度上基于观察到的异常事件的统计结果,确定不同监视器102观察到的异常事件是否可能为计算机病毒。另外,服务器128可提供从已知和未知但随后被分析的那些病毒衍生并基于那些病毒的病毒清洁代理。这样,即使在以前未知的病毒代理攻击网络100的各个组成部分的那些情况下,服务器128提供的病毒分析可有利于隔离操作(通过网络分段协议)和随后的病毒清洁(通过病毒清洁代理)与修复(通过病毒修复代理)。除提供缓和或治疗服务外,服务器128也能够提供用于在那些受感染的计算机(但随后被清洁)和那些未受感染但易受到病毒代理将来攻击的计算机上防止将来攻击的病毒接种代理。在所述实施例中,一些客户机装置也可包括存储用于检测计算机病毒的规则信息和参数的客户机规则集(CRS)134。应注意的是,存储在CRS 134中用于检测计算机病毒的规则信息和参数可预安装在每个装置中,或者如果不存在,可直接通过服务器128或通过控制器126和/或病毒监视器102下载到该特定客户机。
在安装阶段期间(或初始化阶段期间),通过收集某环境信息(如所有相关客户机装置的IP地址)及网络100内的自配置,例如,通过自身为病毒监视器102确定适当的IP地址,每个病毒监视器102进行自身登记。除自身登记外,病毒监视器102将搜索适当的控制器126(例如,如最近的控制器),一旦找到后,便相应地向它登记。
具体参照图2,一旦病毒监视器102完成安装和/或登记进程,控制器126便从服务器128接收最新政策和过程集的更新OPP文件135和最新病毒检测规则的规则集136(如果需要)。一旦控制器126接收后,OPP文件135和规则集136便转发到每个病毒监视器102,以便在认为适当时提供最新的规则和病毒过滤器和模式。例如,OPP文件135由OPP分配与执行引擎132用于应用适当的病毒政策(如,要扫描是否有病毒的特定文件类型),而规则集136由规则引擎130用于实践特定的病毒检测规则。应注意的是,在任一操作平台中可配置各种监视器、控制器和服务器。例如,此类平台包括嵌入式Linux、基于PC的Linux或Windows(如上所述),并且在一些情况下需要更高级别资源时,可使用Sun SPARCTM平台等。
一旦各种病毒监视器102通过最新的规则和政策进行更新,病毒监视器102便将执行防病毒安全政策执行过程,由此耦合到病毒监视器102的每个客户机装置被查询,以便确定该客户机装置是否安装了适当和正确的防病毒软件。此类适当的防病毒软件可包括诸如加利福尼亚州库珀蒂诺(Cupertino)的Trend Micro等任意多个公认供应商的任何公认防病毒软件等。然而,应注意的是,任何时候耦合新客户机装置到病毒监视器102时,也将以类似的方式查询新连接的客户机装置。
在发现客户机装置未安装适当的防病毒软件的那些情况下,病毒监视器102具有任意数量的选择用于响应。大多数情况下,病毒监视器102将引导目标客户机装置(即,发现没有适当的防病毒软件的客户机装置)到防病毒安装服务器138(这实际上可以为服务器128),并阻止到/自目标客户机装置和所有其它地址的所有业务,直至已正确安装了适当的防病毒软件时。
例如,病毒监视器102-1发送查询140到每个客户机装置110-116,请求确认每个客户机中已安装如OPP文件135中包含的政策所确定的适当的防病毒软件。在收到查询140后,每个客户机装置检查实际上存在适当的防病毒软件的确认。如果假设就客户机装置116而言,确定不存在软件或者安装的软件不适当(例如,基于OPP文件135中的政策),则客户机装置116只会被引导到防病毒软件安装服务器138而不是其它位置。此时,可选择在客户机装置116上显示用户界面,指出在安装正确的软件前,客户机装置116将无法与其它系统进行通信。然而,应注意的是,可使用由于其加密而基本上对病毒感染免疫的一些传输协议(如HTTPS)。
一旦在客户机装置116中已安装适当的防病毒软件,病毒监视器102-1便释放对用于客户机装置116的通信信道的锁定。这样,客户机装置116可以与网络100的其它装置进行通信。
在临时用户要连接到网络100的那些情况下,必须确定访问者客户机装置是否符合当前政策和规则。一般情况下,建议不要授予临时用户使用防病毒软件的许可,因为这不但成本高,而且将限制用于其它用户的可用许可数量。从访问者的立场而言,只在有限的时间安装防病毒软件也不合需要,因为软件可能与计算机上已经存在的防病毒软件有抵触,和/或需要难以得到的计算资源。因此,在来访者客户机装置要连接到网络的那些情况下,需要另一种方案。
具体而言,在本发明的特定实施例中,如图3所示,来访者连接到在此之前未知(对网络100)的客户机装置125时,病毒监视器102将查询来访者客户机装置125是否存在适当的防病毒软件。如果确定来访者客户机装置125未安装适当的防病毒软件,则在病毒扫描服务器模块142(这可能是或不是防病毒软件安装服务器138的一部分)扫描来访者客户机装置125的存储器前,到除防病毒软件安装服务器138外所有其它地址的访问均被阻止。
一旦来访者客户机装置125已被认为是无计算机病毒,则病毒扫描服务器142将使用令牌144传递到来访者客户机装置125。使用令牌144一般在有限的时间量(例如,1小时)内有效,在此之后,令牌必须重新验证。然而,在使用令牌144有效的时期期间,到/自来访者客户机装置125的所有信道均开通,并可用于传递网络业务。为重新验证使用令牌144,来访者计算机125必须请求新令牌,新令牌在一定程度上是基于来访者客户机装置125仍保持无计算机病毒(或蠕虫)的确定而授予。
此时,所有客户机装置(包括任何来访者客户机装置)已被确认为具有适当的防病毒软件(或具有有效的使用令牌),并且病毒监视器102准备开始监视网络业务是否存在计算机病毒(和/或蠕虫)。
通常,病毒监视器102根据政策和规则监视网络100的活动是否有异常事件,并在检测到异常事件时生成异常报告,该报告随后传送到控制器126。在一些实施例中,控制器126确定用于检测到的异常事件的警报级别,而在其它实施例中,控制器126将异常事件信息转发到服务器128,服务器128将评估数据,并在确定适当时将发送早期病毒警告到网络100中的其它病毒监视器。一些情况下,异常报告数据被转发到病毒攻击警告服务器,该服务器决定采取的动作过程以便防止病毒扩散。此类动作过程包括是否隔离网络100受影响的段,生成并分配病毒清洁代理到受影响的段,对网络中的其它计算机接种以防止病毒扩散,并最终在可能时修复病毒发作引起的所有损害。
为保护网络100,病毒监视器102持续监视网络业务是否有可能的病毒攻击。任一网络首要的考虑事项之一是可用带宽,表现在如果完全可能的话必须避免不必要地限制带宽(即,不受阻碍的网络业务流)的任何事物。因此,为将对网络业务流的影响降到最低(并因此保存带宽),病毒监视器102初始设为在称为备用模式的模式下运行。通过备用模式,意味着允许基本上所有数据分组继续在网络100中流动,具有警告,即病毒监视器102将使用分组的拷贝以确定是否存在病毒。
参照图4,病毒监视器102在备用模式中监视构成网络业务流(表示为网络业务流T1)的数据分组流。这样,网络100的带宽受到影响最小,因为网络业务流在病毒监视器102之前和之后均实质上保持恒定。实际上通过拷贝所有数据分组并使用拷贝的数据分组进行其分析,病毒监视器102监视网络业务(即,组成数据分组),实现这种网络带宽保存。这样,实际上不会有由于病毒监视器102的动作而导致的数据分组丢失。在一些实施例中,确定数据分组类型,并基于该分组类型,只拷贝被认为易受病毒攻击的那些分组类型。这样,执行病毒监视所需的资源仅限于为适当监视业务流所需的资源。
在病毒监视器102检测到一个或多个数据分组中可能的病毒的情况下(或在可能的入侵者攻击在进行的情况下),病毒监视器102生成事件标志。此事件标志使用规则集136和OPP文件135,提供基于检测到的病毒的信息及任何其它被认为有用的数据。一般情况下,事件标志直接传递到控制器126,而控制器126在一些情况下可将事件标志转发到服务器138以做进一步分析和/或部署任何补救行动,若有的话。
在一些情况下,事件标志表示的可能威胁太严重,因此,如图5所示,病毒监视器102的操作模式立即从备用模式更改为称为内联(inline)模式的模式,而无需控制器126的干涉。在内联模式中,业务流T1中的所有数据分组被分析而不进行拷贝,这样,确定为(或怀疑为)受感染的那些数据分组不许传回到业务流中(这种情况下,T1大于T2)。在此情况中,病毒被禁止传递到网络100和遍及网络100。在事件本身不会触发病毒监视器102而将操作模式更改为内联模式的其它情况下,来自控制器126的模式更改命令502或来自服务器128的模式更改命令504用于触发模式更改。这样,在速度对遏制可能病毒发作非常重要的那些情况下,本发明的防病毒系统具有向病毒监视器授权的额外优点。另一方面,在威胁不太明显或需要进一步分析的那些情况下,确定威胁可能性和执行防卫计划的责任可集中在更高级别的分析引擎中(例如,如系统管理员),从而减少误报警和不必要的系统关闭。
应注意的是,虽然在各个图中未明确显示,但病毒监视器的数量可以多达适当监视业务流所必需的数量。因此,在初期病毒攻击的情况下,极其需要尽可能快地确定病毒攻击的范围和攻击成为普遍的病毒发作从而威胁整个网络100完整性的概率。
因此,在相关联业务流中检测到病毒的每个病毒监视器102将发送对应的事件报告到相关联的控制器126。各个控制器又将各个事件报告转发到服务器128,在服务器中它们被整理和分析以便确定是否应生成病毒警告508。在生成病毒警告的情况下,病毒警告506发送到服务器128已确定最可能受病毒发作影响的那些控制器126。这样,任一系统管理员可查看网络100的当前状态,并获悉对系统总体或对可能视为重要段的选定段的可能威胁。
一旦已确定病毒发作在进行中,服务器128(或一些情况下,一个或多个控制器126)便将开始尝试使用多种工具遏制病毒发作。一个此类工具称为网络段隔离,该工具正如其名一样,从物理上将被认为受病毒影响的网络100的那些段与被认为最可能不受影响但可能受病毒威胁的那些段隔开。例如,在图6A中,控制器102(如此示例中服务器128所指)设立了网络段隔离协议,由此,网络段602已与网络100其余部分隔开。段602包括所有客户机装置104-125(包括可能恰巧在该时连接到网络100的任何来访者装置)。一旦隔开后,来自受影响客户机装置的所有业务便不再可随意流过整个网络,以便遏制病毒。一旦多个客户机装置已被识别为极可能受病毒V危害(如此例子中的客户机装置104和106),则受影响的客户机装置受到限制,这样,每个受影响的客户机装置甚至被禁止与受影响网络段中那些客户机装置进行通信。例如,受影响的客户机装置104和106只可彼此进行通信,而不可与网络段602中其它客户机装置108和125进行通信。
一旦识别了受影响的计算机,便将识别病毒清洁代理,该代理在使用时具有清洁受影响的计算机、为清洁的计算机接种以防随后的感染和对未受影响但受到威胁的计算机接种以防病毒感染的作用。
每个病毒至少有两个组成部分,并更可能有三个组成部分。图7说明代表性的计算机病毒结构700。一般情况下,病毒结构700包括检测模块、感染模块和作为在感染的计算机上执行的动作的有效载荷。有效载荷表示病毒与复制分开地执行的那些动作。有效载荷可能从烦人(例如,WM97/Class-D病毒,它重复显示诸如“I think′username′is a big stupidjerk”的消息)到灾难(例如,CIH病毒,它尝试改写Flash BIOS,这对一些机器会导致无法修复的损害)不等。
然而,在有效载荷有机会造成任何损害前,计算机病毒必须引入计算机中。此动作由检测模块702和感染模块704的动作实现。检测模块702确定某个特定的计算机是否已经被病毒V感染。如果尚未感染,则病毒V被引入该计算机的适当部分,在该部分感染(或有时称为复制模块或部分)会接手以尽量经常复制病毒V。一旦病毒V被成功引入和复制,每个病毒实例便将执行其相关联的有效载荷部分706以损害计算机系统。
然而,根据本发明的一个实施例,可使用病毒结构700开发防病毒代理710,该代理具有清洁受影响计算机,对那些计算机(和其它计算机)接种以防随后的感染和在需要时修复执行的病毒有效载荷部分706造成的任何损害的作用。为实现这些目标,防病毒结构V1使用修改(即使从病毒V的立场而言可识别)的病毒结构710。例如,防病毒检测模块712仍识别受病毒V影响的那些计算机,但不同于病毒检测模块702,防病毒检测模块712通过引入防病毒感染模块714而继续感染进程。这样,原病毒V由防病毒V1改写,由此设置最终的清理和修复阶段。一旦防病毒V1被引入,防病毒V1有效载荷部分716便修复由原病毒V造成的任何损害。应注意的是,防病毒V1的导出直接与原病毒V的结构相关(更象与相关联生物病毒相关的抗体),并因此对防止特定的病毒、病毒类或组有效。
再参照图6A,一旦受影响的客户机装置已被识别并隔开,服务器128便释放并引导防病毒代理V1到受影响的计算机(在此示例中为客户机装置104和106)。防病毒代理V1继续识别网络段602中的所有计算机,并开始系统性地“感染”网络段602中的所有计算机。对于受感染的客户机装置104和106,防病毒V1的检测模块712忽略每个装置已经感染了计算机病毒V的事实,并继续用防病毒代理V1“感染”这些装置。防病毒V1随后继续改写计算机104和106中的原病毒V,并执行修复有效载荷部分716。修复有效载荷716的作用同样取决于原病毒V造成的特定损害,并因此具体链接到病毒V和任何相关的病毒。但在任一情况下,已清洁和修复的计算机随后由防病毒V1接种,这样,病毒V或相关病毒的随后感染不可能。
对于病毒V未感染的那些计算机,防病毒代理V1用于对那些计算机接种(或可以说“锁上门”)以防计算机病毒V的随后感染。一旦确定网络段602中的所有计算机已清洁、修复和接种,或只进行了接种,便结束对网络段602(并且更重要的是以前感染了计算机病毒V的客户机装置104和106)的隔离。然而,有时要决定是否对网络100中的所有客户机装置接种以防止病毒V。决定必须考虑计算机病毒V的毒性、计算机病毒V的影响和至少部分由接种进程造成的网络100中断的任何可能性。此决定可在系统管理员级作出,或在一些情况下,可基于OPP中设置的标准作出。
例如,参照图6B,它示出针对已被病毒V感染的多个受感染客户机装置(即,客户机装置104和106)的防病毒代理V1。另外,多个在此之前未受感染的客户机装置(即,108、125和110-114)已被防病毒代理V1接种以防止病毒V的将来感染。
病毒监视器
现在转到病毒监视器102的具体实施,可是要注意所述实施例只是示范而不限制本发明的范围或意图。
相应地,图8说明病毒监视器800,作为病毒监视器102的一个可能实现。相应地,病毒监视器800包括通过网络接口804耦合到网络100的业务控制器802,网络接口804包括入侵者检测系统(IDS)模块806,用于评估可能的入侵者攻击。此类基于入侵者的攻击包括拒绝服务(DoS)攻击,由此,在短时间内向特定的服务器计算机发出大量的请求,导致受攻击的服务器计算机无法给其它合法请求者提供访问。IDS模块806基于单位时间间隔内在病毒监视器800的数据业务流的量而确定相关联的警报级别,如果数据业务流的量在预定时期内大于预定值,则这被指定为异常。
一般情况下,主机基础IDS(未示出)将警报阈值设得很高以减少检测病毒中的误报警率,这会导致在处理病毒发作方面的效率低和不灵活。与此相反,协作防病毒系统采用多级别警报阈值,最高的警报阈值类似于主机基础IDS的阈值。在最高阈值下,至少保持两个更低的阈值以将不同级别的可能病毒发作的活动分组。在这方面应注意的是,在一些实施例中,业务控制器802可以是分布式类型控制器,并可位于远程位置。远程位置是指业务控制器802可作为分立组件实施,每个组件彼此进行通信但不在同一物理容器内。然而,在所述实施例中,业务控制器802作为单独的组件包括在适当部署以监视网络100的更大装置(如病毒监视器102)中。
连接到业务控制器802的是安全模块808,它被安排应用所有相关的政策和规则(例如,如通过控制器接口810和控制器链路812由控制器126提供的一样)。安全模块808还提供某个特定的数据分组是否为可能受计算机病毒感染的类型的确定。例如,不太可能的是,加密类型的数据分组(如遵循HTTPS协议的那些)可能被病毒感染并因此不被传递以由文件扫描模块814进行分析。
在操作上,数据分组将被业务控制器802引导到安全模块808。在病毒监视器800处于备用模式时数据分组可以是原数据分组的拷贝,或者在病毒监视器处于内联模式时数据分组可以是原数据分组(两者均在下面更详细地描述)。一旦在安全模块808上,安全模块808便基于OPP文件135和规则集136中包括的组合政策,决定该数据分组是否为最可能受某个特定病毒影响的分组。如果安全模块808确定所述数据分组需要进行病毒扫描,则数据分组被传递到文件扫描模块814以便进一步分析。应注意的是,通过使用安全模块808已知的病毒或蠕虫的特征,文件扫描模块814用于扫描任一特定文件是否有如安全模块808确定的任一病毒和/或蠕虫。在任一点上,任一模块(即,业务控制器802、安全模块808或文件扫描模块814)可实时提交报告,或作为日志提交报告,或两者,从而提供有关其操作和结果的细节。在多数情况下,病毒监视器800响应选择信号S,在操作上设为所述的备用模式。
图9显示根据本发明实施例,在备用模式的病毒监视器800的特定示例。在备用模式时,业务控制器802中包括的或与其耦合的数据分组拷贝器单元902拷贝通过网络接口804从网络100传送的每个数据分组。应注意的是,在一些实现中,在预期到达数据分组拷贝器单元902前,数据分组类型分析在数据分组类型分析器(未示出)执行。在一些情况下,如果某个特定数据分组类型被视为不太可能受某个特定计算机病毒的影响,则该数据分组不被拷贝而只是在网络业务流中在其路径上发送,从而保存计算机资源以用于被视为更有问题的那些数据分组。
所述数据分组一旦由数据分组拷贝器单元902拷贝,便只传递拷贝的数据分组到安全模块808以进一步分析。然而,应注意的是,即使在拷贝的数据分组被确定为感染有病毒的那些情况下,原数据分组仍保持在网络业务流中,造成可能的感染威胁。为此,可选择在内部将病毒监视器800立即切换到内联模式,而无需控制器126基于文件扫描单元814执行的分析进行干预。
图10显示作为图9的病毒监视器900的特定实施例的病毒监视器1000的一部分。在所述实施例中,安全模块808包括安排成从数据分组拷贝器单元902接收拷贝的数据分组的分组协议确定器1006。应注意的是,在一些实施例中,拷贝的数据分组可在数据分组确定器1002获得前存储在数据缓冲器中。这样,病毒监视器900可利用由于数据分组流的管道输送而具有的所有优点。分组协议确定器1006的目的是为数据分组协议类型评估接收的数据分组。例如,数据分组协议类型可以是任意数量的协议,如HTTP、HTTPS、IMAP、POP3、SMTP等,并非所有这些协议易受计算机病毒的感染。因此,一旦已识别数据分组协议类型,比较器单元1008确定是否应由文件扫描模块1004进一步处理数据分组,或在多数情况下,将其废弃到垃圾收集单元1010。用于确定的基础一般情况下在OPP文件135中或规则集136中,任何时候需要时可根据需要更新OPP文件135或规则集136。
在比较器单元1008确定数据分组应由文件扫描模块1006扫描的情况下,数据分组传递到病毒扫描单元1012,该单元确定数据分组是否已被病毒感染。此确定例如是基于比较数据分组与特定病毒或病毒组的已知模式。在发现数据分组无任何病毒的情况下,数据分组被丢弃在垃圾收集单元1010,而如果发现数据分组感染有病毒,则在病毒分析器单元1014分析病毒。在所述实施例中,病毒分析可包括将病毒解析成其构成部分,从而暴露病毒的有效载荷部分。这样,最终可产生对清洁和修复均有用的防病毒代理。在一些情况下,病毒警告模块1016可选择将病毒警告1018发送到控制器126。病毒警告具有将可能的病毒攻击通知其它监视器及其相关联控制器以尝试挫败可能的病毒发作的作用。这样,可减轻病毒发作的任何影响。病毒分析器1014得出的分析又呈送给控制器126以便在需要时由服务器129进一步整理、相关和共同研究。
除在备用模式操作外(以保存网络带宽),在需要进行数据分组的全面分析和筛选时,也可选择在内联模式操作病毒监视器102。虽然,内联模式通过强制几乎所有数据分组通过病毒监视器102而稍微减少带宽,但由于任何感染的数据分组不会返回网络100(如在备用模式情况下一样),而是与网络100隔开以进行分析并最终丢弃在垃圾收集单元1010,因此,病毒发作可有效地被遏制。相应地,图11显示了根据本发明实施例,用于在内联模式操作的病毒监视器1100。在内联模式操作时,病毒监视器1100禁用了数据分组拷贝器单元902,这样,所有数据分组直接发送到安全模块808。在安全模块808确定了某个特定数据分组不是可能被某个特定病毒影响的分组的那些情况下,该数据分组通过网络接口804传回网络100。另一方面,那些被认为更可能受影响的数据分组直接传递到文件扫描模块814。未发现病毒的那些数据分组通过网络接口804被送回网络业务流,而发现被病毒感染的那些数据分组被保留以便进一步的分析、垃圾收集、隔离等。在一些情况下,文件扫描单元1104将发出指示执行的病毒分析的病毒报告1106。一般情况下,报告1106将转发到控制器126以便进一步分析和与整个网络100内其它病毒监视器生成的其它报告相关。
流程图实施例
现在将根据多个流程图描述本发明的方法,每个流程图描述实现本发明的特定进程。具体而言,图12-18描述了多个相互关联的进程,在单独或以任意组合方式使用时描述了本发明的各个方面。
图12显示根据本发明实施例的一个流程图,详细介绍了用于监视网络以检测病毒的进程1200。进程1200从1202开始,在任意数量的适当位置将病毒监视器连接到网络。一般情况下,这些位置是为病毒监视器提供对与其耦合的所有计算装置最大可视性的那些位置。例如,一般情况下,在层2与层3交换机之间耦合病毒监视器为随后的病毒监视提供了良好的有利点。一旦病毒监视器已连接到网络,在1204病毒监视器自身登记。此类自身登记包括在与病毒监视器相关联的网络中识别位置(如IP地址)和/或识别最近控制器的位置。一旦控制器已定位,在1206病毒监视器将自身链接到定位的控制器,在该处,病毒监视器在1208调用初始化过程。一般情况下,初始化过程包括通过控制器从服务器计算机下载规则集和发作保护政策(OPP)文件。
一旦初始化程序完成,在1210病毒监视器便监视网络业务(即,一般情况下的数据分组流)是否有多个和多种网络病毒中的任一病毒。如果在1212检测到病毒,则在1214识别或分析检测到的病毒以提供身份(如果是在此之前未知的病毒)。一旦病毒已被分析和识别,在1216控制器获悉病毒的身份。此时,控制器实质上同时执行多个操作中的任一操作。此类操作包括在1218重置病毒监视器以提供过滤类型监控,这样,确定为受病毒感染的数据分组不会被传回网络业务流。在所述实施例中,此特定模式称为内联模式,与最初初始化的备用模式不同,在备用模式中,拷贝数据分组以进行分析,从而允许原数据分组返回网络业务流。
除将病毒监视器从备用模式设为内联模式外,控制器在1220识别受影响或最可能受影响的那些客户机装置,并在需要高安全级别的那些情况下,控制器在1222将所有病毒监视器的所有病毒通知相关。基于受影响或可能受影响的客户机装置的识别和接收的病毒通知的相关,控制器在1224将确定为受影响和可能受威胁的那些客户机装置隔离。在1226,确定是否可自动治愈病毒。自动治愈病毒是指从受影响的计算机消除病毒,并自动修复任何损害。在一些情况下,所有客户机装置被接种以防受病毒或相关病毒的进一步感染。如果确定无法自动治愈病毒,则在1228手动清洁受影响的客户机装置,例如,在计算机蠕虫的情况下重新引导计算机系统,或在最糟的情况下,重新格式化受影响计算机的硬盘。
另一方面,如果确定受影响的计算机可自动治愈,则在1230,自动清洁受影响计算机,从而结束进程1200。应注意的是,在无法以及时和节省成本的方式治愈计算机的病毒的不太可能的情况下,因此受影响的计算机将与网络断开连接以便保持剩余互连装置的完整性。
在来访者客户机装置连接到受监视网络的那些情况下,通过使用根据本发明实施例的图13所示的流程图中详细介绍的进程1300而将来访者客户机装置引入网络。相应地,进程1300从1302开始,来访者客户机装置连接到受监视的网络的一部分中包括的来访者端口。在1304,确定来访者客户机装置是否符合包括可接受防病毒软件的最新网络防病毒政策。如果确定来访者客户机装置确实符合,则在1306符合的来访者客户机装置被授予暂时使用令牌,如使用令牌的条款和条件中所述一样,使用令牌提供有限时间量的网络访问。此类条款和条件可包括各种授权级别、安全级别等。一般情况下,使用令牌是用于持续的时期,并且不累计,因此,将来访者端口的可用性损失限制为只在该时期。
另一方面,如果来访者客户机装置被确定为不符合,则在1308来访者客户机装置被扫描是否有任何活动或潜在的病毒感染。如果在1310被扫描的来访者客户机装置通过病毒扫描,则在1306授予来访者客户机装置使用令牌,否则在1312确定是否要继续将来访者客户机装置连接到网络。如果连接要结束,则进程1300结束而不连接,然而,如果连接要继续,则在1314受感染的来访者客户机装置被清洁并修复任何损害,之后,控制传递到1306,在该处授予来访者客户机装置使用令牌。
一旦授予了使用令牌,在1316便授予对网络的访问,在此期间,在1318定期检查使用令牌的有效性。在已确定使用令牌无效的那些情况下,则在1320确定是否请求了新使用令牌。如果请求了新的使用令牌,则将控制传回1308以扫描来访者客户机装置,确保病毒未感染请求的装置,否则,进程1300正常结束。
在一些情况下,新客户机装置会永久性添加到网络(与来访者客户机装置的暂时添加不同),这种情况下,图14所示的进程1400随后确保符合防病毒安全政策。相应地,进程1400从1402开始,识别要添加到网络的新客户机装置。识别一般包括识别系统的类型、常驻操作系统、安装的防病毒软件(如果有)、网络地址(如IP地址)等。一旦正确识别了新客户机装置,在1404便确定正确的防病毒政策和协议集是否在适当位置。此类防病毒政策和协议包括正确的防病毒软件、过滤器等。此类适当的防病毒软件可包括诸如加利福尼亚州库珀蒂诺(Cupertino)的TrendMicro等任意数量的公认供应商的任何公认防病毒软件等。
如果确定新客户机装置确实在适当位置具有正确的防病毒政策和协议,则在1406,检索选定的装置信息。此类信息可与客户机装置的识别及有关网络连接的任何其它适当的信息相关,并且新客户机装置在1408连接到网络。
另一方面,如果确定正确的防病毒政策和协议没有在适当位置,则在1410,阻止除到防病毒软件安装服务器的访问外到所有其它地址的所有访问。一旦在1412授予对防病毒软件安装服务器的访问,在1414便确定是否要下载适当的防病毒软件到新来访者装置。如果确定不下载防病毒软件,则进程1400结束,新客户机装置不连接到网络。否则,控制传递到1406,并最终传递到1408,在该处,新客户机装置连接到网络。
一旦所有客户机装置连接到网络,任何病毒攻击便可通过构成称为网络段隔离的防御措施而在范围上受限制,由此网络受影响的部分在逻辑上与网络未受影响的部分隔开。更具体地说,图15所示的进程1500详细地描述了根据本发明实施例的网络隔离进程。相应地,进程1500从1502开始,在该处,控制器(或系统管理员)将各种病毒攻击报告相关。在多个报告相关时,控制器在1504确定是否确认了病毒发作。如果病毒发作已确认,则控制器在1506将受影响的客户机装置隔开(一般情况下通过客户机装置以物理或逻辑方式连接到的网络节点)。一旦发作已被确认,控制器便向病毒监视器发送信号,将操作模式切换到内联模式,从而在1508检查构成网络业务的所有数据分组是否有该病毒和相关病毒。一旦在1510病毒被识别,控制器便在1512指示病毒监视器只阻止受该特定病毒和相关病毒感染的那些数据分组。
一旦病毒已被识别,防病毒(或治疗代理)便通过根据本发明实施例的防病毒创建进程1600来创建。相应地,图16所示的进程1600从1602解析识别的病毒开始。解析病毒指识别病毒的各个组成部分。此类组成部分包括感染模块、检测模块和有效载荷模块。一旦识别了病毒的各个组成部分,便分析组成部分。更具体地说,在1604分析检测模块,在1606分析感染模块,并且在1608分析有效载荷模块。分析是指研究各个病毒组成部分,以确定感染模块和病毒有效载荷部分的有害作用可以在受感染系统上存在的情况下感染的方法。
应注意的是,分析可并发执行或以任意适当的顺序执行。一旦分析了各个组成部分,在1610便修改感染模块以感染已经被病毒感染的所有计算机(不考虑某个特定计算机可能已经被父病毒感染的事实),并且在1612修改有效载荷模块以“锁上门”(即,防止病毒再感染该计算机,或对它进行接种以防将来的病毒攻击)。一旦修改了各个模块,在1614便组合检测模块(未修改)、修改的感染模块和修改的有效载荷模块以在1616形成防病毒。应注意的是,在一些情况下,修改的有效载荷模块提供损害修复协议,修复由原病毒造成的损害。
图17显示根据本发明实施例的一个流程图,详细介绍了用于为一组受感染计算机执行自动清洁/治愈办法的进程1700。相应地,进程1700从1702开始,获得发现在感染网络中多个计算机的某个特定病毒的身份。一旦获得身份,在1704便接收已识别病毒的相关联防病毒,之后,在1706识别受感染的计算机。识别是指不但知道物理位置,而且也知道逻辑位置以及与计算机相关的任何其它有关信息。一旦识别了位置,便在1708确定已识别计算机中是否已安装清洁工具。清洁工具是指使用为该特定病毒生成的防病毒自动清洁/治愈受感染计算机的工具。如果未找到清洁工具,则在1710将到/来自受感染计算机的所有业务重新路由到清洁工具服务器,在该处,在1712下载适当的清洁工具。
一旦下载了适当的清洁工具,在1714便清洁受感染计算机。回到1708,如果找到适当的清洁工具,则在1716将该清洁工具发送到网络中所有受感染的计算机,以便在1714开始清洁。在清洁完成后,在1718对在此之前未受影响的计算机中选定的计算机进行接种以防将来的病毒攻击。
一旦形成了防病毒,便可使用防病毒自动清洁任何受影响的计算机以及对未受影响的计算机进行接种,从而防止任何将来的病毒发作。图18中所示的流程图详细描述了自动治愈/清洁进程1800,其中,在1802防病毒检测到计算机感染有相关联的病毒。一旦防病毒检测到受影响的计算机,在1804防病毒便感染已经被父病毒感染的计算机,而在1806防病毒将受影响的计算机中的父病毒改写为防病毒有效载荷。在一些实施例中,防病毒有效载荷的作用是通过对父病毒“锁上门”,对受影响的计算机进行接种以防将来的攻击。一旦防病毒有效载荷已被下载,在1808防病毒有效载荷便修复由父病毒造成的任何损害。一旦受影响的计算机已被接种并且任何损害已修复,在1810防病毒便对未受影响的计算机进行接种。应注意的是,在未受影响的计算机的情况下,由于不存在父病毒造成的损害,因此,防病毒有效载荷不在活动中,并且因而保持静止。
图19显示计算机系统801的系统方框图,该系统可能要实施用于执行本发明功能的计算系统300,而这些功能包括对怀疑有计算机蠕虫的数据分组进行扫描、删除、修改和隔离。计算机系统801包括显示监视器803和键盘809与鼠标811。计算机系统801还包括诸如中央处理器851、系统存储器853、固定储存器855(例如,硬盘驱动器)、可移动储存器857(例如,CD-ROM驱动器)、显示适配器859、声卡861、扬声器863及网络接口865等子系统。中央处理器851可执行计算机程序代码(例如,操作系统)以便如本文所述实施本发明的扫描引擎的各个方面。操作系统通常但不一定在其执行期间常驻在系统存储器853中。适用于本发明的其它计算机系统可包括另外的子系统或更少的子系统。例如,另一计算机系统可包括不止一个处理器851(即,多处理器系统)或一级或多级的高速缓冲存储器。
计算机系统801的系统总线体系结构由箭头867表示。然而,这些箭头是说明用于链接子系统的任一互连方案。例如,本地总线可用于将中央处理器连接到系统存储器和显示适配器。图6所示的计算机系统801只是适用于本发明的一个计算机系统示例。也可利用具有不同子系统配置的其它计算机体系结构。
虽然描述了病毒过滤器,但可理解,本领域的技术人员经常变换使用有关恶意代码的术语。因此,术语“计算机蠕虫”可包括任何类型的恶意或者在计算机上自身存在的不期望或想不到的计算机代码,而无论代码是否称为“病毒”、“蠕虫”、“特洛伊木马”等。此外,虽然以一定的细节描述了上述发明以便于清楚地理解,但将明白,在不脱离随附权利要求书的范围的情况下可实行某些更改和修改。因此,所述实施例应视为说明而不是限制,并且本发明不应限于本文给出的细节而应由随附权利要求书及其等同物的整个范围来限定。
Claims (12)
1.在具有多个服务器计算机和相关联客户机装置的分布式网络中将受感染的客户机装置与未受感染的客户机装置隔离并且为所述受感染的客户机装置接种的方法,包括:
将病毒攻击的网络有关病毒感染报告相关;
当报告被相关时,根据相关的报告确定病毒发作是否出现;
当确认所述病毒发作时,将受感染的客户机装置与未受感染的客户机装置隔离;
切换到内联模式,在所述内联模式中就所述病毒和相关病毒检查所有数据分组而不拷贝所述数据分组;
就所述病毒而监视所述网络中的所有数据分组;
识别所述病毒;
仅仅阻止被特定病毒感染的分组;
创建防病毒代理,其中创建防病毒代理包括:
将所述病毒解析成1)检测模块,所述检测模块将所述客户机装置中所选择的一个标识为目标客户机装置,2)感染模块,所述感染模块使所述病毒感染未被所选择的病毒感染的所述目标客户机装置,和3)病毒代码有效载荷模块,所述病毒代码有效载荷模块感染所述目标客户机装置;
分析所述感染模块以便确定感染方法并且分析防病毒有效载荷模块以便确定有害作用;
修改所述感染模块以便感染已经被所述病毒感染的客户机装置;
将防病毒结合进有效载荷模块,用于防止所述病毒的进一步感染;以及
通过组合检测模块、修改的感染模块和修改的病毒有效载荷模块来形成防计算机病毒代理。
2.如权利要求1所述的方法,还包括:
只有那些被认为受所识别的计算机病毒或计算机蠕虫感染的数据分组转发到耦合至网络的计算机病毒感测器的病毒分析器单元。
3.如权利要求2所述的方法,其中在第一模式下,
业务控制器实质上拷贝网络业务中含有的所有数据分组;以及
将拷贝的数据分组转发到所述病毒分析器单元。
4.如权利要求3所述的方法,包括:
将拷贝的数据分组转发到分组协议确定器;以及
确定所述拷贝的数据分组的分组协议。
5.如权利要求4所述的方法,还包括:
在废物收集器接收那些被确定为属于第一组一个或多个特殊协议的拷贝的数据分组;以及
在文件扫描单元接收和分析那些被确定为属于一个或多个特殊协议的拷贝的数据分组。
6.如权利要求5所述的方法,还包括:
通过病毒分析器单元确定那些在所述文件扫描单元接收的拷贝的数据分组是否受所检测的计算机病毒或计算机蠕虫感染;
将那些被确定为不受感染的分组转发到所述废物收集器;
分析受感染的拷贝的数据分组;以及
基于所述分析生成病毒报告。
7.在具有多个服务器计算机和相关联客户机装置的分布式网络中用于将受感染的客户机装置与未受感染的客户机装置隔离并且为所述受感染的客户机装置接种的设备,包括:
用于将病毒攻击的网络有关病毒感染报告相关的装置;
用于当报告被相关时根据相关的报告确定病毒发作是否出现的装置;
用于在确认所述病毒发作时将受感染的客户机装置与未受感染的客户机装置隔离的装置;
用于切换到内联模式的装置,在所述内联模式中就所述病毒和相关病毒检查所有数据分组而不拷贝所述数据分组;
用于就所述病毒而监视所述网络中的所有数据分组的装置;
用于识别所述病毒的装置;
用于仅仅阻止被特定病毒感染的分组的装置;以及
用于创建防病毒代理的装置,其中创建防病毒代理包括:
将所述病毒解析成1)检测模块,所述检测模块将所述客户机装置中所选择的一个标识为目标客户机装置,2)感染模块,所述感染模块使所述病毒感染未被所选择的病毒感染的所述目标客户机装置,和3)病毒代码有效载荷模块,所述病毒代码有效载荷模块感染所述目标客户机装置;
分析所述感染模块以便确定感染方法并且分析防病毒有效载荷模块以便确定有害作用;
修改所述感染模块以便感染已经被所述病毒感染的客户机装置;
将防病毒结合进有效载荷模块,用于防止病毒的进一步感染;以及
通过组合检测模块、修改的感染模块和修改的病毒有效载荷模块来形成防计算机病毒代理。
8.如权利要求7所述的设备,还包括:
用于只有那些被认为受所识别的计算机病毒或计算机蠕虫感染的数据分组转发到耦合至网络的计算机病毒/蠕虫感测器的病毒分析器单元的装置。
9.如权利要求8所述的设备,还包括:在第一模式下,
用于使业务控制器实质上拷贝网络业务中含有的所有数据分组的装置;以及
用于将拷贝的数据分组转发到所述病毒分析器单元的装置。
10.如权利要求9所述的设备,还包括:
用于将拷贝的数据分组转发到分组协议确定器的装置;以及
用于确定所述拷贝的数据分组的分组协议的装置。
11.如权利要求10所述的设备,还包括:
用于在废物收集器接收那些被确定为属于第一组一个或多个特殊协议的拷贝的数据分组的装置;以及
用于在文件扫描单元接收和分析那些被确定为属于第二组一个或多个特殊协议的拷贝的数据分组的装置。
12.如权利要求11所述的设备,还包括:
用于通过病毒分析器单元确定那些在所述文件扫描单元接收的拷贝的数据分组是否受所检测的计算机病毒或计算机蠕虫感染的装置;
用于将那些被确定为不受感染的分组转发到所述废物收集器的装置;
用于分析受感染的拷贝的数据分组的装置;以及
用于基于所述分析生成病毒报告的装置。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US48131303P | 2003-08-29 | 2003-08-29 | |
US60/481,313 | 2003-08-29 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1871612A CN1871612A (zh) | 2006-11-29 |
CN100530208C true CN100530208C (zh) | 2009-08-19 |
Family
ID=34272450
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200480031322.7A Active CN100530208C (zh) | 2003-08-29 | 2004-08-27 | 适于病毒防护的网络隔离技术 |
CN200480031562.7A Pending CN1871571A (zh) | 2003-08-29 | 2004-08-27 | 分布式网络中通过病毒/蠕虫监视器进行的网络业务管理 |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200480031562.7A Pending CN1871571A (zh) | 2003-08-29 | 2004-08-27 | 分布式网络中通过病毒/蠕虫监视器进行的网络业务管理 |
Country Status (4)
Country | Link |
---|---|
US (8) | US7287278B2 (zh) |
CN (2) | CN100530208C (zh) |
TW (2) | TWI362206B (zh) |
WO (2) | WO2005022440A1 (zh) |
Families Citing this family (466)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9219755B2 (en) | 1996-11-08 | 2015-12-22 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US7058822B2 (en) | 2000-03-30 | 2006-06-06 | Finjan Software, Ltd. | Malicious mobile code runtime monitoring system and methods |
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US8225408B2 (en) * | 1997-11-06 | 2012-07-17 | Finjan, Inc. | Method and system for adaptive rule-based content scanners |
US7975305B2 (en) * | 1997-11-06 | 2011-07-05 | Finjan, Inc. | Method and system for adaptive rule-based content scanners for desktop computers |
EP1540446A2 (en) | 2002-08-27 | 2005-06-15 | TD Security, Inc., dba Trust Digital, LLC | Enterprise-wide security system for computer devices |
US8117639B2 (en) * | 2002-10-10 | 2012-02-14 | Rocksteady Technologies, Llc | System and method for providing access control |
WO2004036371A2 (en) * | 2002-10-16 | 2004-04-29 | Rocksteady Networks, Inc. | System and method for dynamic bandwidth provisioning |
US7624438B2 (en) | 2003-08-20 | 2009-11-24 | Eric White | System and method for providing a secure connection between networked computers |
US20050097199A1 (en) * | 2003-10-10 | 2005-05-05 | Keith Woodard | Method and system for scanning network devices |
US20050086526A1 (en) * | 2003-10-17 | 2005-04-21 | Panda Software S.L. (Sociedad Unipersonal) | Computer implemented method providing software virus infection information in real time |
EP1528452A1 (en) * | 2003-10-27 | 2005-05-04 | Alcatel | Recursive virus detection, protection and disinfecting of nodes in a data network |
US7752320B2 (en) * | 2003-11-25 | 2010-07-06 | Avaya Inc. | Method and apparatus for content based authentication for network access |
JP2005165561A (ja) * | 2003-12-01 | 2005-06-23 | Fujitsu Ltd | ネットワーク接続制御プログラム、ネットワーク接続制御方法およびネットワーク接続制御装置 |
FR2864411B1 (fr) * | 2003-12-23 | 2006-03-03 | Cit Alcatel | Terminal avec des moyens de protection contre le dysfonctionnement de certaines applications java |
WO2005064498A1 (en) * | 2003-12-23 | 2005-07-14 | Trust Digital, Llc | System and method for enforcing a security policy on mobile devices using dynamically generated security profiles |
US7610624B1 (en) * | 2004-01-12 | 2009-10-27 | Novell, Inc. | System and method for detecting and preventing attacks to a target computer system |
US7756996B2 (en) * | 2004-01-30 | 2010-07-13 | Finjan, Inc. | Embedding management data within HTTP messages |
US20050177748A1 (en) * | 2004-02-10 | 2005-08-11 | Seiichi Katano | Virus protection for multi-function peripherals |
US8214875B2 (en) * | 2004-02-26 | 2012-07-03 | Vmware, Inc. | Network security policy enforcement using application session information and object attributes |
US8024779B2 (en) * | 2004-02-26 | 2011-09-20 | Packetmotion, Inc. | Verifying user authentication |
US8166554B2 (en) | 2004-02-26 | 2012-04-24 | Vmware, Inc. | Secure enterprise network |
US9584522B2 (en) | 2004-02-26 | 2017-02-28 | Vmware, Inc. | Monitoring network traffic by using event log information |
US7941827B2 (en) | 2004-02-26 | 2011-05-10 | Packetmotion, Inc. | Monitoring network traffic by using a monitor device |
US8543710B2 (en) * | 2004-03-10 | 2013-09-24 | Rpx Corporation | Method and system for controlling network access |
US7610621B2 (en) | 2004-03-10 | 2009-10-27 | Eric White | System and method for behavior-based firewall modeling |
US7665130B2 (en) * | 2004-03-10 | 2010-02-16 | Eric White | System and method for double-capture/double-redirect to a different location |
US8782654B2 (en) | 2004-03-13 | 2014-07-15 | Adaptive Computing Enterprises, Inc. | Co-allocating a reservation spanning different compute resources types |
US7587537B1 (en) | 2007-11-30 | 2009-09-08 | Altera Corporation | Serializer-deserializer circuits formed from input-output circuit registers |
US9106694B2 (en) | 2004-04-01 | 2015-08-11 | Fireeye, Inc. | Electronic message analysis for malware detection |
US8881282B1 (en) | 2004-04-01 | 2014-11-04 | Fireeye, Inc. | Systems and methods for malware attack detection and identification |
US8171553B2 (en) | 2004-04-01 | 2012-05-01 | Fireeye, Inc. | Heuristic based capture with replay to virtual machine |
US8204984B1 (en) | 2004-04-01 | 2012-06-19 | Fireeye, Inc. | Systems and methods for detecting encrypted bot command and control communication channels |
US8539582B1 (en) | 2004-04-01 | 2013-09-17 | Fireeye, Inc. | Malware containment and security analysis on connection |
US8561177B1 (en) | 2004-04-01 | 2013-10-15 | Fireeye, Inc. | Systems and methods for detecting communication channels of bots |
US8898788B1 (en) | 2004-04-01 | 2014-11-25 | Fireeye, Inc. | Systems and methods for malware attack prevention |
US8006305B2 (en) * | 2004-06-14 | 2011-08-23 | Fireeye, Inc. | Computer worm defense system and method |
US8584239B2 (en) * | 2004-04-01 | 2013-11-12 | Fireeye, Inc. | Virtual machine with dynamic data flow analysis |
US8375444B2 (en) | 2006-04-20 | 2013-02-12 | Fireeye, Inc. | Dynamic signature creation and enforcement |
US8528086B1 (en) | 2004-04-01 | 2013-09-03 | Fireeye, Inc. | System and method of detecting computer worms |
US8549638B2 (en) | 2004-06-14 | 2013-10-01 | Fireeye, Inc. | System and method of containing computer worms |
US8566946B1 (en) | 2006-04-20 | 2013-10-22 | Fireeye, Inc. | Malware containment on connection |
US9027135B1 (en) | 2004-04-01 | 2015-05-05 | Fireeye, Inc. | Prospective client identification using malware attack detection |
US8793787B2 (en) | 2004-04-01 | 2014-07-29 | Fireeye, Inc. | Detecting malicious network content using virtual environment components |
US7822937B2 (en) * | 2004-05-03 | 2010-10-26 | Gateway, Inc. | Method and apparatus for modifying reserve area of disk drive or memory |
US8266670B1 (en) * | 2004-05-06 | 2012-09-11 | American Express Travel Related Services Company, Inc. | System and method for dynamic security provisioning of data resources |
US7827294B2 (en) | 2004-05-06 | 2010-11-02 | American Express Travel Related Services Company, Inc. | System and method for dynamic security provisioning of computing resources |
US8407792B2 (en) * | 2004-05-19 | 2013-03-26 | Ca, Inc. | Systems and methods for computer security |
US8042180B2 (en) * | 2004-05-21 | 2011-10-18 | Computer Associates Think, Inc. | Intrusion detection based on amount of network traffic |
US20050273853A1 (en) * | 2004-05-24 | 2005-12-08 | Toshiba America Research, Inc. | Quarantine networking |
US7620986B1 (en) * | 2004-06-14 | 2009-11-17 | Xangati, Inc. | Defenses against software attacks in distributed computing environments |
US20060005032A1 (en) * | 2004-06-15 | 2006-01-05 | Adam Cain | Method and system for enabling trust-based authorization over a network |
US7624445B2 (en) * | 2004-06-15 | 2009-11-24 | International Business Machines Corporation | System for dynamic network reconfiguration and quarantine in response to threat conditions |
US20070266388A1 (en) | 2004-06-18 | 2007-11-15 | Cluster Resources, Inc. | System and method for providing advanced reservations in a compute environment |
US7765594B1 (en) * | 2004-08-18 | 2010-07-27 | Symantec Corporation | Dynamic security deputization |
US8176490B1 (en) | 2004-08-20 | 2012-05-08 | Adaptive Computing Enterprises, Inc. | System and method of interfacing a workload manager and scheduler with an identity manager |
US8214901B2 (en) * | 2004-09-17 | 2012-07-03 | Sri International | Method and apparatus for combating malicious code |
US8234705B1 (en) * | 2004-09-27 | 2012-07-31 | Radix Holdings, Llc | Contagion isolation and inoculation |
US7849506B1 (en) * | 2004-10-12 | 2010-12-07 | Avaya Inc. | Switching device, method, and computer program for efficient intrusion detection |
US8032937B2 (en) * | 2004-10-26 | 2011-10-04 | The Mitre Corporation | Method, apparatus, and computer program product for detecting computer worms in a network |
CA2586763C (en) | 2004-11-08 | 2013-12-17 | Cluster Resources, Inc. | System and method of providing system jobs within a compute environment |
US20060101277A1 (en) * | 2004-11-10 | 2006-05-11 | Meenan Patrick A | Detecting and remedying unauthorized computer programs |
US7478424B2 (en) * | 2004-11-30 | 2009-01-13 | Cymtec Systems, Inc. | Propagation protection within a network |
US20060117387A1 (en) * | 2004-11-30 | 2006-06-01 | Gunsalus Bradley W | Propagation protection of email within a network |
US20060117385A1 (en) * | 2004-11-30 | 2006-06-01 | Mester Michael L | Monitoring propagation protection within a network |
US7464118B2 (en) * | 2004-12-03 | 2008-12-09 | International Business Machines Corporation | Algorithm for maximizing application availability during automated enterprise deployments |
US7716660B2 (en) * | 2004-12-14 | 2010-05-11 | Microsoft Corporation | Method and system for downloading updates |
US7810158B2 (en) * | 2004-12-16 | 2010-10-05 | At&T Intellectual Property I, L.P. | Methods and systems for deceptively trapping electronic worms |
US20060156399A1 (en) * | 2004-12-30 | 2006-07-13 | Parmar Pankaj N | System and method for implementing network security using a sequestered partition |
US7716741B2 (en) * | 2005-01-12 | 2010-05-11 | International Business Machines Corporation | Method and system for offloading real-time virus scanning during data transfer to storage peripherals |
US7310669B2 (en) * | 2005-01-19 | 2007-12-18 | Lockdown Networks, Inc. | Network appliance for vulnerability assessment auditing over multiple networks |
US7810138B2 (en) * | 2005-01-26 | 2010-10-05 | Mcafee, Inc. | Enabling dynamic authentication with different protocols on the same port for a switch |
US20060164199A1 (en) * | 2005-01-26 | 2006-07-27 | Lockdown Networks, Inc. | Network appliance for securely quarantining a node on a network |
US8520512B2 (en) * | 2005-01-26 | 2013-08-27 | Mcafee, Inc. | Network appliance for customizable quarantining of a node on a network |
US8495700B2 (en) * | 2005-02-28 | 2013-07-23 | Mcafee, Inc. | Mobile data security system and methods |
US20100115581A1 (en) * | 2008-11-06 | 2010-05-06 | Trust Digital | System method and device for mediating connections between policy source servers, corporate respositories, and mobile devices |
US9075657B2 (en) | 2005-04-07 | 2015-07-07 | Adaptive Computing Enterprises, Inc. | On-demand access to compute resources |
US8863143B2 (en) | 2006-03-16 | 2014-10-14 | Adaptive Computing Enterprises, Inc. | System and method for managing a hybrid compute environment |
US9231886B2 (en) | 2005-03-16 | 2016-01-05 | Adaptive Computing Enterprises, Inc. | Simple integration of an on-demand compute environment |
US7739682B1 (en) | 2005-03-24 | 2010-06-15 | The Weather Channel, Inc. | Systems and methods for selectively blocking application installation |
US8359645B2 (en) * | 2005-03-25 | 2013-01-22 | Microsoft Corporation | Dynamic protection of unpatched machines |
US8516583B2 (en) | 2005-03-31 | 2013-08-20 | Microsoft Corporation | Aggregating the knowledge base of computer systems to proactively protect a computer from malware |
US8316446B1 (en) * | 2005-04-22 | 2012-11-20 | Blue Coat Systems, Inc. | Methods and apparatus for blocking unwanted software downloads |
US7647621B2 (en) * | 2005-04-22 | 2010-01-12 | Mcafee, Inc. | System, method and computer program product for applying electronic policies |
US8161554B2 (en) * | 2005-04-26 | 2012-04-17 | Cisco Technology, Inc. | System and method for detection and mitigation of network worms |
US7860006B1 (en) * | 2005-04-27 | 2010-12-28 | Extreme Networks, Inc. | Integrated methods of performing network switch functions |
US20060256730A1 (en) * | 2005-05-12 | 2006-11-16 | Compton Richard A | Intelligent quarantine device |
US20060259967A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Proactively protecting computers in a networking environment from malware |
US20060282525A1 (en) * | 2005-06-10 | 2006-12-14 | Giles James R | Method and apparatus for delegating responses to conditions in computing systems |
FR2887385B1 (fr) * | 2005-06-15 | 2007-10-05 | Advestigo Sa | Procede et systeme de reperage et de filtrage d'informations multimedia sur un reseau |
CN100401224C (zh) * | 2005-06-23 | 2008-07-09 | 福建东方微点信息安全有限责任公司 | 计算机反病毒防护系统和方法 |
US7877803B2 (en) * | 2005-06-27 | 2011-01-25 | Hewlett-Packard Development Company, L.P. | Automated immune response for a computer |
US9705911B2 (en) * | 2005-06-30 | 2017-07-11 | Nokia Technologies Oy | System and method for using quarantine networks to protect cellular networks from viruses and worms |
US20070011732A1 (en) * | 2005-07-05 | 2007-01-11 | Yang-Hung Peng | Network device for secure packet dispatching via port isolation |
US7571483B1 (en) * | 2005-08-25 | 2009-08-04 | Lockheed Martin Corporation | System and method for reducing the vulnerability of a computer network to virus threats |
US8028337B1 (en) * | 2005-08-30 | 2011-09-27 | Sprint Communications Company L.P. | Profile-aware filtering of network traffic |
US7636946B2 (en) * | 2005-08-31 | 2009-12-22 | Microsoft Corporation | Unwanted file modification and transactions |
JP4743911B2 (ja) | 2005-09-07 | 2011-08-10 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 分散コンピュータ・ネットワークに接続されたデバイスへの保護エージェントの自動配備 |
US9191396B2 (en) * | 2005-09-08 | 2015-11-17 | International Business Machines Corporation | Identifying source of malicious network messages |
EP1936892A4 (en) * | 2005-10-15 | 2009-02-11 | Huawei Tech Co Ltd | SYSTEM FOR CONTROLLING THE SECURITY OF A NETWORK AND METHOD THEREFOR |
JP4546382B2 (ja) * | 2005-10-26 | 2010-09-15 | 株式会社日立製作所 | 機器検疫方法、および、機器検疫システム |
US20070101422A1 (en) * | 2005-10-31 | 2007-05-03 | Carpenter Michael A | Automated network blocking method and system |
US8291093B2 (en) | 2005-12-08 | 2012-10-16 | Microsoft Corporation | Peer-to-peer remediation |
US8255996B2 (en) | 2005-12-30 | 2012-08-28 | Extreme Networks, Inc. | Network threat detection and mitigation |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US9392009B2 (en) * | 2006-03-02 | 2016-07-12 | International Business Machines Corporation | Operating a network monitoring entity |
JP2007241712A (ja) * | 2006-03-09 | 2007-09-20 | Fujitsu Ltd | セキュリティサーバ監視装置及び負荷分散システム |
US8424088B1 (en) * | 2006-03-14 | 2013-04-16 | Symantec Corporation | Barricading a computer system when installing or migrating software |
JP5087850B2 (ja) * | 2006-03-14 | 2012-12-05 | 富士通株式会社 | サービス仲介方法、サービス仲介装置及びサービス仲介システム |
JP2007249579A (ja) * | 2006-03-15 | 2007-09-27 | Fujitsu Ltd | ワーム対策パラメータ決定プログラム、ワーム対策パラメータ決定装置、ノード数決定プログラム、ノード数決定装置およびノード数制限システム |
WO2007107766A1 (en) * | 2006-03-22 | 2007-09-27 | British Telecommunications Public Limited Company | Method and apparatus for automated testing software |
US8443446B2 (en) * | 2006-03-27 | 2013-05-14 | Telecom Italia S.P.A. | Method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
JP5144075B2 (ja) * | 2006-03-30 | 2013-02-13 | 日本碍子株式会社 | ハニカム構造体及びその製造方法 |
US7873999B1 (en) * | 2006-03-31 | 2011-01-18 | Symantec Corporation | Customized alerting of users to probable data theft |
US7849508B2 (en) * | 2006-04-27 | 2010-12-07 | The Invention Science Fund I, Llc | Virus immunization using entity-sponsored bypass network |
US7917956B2 (en) * | 2006-04-27 | 2011-03-29 | The Invention Science Fund I, Llc | Multi-network virus immunization |
US8151353B2 (en) | 2006-04-27 | 2012-04-03 | The Invention Science Fund I, Llc | Multi-network virus immunization with trust aspects |
US9258327B2 (en) | 2006-04-27 | 2016-02-09 | Invention Science Fund I, Llc | Multi-network virus immunization |
US8613095B2 (en) * | 2006-06-30 | 2013-12-17 | The Invention Science Fund I, Llc | Smart distribution of a malware countermeasure |
US8117654B2 (en) * | 2006-06-30 | 2012-02-14 | The Invention Science Fund I, Llc | Implementation of malware countermeasures in a network device |
US8191145B2 (en) * | 2006-04-27 | 2012-05-29 | The Invention Science Fund I, Llc | Virus immunization using prioritized routing |
US8863285B2 (en) * | 2006-04-27 | 2014-10-14 | The Invention Science Fund I, Llc | Virus immunization using prioritized routing |
US8539581B2 (en) * | 2006-04-27 | 2013-09-17 | The Invention Science Fund I, Llc | Efficient distribution of a malware countermeasure |
US7934260B2 (en) | 2006-04-27 | 2011-04-26 | The Invention Science Fund I, Llc | Virus immunization using entity-sponsored bypass network |
US8966630B2 (en) * | 2006-04-27 | 2015-02-24 | The Invention Science Fund I, Llc | Generating and distributing a malware countermeasure |
US7895657B2 (en) * | 2006-05-05 | 2011-02-22 | Broadcom Corporation | Switching network employing virus detection |
US20070258437A1 (en) * | 2006-05-05 | 2007-11-08 | Broadcom Corporation, A California Corporation | Switching network employing server quarantine functionality |
US7596137B2 (en) * | 2006-05-05 | 2009-09-29 | Broadcom Corporation | Packet routing and vectoring based on payload comparison with spatially related templates |
US8223965B2 (en) | 2006-05-05 | 2012-07-17 | Broadcom Corporation | Switching network supporting media rights management |
US7751397B2 (en) | 2006-05-05 | 2010-07-06 | Broadcom Corporation | Switching network employing a user challenge mechanism to counter denial of service attacks |
US7948977B2 (en) * | 2006-05-05 | 2011-05-24 | Broadcom Corporation | Packet routing with payload analysis, encapsulation and service module vectoring |
US7735139B1 (en) * | 2006-05-17 | 2010-06-08 | Trend Micro Incorporated | In-line scanning of network data in an asymmetric routing environment |
US8316439B2 (en) * | 2006-05-19 | 2012-11-20 | Iyuko Services L.L.C. | Anti-virus and firewall system |
US8151337B2 (en) * | 2006-06-30 | 2012-04-03 | Microsoft Corporation | Applying firewalls to virtualized environments |
US8230505B1 (en) | 2006-08-11 | 2012-07-24 | Avaya Inc. | Method for cooperative intrusion prevention through collaborative inference |
US8136162B2 (en) * | 2006-08-31 | 2012-03-13 | Broadcom Corporation | Intelligent network interface controller |
US8259568B2 (en) * | 2006-10-23 | 2012-09-04 | Mcafee, Inc. | System and method for controlling mobile device access to a network |
JP4931553B2 (ja) * | 2006-10-31 | 2012-05-16 | 富士通株式会社 | ネットワーク間接続装置 |
US8087085B2 (en) * | 2006-11-27 | 2011-12-27 | Juniper Networks, Inc. | Wireless intrusion prevention system and method |
US8484733B2 (en) | 2006-11-28 | 2013-07-09 | Cisco Technology, Inc. | Messaging security device |
US8091134B2 (en) * | 2006-11-29 | 2012-01-03 | Lenovo (Singapore) Pte. Ltd. | System and method for autonomic peer-to-peer virus inoculation |
JP4764810B2 (ja) * | 2006-12-14 | 2011-09-07 | 富士通株式会社 | 異常トラヒック監視装置、エントリ管理装置およびネットワークシステム |
US8312536B2 (en) * | 2006-12-29 | 2012-11-13 | Symantec Corporation | Hygiene-based computer security |
US8250657B1 (en) | 2006-12-29 | 2012-08-21 | Symantec Corporation | Web site hygiene-based computer security |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US20080196103A1 (en) * | 2007-02-09 | 2008-08-14 | Chao-Yu Lin | Method for analyzing abnormal network behaviors and isolating computer virus attacks |
US20080222729A1 (en) * | 2007-03-05 | 2008-09-11 | Songqing Chen | Containment of Unknown and Polymorphic Fast Spreading Worms |
CN101022459B (zh) * | 2007-03-05 | 2010-05-26 | 华为技术有限公司 | 预防病毒入侵网络的系统和方法 |
US8429749B2 (en) * | 2007-03-27 | 2013-04-23 | National Institute Of Advanced Industrial Science And Technology | Packet data comparator as well as virus filter, virus checker and network system using the same |
US8310923B1 (en) | 2007-03-27 | 2012-11-13 | Amazon Technologies, Inc. | Monitoring a network site to detect adverse network conditions |
US7831537B2 (en) * | 2007-04-05 | 2010-11-09 | International Business Machines Corporation | System and method of adaptive generation of problem determination decision procedures |
US20080295153A1 (en) * | 2007-05-24 | 2008-11-27 | Zhidan Cheng | System and method for detection and communication of computer infection status in a networked environment |
US8024473B1 (en) * | 2007-07-19 | 2011-09-20 | Mcafee, Inc. | System, method, and computer program product to automate the flagging of obscure network flows as at least potentially unwanted |
US8645527B1 (en) | 2007-07-25 | 2014-02-04 | Xangati, Inc. | Network monitoring using bounded memory data structures |
US9961094B1 (en) | 2007-07-25 | 2018-05-01 | Xangati, Inc | Symptom detection using behavior probability density, network monitoring of multiple observation value types, and network monitoring using orthogonal profiling dimensions |
US8639797B1 (en) | 2007-08-03 | 2014-01-28 | Xangati, Inc. | Network monitoring of behavior probability density |
US8271642B1 (en) * | 2007-08-29 | 2012-09-18 | Mcafee, Inc. | System, method, and computer program product for isolating a device associated with at least potential data leakage activity, based on user input |
US8041773B2 (en) | 2007-09-24 | 2011-10-18 | The Research Foundation Of State University Of New York | Automatic clustering for self-organizing grids |
US8019689B1 (en) | 2007-09-27 | 2011-09-13 | Symantec Corporation | Deriving reputation scores for web sites that accept personally identifiable information |
US8646081B1 (en) * | 2007-10-15 | 2014-02-04 | Sprint Communications Company L.P. | Method and system to detect a security event in a packet flow and block the packet flow at an egress point in a communication network |
US8959624B2 (en) * | 2007-10-31 | 2015-02-17 | Bank Of America Corporation | Executable download tracking system |
US20090228963A1 (en) * | 2007-11-26 | 2009-09-10 | Nortel Networks Limited | Context-based network security |
WO2009079850A1 (en) * | 2007-12-21 | 2009-07-02 | Intel Corporation | Peer-to-peer streaming and api services for plural applications |
TWI406151B (zh) * | 2008-02-27 | 2013-08-21 | Asustek Comp Inc | 防毒保護方法以及具有防毒保護的電子裝置 |
US8499063B1 (en) | 2008-03-31 | 2013-07-30 | Symantec Corporation | Uninstall and system performance based software application reputation |
US8739289B2 (en) * | 2008-04-04 | 2014-05-27 | Microsoft Corporation | Hardware interface for enabling direct access and security assessment sharing |
GB2459291A (en) * | 2008-04-17 | 2009-10-21 | Zeus Technology Ltd | Supplying web pages |
US8341740B2 (en) * | 2008-05-21 | 2012-12-25 | Alcatel Lucent | Method and system for identifying enterprise network hosts infected with slow and/or distributed scanning malware |
US8887249B1 (en) * | 2008-05-28 | 2014-11-11 | Zscaler, Inc. | Protecting against denial of service attacks using guard tables |
US8863287B1 (en) | 2008-06-26 | 2014-10-14 | Emc Corporation | Commonality factoring pattern detection |
US8595282B2 (en) * | 2008-06-30 | 2013-11-26 | Symantec Corporation | Simplified communication of a reputation score for an entity |
US8312539B1 (en) | 2008-07-11 | 2012-11-13 | Symantec Corporation | User-assisted security system |
CN101340680B (zh) * | 2008-08-12 | 2012-01-04 | 华为终端有限公司 | 一种双核终端实现防毒和杀毒的方法和装置 |
US8826443B1 (en) * | 2008-09-18 | 2014-09-02 | Symantec Corporation | Selective removal of protected content from web requests sent to an interactive website |
US8413251B1 (en) | 2008-09-30 | 2013-04-02 | Symantec Corporation | Using disposable data misuse to determine reputation |
US8799450B2 (en) * | 2008-10-14 | 2014-08-05 | Mcafee, Inc. | Server-based system, method, and computer program product for scanning data on a client using only a subset of the data |
US9559800B1 (en) | 2008-10-24 | 2017-01-31 | Vmware, Inc. | Dynamic packet filtering |
US8463730B1 (en) * | 2008-10-24 | 2013-06-11 | Vmware, Inc. | Rapid evaluation of numerically large complex rules governing network and application transactions |
US8997219B2 (en) | 2008-11-03 | 2015-03-31 | Fireeye, Inc. | Systems and methods for detecting malicious PDF network content |
US8850571B2 (en) | 2008-11-03 | 2014-09-30 | Fireeye, Inc. | Systems and methods for detecting malicious network content |
US20100198909A1 (en) * | 2009-02-03 | 2010-08-05 | Fluke Corporation | Method and apparatus for the continuous collection and correlation of application transactions across all tiers of an n-tier application |
JP4947069B2 (ja) * | 2009-02-19 | 2012-06-06 | 日本電気株式会社 | ネットワークセキュリティシステムおよびリモートマシン隔離方法 |
US8904520B1 (en) | 2009-03-19 | 2014-12-02 | Symantec Corporation | Communication-based reputation system |
US8826424B2 (en) * | 2009-03-27 | 2014-09-02 | Sophos Limited | Run-time additive disinfection of malware functions |
US8381289B1 (en) | 2009-03-31 | 2013-02-19 | Symantec Corporation | Communication-based host reputation system |
US10992555B2 (en) | 2009-05-29 | 2021-04-27 | Virtual Instruments Worldwide, Inc. | Recording, replay, and sharing of live network monitoring views |
EP2278513A1 (en) * | 2009-07-15 | 2011-01-26 | Nagravision SA | Method for preventing the use of a cloned user unit communicating with a server |
WO2011027352A1 (en) * | 2009-09-03 | 2011-03-10 | Mcafee, Inc. | Network access control |
US9069929B2 (en) | 2011-10-31 | 2015-06-30 | Iii Holdings 2, Llc | Arbitrating usage of serial port in node card of scalable and modular servers |
US9054990B2 (en) | 2009-10-30 | 2015-06-09 | Iii Holdings 2, Llc | System and method for data center security enhancements leveraging server SOCs or server fabrics |
US9077654B2 (en) | 2009-10-30 | 2015-07-07 | Iii Holdings 2, Llc | System and method for data center security enhancements leveraging managed server SOCs |
US20110103391A1 (en) | 2009-10-30 | 2011-05-05 | Smooth-Stone, Inc. C/O Barry Evans | System and method for high-performance, low-power data center interconnect fabric |
US9465771B2 (en) | 2009-09-24 | 2016-10-11 | Iii Holdings 2, Llc | Server on a chip and node cards comprising one or more of same |
US20130107444A1 (en) | 2011-10-28 | 2013-05-02 | Calxeda, Inc. | System and method for flexible storage and networking provisioning in large scalable processor installations |
US9876735B2 (en) | 2009-10-30 | 2018-01-23 | Iii Holdings 2, Llc | Performance and power optimized computer system architectures and methods leveraging power optimized tree fabric interconnect |
US8599863B2 (en) | 2009-10-30 | 2013-12-03 | Calxeda, Inc. | System and method for using a multi-protocol fabric module across a distributed server interconnect fabric |
US8832829B2 (en) | 2009-09-30 | 2014-09-09 | Fireeye, Inc. | Network-based binary file extraction and analysis for malware detection |
US9648102B1 (en) | 2012-12-27 | 2017-05-09 | Iii Holdings 2, Llc | Memcached server functionality in a cluster of data processing nodes |
US9311269B2 (en) | 2009-10-30 | 2016-04-12 | Iii Holdings 2, Llc | Network proxy for high-performance, low-power data center interconnect fabric |
US20110107422A1 (en) * | 2009-10-30 | 2011-05-05 | Patrick Choy Ming Wong | Email worm detection methods and devices |
US11720290B2 (en) | 2009-10-30 | 2023-08-08 | Iii Holdings 2, Llc | Memcached server functionality in a cluster of data processing nodes |
US9680770B2 (en) | 2009-10-30 | 2017-06-13 | Iii Holdings 2, Llc | System and method for using a multi-protocol fabric module across a distributed server interconnect fabric |
US10877695B2 (en) | 2009-10-30 | 2020-12-29 | Iii Holdings 2, Llc | Memcached server functionality in a cluster of data processing nodes |
US20110138469A1 (en) * | 2009-12-03 | 2011-06-09 | Recursion Software, Inc. | System and method for resolving vulnerabilities in a computer network |
US20110141967A1 (en) * | 2009-12-14 | 2011-06-16 | Lane Sean L | Methods and apparatus related to substantially real-time data transmission and analysis for sensors |
US8782209B2 (en) | 2010-01-26 | 2014-07-15 | Bank Of America Corporation | Insider threat correlation tool |
US8793789B2 (en) | 2010-07-22 | 2014-07-29 | Bank Of America Corporation | Insider threat correlation tool |
US8438270B2 (en) | 2010-01-26 | 2013-05-07 | Tenable Network Security, Inc. | System and method for correlating network identities and addresses |
US8800034B2 (en) | 2010-01-26 | 2014-08-05 | Bank Of America Corporation | Insider threat correlation tool |
US9038187B2 (en) * | 2010-01-26 | 2015-05-19 | Bank Of America Corporation | Insider threat correlation tool |
US8302198B2 (en) | 2010-01-28 | 2012-10-30 | Tenable Network Security, Inc. | System and method for enabling remote registry service security audits |
US8341745B1 (en) | 2010-02-22 | 2012-12-25 | Symantec Corporation | Inferring file and website reputations by belief propagation leveraging machine reputation |
US8707440B2 (en) * | 2010-03-22 | 2014-04-22 | Tenable Network Security, Inc. | System and method for passively identifying encrypted and interactive network sessions |
US8544100B2 (en) | 2010-04-16 | 2013-09-24 | Bank Of America Corporation | Detecting secure or encrypted tunneling in a computer network |
US8782794B2 (en) | 2010-04-16 | 2014-07-15 | Bank Of America Corporation | Detecting secure or encrypted tunneling in a computer network |
US8935384B2 (en) | 2010-05-06 | 2015-01-13 | Mcafee Inc. | Distributed data revocation using data commands |
US8510836B1 (en) | 2010-07-06 | 2013-08-13 | Symantec Corporation | Lineage-based reputation system |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
TWI414166B (zh) * | 2010-08-20 | 2013-11-01 | Cybertan Technology Inc | An asynchronous scanning method and device for a network device |
US8732797B2 (en) * | 2010-08-31 | 2014-05-20 | Microsoft Corporation | Host usability and security via an isolated environment |
JP5712562B2 (ja) * | 2010-10-29 | 2015-05-07 | セイコーエプソン株式会社 | コンテンツ出力システム、コンテンツサーバー、および、コンテンツ出力方法 |
TWI435235B (zh) | 2010-11-04 | 2014-04-21 | Inst Information Industry | 電腦蠕蟲治療系統以及方法以及儲存電腦蠕蟲治療方法之電腦可讀取記錄媒體 |
US9064116B2 (en) * | 2010-11-08 | 2015-06-23 | Intel Corporation | Techniques for security management provisioning at a data storage device |
CN102004877B (zh) * | 2010-11-19 | 2013-01-23 | 珠海市君天电子科技有限公司 | 监控计算机病毒来源的方法 |
US8806638B1 (en) * | 2010-12-10 | 2014-08-12 | Symantec Corporation | Systems and methods for protecting networks from infected computing devices |
US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
KR101215326B1 (ko) * | 2011-04-13 | 2012-12-26 | 한국전자통신연구원 | 모바일 단말에서의 분산서비스공격을 방어하기 위한 장치 및 방법 |
US20120311710A1 (en) * | 2011-06-03 | 2012-12-06 | Voodoosoft Holdings, Llc | Computer program, method, and system for preventing execution of viruses and malware |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US20130074181A1 (en) * | 2011-09-19 | 2013-03-21 | Cisco Technology, Inc. | Auto Migration of Services Within a Virtual Data Center |
US8677472B1 (en) * | 2011-09-27 | 2014-03-18 | Emc Corporation | Multi-point collection of behavioral data relating to a virtualized browsing session with a secure server |
US8726385B2 (en) * | 2011-10-05 | 2014-05-13 | Mcafee, Inc. | Distributed system and method for tracking and blocking malicious internet hosts |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
KR101252787B1 (ko) * | 2011-12-06 | 2013-04-09 | 이청종 | 다수의 중계 서버를 갖는 보안관리 시스템 및 보안관리 방법 |
IL217279A0 (en) | 2011-12-29 | 2012-02-29 | Israel Ragutski | Method and system for ensuring authenticity of ip data served by a service provider |
US8776235B2 (en) * | 2012-01-10 | 2014-07-08 | International Business Machines Corporation | Storage device with internalized anti-virus protection |
US8683598B1 (en) * | 2012-02-02 | 2014-03-25 | Symantec Corporation | Mechanism to evaluate the security posture of a computer system |
US9032520B2 (en) * | 2012-02-22 | 2015-05-12 | iScanOnline, Inc. | Remote security self-assessment framework |
US9367707B2 (en) | 2012-02-23 | 2016-06-14 | Tenable Network Security, Inc. | System and method for using file hashes to track data leakage and document propagation in a network |
US9519782B2 (en) | 2012-02-24 | 2016-12-13 | Fireeye, Inc. | Detecting malicious network content |
US8826429B2 (en) | 2012-04-02 | 2014-09-02 | The Boeing Company | Information security management |
IL219499B (en) * | 2012-04-30 | 2019-02-28 | Verint Systems Ltd | A system and method for detecting malicious software |
US9055090B2 (en) * | 2012-06-12 | 2015-06-09 | Verizon Patent And Licensing Inc. | Network based device security and controls |
CN103124259B (zh) * | 2012-06-27 | 2016-05-25 | 上海感信信息科技股份有限公司 | 一种异网信息交互装置及其交互方法 |
US9124472B1 (en) | 2012-07-25 | 2015-09-01 | Symantec Corporation | Providing file information to a client responsive to a file download stability prediction |
US9509706B2 (en) * | 2012-08-31 | 2016-11-29 | Hitachi, Ltd. | Service performance monitoring method |
CN103780589A (zh) * | 2012-10-24 | 2014-05-07 | 腾讯科技(深圳)有限公司 | 病毒提示方法、客户端设备和服务器 |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
US10572665B2 (en) | 2012-12-28 | 2020-02-25 | Fireeye, Inc. | System and method to create a number of breakpoints in a virtual machine via virtual machine trapping events |
JP2017503222A (ja) | 2013-01-25 | 2017-01-26 | レムテクス, インコーポレイテッド | ネットワークセキュリティシステム、方法、及び装置 |
US9525700B1 (en) | 2013-01-25 | 2016-12-20 | REMTCS Inc. | System and method for detecting malicious activity and harmful hardware/software modifications to a vehicle |
IL224482B (en) | 2013-01-29 | 2018-08-30 | Verint Systems Ltd | System and method for keyword spotting using representative dictionary |
US9009823B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications installed on mobile devices |
US8990944B1 (en) | 2013-02-23 | 2015-03-24 | Fireeye, Inc. | Systems and methods for automatically detecting backdoors |
US9824209B1 (en) | 2013-02-23 | 2017-11-21 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications that is usable to harden in the field code |
US9195829B1 (en) | 2013-02-23 | 2015-11-24 | Fireeye, Inc. | User interface with real-time visual playback along with synchronous textual analysis log display and event/time index for anomalous behavior detection in applications |
US9367681B1 (en) | 2013-02-23 | 2016-06-14 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications using symbolic execution to reach regions of interest within an application |
US9009822B1 (en) | 2013-02-23 | 2015-04-14 | Fireeye, Inc. | Framework for multi-phase analysis of mobile applications |
US9159035B1 (en) | 2013-02-23 | 2015-10-13 | Fireeye, Inc. | Framework for computer application analysis of sensitive information tracking |
US9176843B1 (en) | 2013-02-23 | 2015-11-03 | Fireeye, Inc. | Framework for efficient security coverage of mobile software applications |
US9626509B1 (en) | 2013-03-13 | 2017-04-18 | Fireeye, Inc. | Malicious content analysis with multi-version application support within single operating environment |
US9104867B1 (en) | 2013-03-13 | 2015-08-11 | Fireeye, Inc. | Malicious content analysis using simulated user interaction without user involvement |
US9355247B1 (en) | 2013-03-13 | 2016-05-31 | Fireeye, Inc. | File extraction from memory dump for malicious content analysis |
US9565202B1 (en) | 2013-03-13 | 2017-02-07 | Fireeye, Inc. | System and method for detecting exfiltration content |
US9311479B1 (en) | 2013-03-14 | 2016-04-12 | Fireeye, Inc. | Correlation and consolidation of analytic data for holistic view of a malware attack |
US9430646B1 (en) | 2013-03-14 | 2016-08-30 | Fireeye, Inc. | Distributed systems and methods for automatically detecting unknown bots and botnets |
US10649970B1 (en) * | 2013-03-14 | 2020-05-12 | Invincea, Inc. | Methods and apparatus for detection of functionality |
US9413781B2 (en) | 2013-03-15 | 2016-08-09 | Fireeye, Inc. | System and method employing structured intelligence to verify and contain threats at endpoints |
WO2014149827A1 (en) * | 2013-03-15 | 2014-09-25 | REMTCS Inc. | Artificial neural network interface and methods of training the same for various use cases |
US9501645B2 (en) * | 2013-03-15 | 2016-11-22 | Rudolf H. Hendel | System and method for the protection of computers and computer networks against cyber threats |
US10713358B2 (en) | 2013-03-15 | 2020-07-14 | Fireeye, Inc. | System and method to extract and utilize disassembly features to classify software intent |
US9251343B1 (en) | 2013-03-15 | 2016-02-02 | Fireeye, Inc. | Detecting bootkits resident on compromised computers |
US9495180B2 (en) | 2013-05-10 | 2016-11-15 | Fireeye, Inc. | Optimized resource allocation for virtual machines within a malware content detection system |
US9635039B1 (en) | 2013-05-13 | 2017-04-25 | Fireeye, Inc. | Classifying sets of malicious indicators for detecting command and control communications associated with malware |
IL226747B (en) | 2013-06-04 | 2019-01-31 | Verint Systems Ltd | A system and method for studying malware detection |
US9536091B2 (en) | 2013-06-24 | 2017-01-03 | Fireeye, Inc. | System and method for detecting time-bomb malware |
US10133863B2 (en) | 2013-06-24 | 2018-11-20 | Fireeye, Inc. | Zero-day discovery system |
US9300686B2 (en) | 2013-06-28 | 2016-03-29 | Fireeye, Inc. | System and method for detecting malicious links in electronic messages |
US9888016B1 (en) | 2013-06-28 | 2018-02-06 | Fireeye, Inc. | System and method for detecting phishing using password prediction |
US8955138B1 (en) * | 2013-07-11 | 2015-02-10 | Symantec Corporation | Systems and methods for reevaluating apparently benign behavior on computing devices |
US9456003B2 (en) | 2013-07-24 | 2016-09-27 | At&T Intellectual Property I, L.P. | Decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment |
US20150047044A1 (en) * | 2013-08-06 | 2015-02-12 | Medknex Software, Llc | System and methods for protecting and using digital data |
EP3033709A1 (en) * | 2013-08-14 | 2016-06-22 | Hewlett-Packard Development Company, L.P. | Automating monitoring of computing resource in cloud-based data center |
US10192052B1 (en) | 2013-09-30 | 2019-01-29 | Fireeye, Inc. | System, apparatus and method for classifying a file as malicious using static scanning |
US9690936B1 (en) | 2013-09-30 | 2017-06-27 | Fireeye, Inc. | Multistage system and method for analyzing obfuscated content for malware |
US9294501B2 (en) | 2013-09-30 | 2016-03-22 | Fireeye, Inc. | Fuzzy hash of behavioral results |
US10515214B1 (en) | 2013-09-30 | 2019-12-24 | Fireeye, Inc. | System and method for classifying malware within content created during analysis of a specimen |
US10089461B1 (en) | 2013-09-30 | 2018-10-02 | Fireeye, Inc. | Page replacement code injection |
US9736179B2 (en) | 2013-09-30 | 2017-08-15 | Fireeye, Inc. | System, apparatus and method for using malware analysis results to drive adaptive instrumentation of virtual machines to improve exploit detection |
US9171160B2 (en) | 2013-09-30 | 2015-10-27 | Fireeye, Inc. | Dynamically adaptive framework and method for classifying malware using intelligent static, emulation, and dynamic analyses |
US9628507B2 (en) | 2013-09-30 | 2017-04-18 | Fireeye, Inc. | Advanced persistent threat (APT) detection center |
US10075460B2 (en) | 2013-10-16 | 2018-09-11 | REMTCS Inc. | Power grid universal detection and countermeasure overlay intelligence ultra-low latency hypervisor |
EP3061030A4 (en) | 2013-10-24 | 2017-04-19 | McAfee, Inc. | Agent assisted malicious application blocking in a network environment |
US9094450B2 (en) | 2013-11-01 | 2015-07-28 | Xerox Corporation | Method and apparatus for a centrally managed network virus detection and outbreak protection |
US9921978B1 (en) | 2013-11-08 | 2018-03-20 | Fireeye, Inc. | System and method for enhanced security of storage devices |
US9189627B1 (en) | 2013-11-21 | 2015-11-17 | Fireeye, Inc. | System, apparatus and method for conducting on-the-fly decryption of encrypted objects for malware detection |
CN103593616B (zh) * | 2013-11-29 | 2016-08-17 | 国网安徽省电力公司淮南供电公司 | 企业信息网络u盘病毒防控系统和方法 |
CN103929413A (zh) * | 2013-12-16 | 2014-07-16 | 汉柏科技有限公司 | 一种云网络防止受到攻击的方法及装置 |
US9703974B1 (en) * | 2013-12-20 | 2017-07-11 | Amazon Technologies, Inc. | Coordinated file system security via rules |
US9756074B2 (en) | 2013-12-26 | 2017-09-05 | Fireeye, Inc. | System and method for IPS and VM-based detection of suspicious objects |
US9747446B1 (en) | 2013-12-26 | 2017-08-29 | Fireeye, Inc. | System and method for run-time object classification |
US9292686B2 (en) | 2014-01-16 | 2016-03-22 | Fireeye, Inc. | Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment |
US9262635B2 (en) | 2014-02-05 | 2016-02-16 | Fireeye, Inc. | Detection efficacy of virtual machine-based analysis with application specific events |
US9241010B1 (en) | 2014-03-20 | 2016-01-19 | Fireeye, Inc. | System and method for network behavior detection |
US10242185B1 (en) | 2014-03-21 | 2019-03-26 | Fireeye, Inc. | Dynamic guest image creation and rollback |
US9591015B1 (en) | 2014-03-28 | 2017-03-07 | Fireeye, Inc. | System and method for offloading packet processing and static analysis operations |
US9432389B1 (en) | 2014-03-31 | 2016-08-30 | Fireeye, Inc. | System, apparatus and method for detecting a malicious attack based on static analysis of a multi-flow object |
US9223972B1 (en) | 2014-03-31 | 2015-12-29 | Fireeye, Inc. | Dynamically remote tuning of a malware content detection system |
US9088508B1 (en) * | 2014-04-11 | 2015-07-21 | Level 3 Communications, Llc | Incremental application of resources to network traffic flows based on heuristics and business policies |
US9940459B1 (en) | 2014-05-19 | 2018-04-10 | Invincea, Inc. | Methods and devices for detection of malware |
US9973531B1 (en) | 2014-06-06 | 2018-05-15 | Fireeye, Inc. | Shellcode detection |
US9594912B1 (en) | 2014-06-06 | 2017-03-14 | Fireeye, Inc. | Return-oriented programming detection |
US9438623B1 (en) | 2014-06-06 | 2016-09-06 | Fireeye, Inc. | Computer exploit detection using heap spray pattern matching |
US10084813B2 (en) | 2014-06-24 | 2018-09-25 | Fireeye, Inc. | Intrusion prevention and remedy system |
US9398028B1 (en) | 2014-06-26 | 2016-07-19 | Fireeye, Inc. | System, device and method for detecting a malicious attack based on communcations between remotely hosted virtual machines and malicious web servers |
US10805340B1 (en) | 2014-06-26 | 2020-10-13 | Fireeye, Inc. | Infection vector and malware tracking with an interactive user display |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US10721267B1 (en) * | 2014-07-18 | 2020-07-21 | NortonLifeLock Inc. | Systems and methods for detecting system attacks |
IL233776B (en) | 2014-07-24 | 2019-02-28 | Verint Systems Ltd | A system and method for adjusting domains |
US9363280B1 (en) | 2014-08-22 | 2016-06-07 | Fireeye, Inc. | System and method of detecting delivery of malware using cross-customer data |
US10162969B2 (en) * | 2014-09-10 | 2018-12-25 | Honeywell International Inc. | Dynamic quantification of cyber-security risks in a control system |
US10671726B1 (en) | 2014-09-22 | 2020-06-02 | Fireeye Inc. | System and method for malware analysis using thread-level event monitoring |
US10027689B1 (en) | 2014-09-29 | 2018-07-17 | Fireeye, Inc. | Interactive infection visualization for improved exploit detection and signature generation for malware and malware families |
US9773112B1 (en) | 2014-09-29 | 2017-09-26 | Fireeye, Inc. | Exploit detection of malware and malware families |
US9690933B1 (en) | 2014-12-22 | 2017-06-27 | Fireeye, Inc. | Framework for classifying an object as malicious with machine learning for deploying updated predictive models |
US10075455B2 (en) | 2014-12-26 | 2018-09-11 | Fireeye, Inc. | Zero-day rotating guest image profile |
US9934376B1 (en) | 2014-12-29 | 2018-04-03 | Fireeye, Inc. | Malware detection appliance architecture |
US9838417B1 (en) | 2014-12-30 | 2017-12-05 | Fireeye, Inc. | Intelligent context aware user interaction for malware detection |
US10560842B2 (en) | 2015-01-28 | 2020-02-11 | Verint Systems Ltd. | System and method for combined network-side and off-air monitoring of wireless networks |
US10148693B2 (en) | 2015-03-25 | 2018-12-04 | Fireeye, Inc. | Exploit detection system |
US9690606B1 (en) | 2015-03-25 | 2017-06-27 | Fireeye, Inc. | Selective system call monitoring |
IL238001B (en) | 2015-03-29 | 2020-05-31 | Verint Systems Ltd | System and method for identifying communication conversation participants based on communication traffic patterns |
US9438613B1 (en) | 2015-03-30 | 2016-09-06 | Fireeye, Inc. | Dynamic content activation for automated analysis of embedded objects |
US10474813B1 (en) | 2015-03-31 | 2019-11-12 | Fireeye, Inc. | Code injection technique for remediation at an endpoint of a network |
US9483644B1 (en) | 2015-03-31 | 2016-11-01 | Fireeye, Inc. | Methods for detecting file altering malware in VM based analysis |
US9654496B1 (en) * | 2015-03-31 | 2017-05-16 | Juniper Networks, Inc. | Obtaining suspect objects based on detecting suspicious activity |
US10417031B2 (en) | 2015-03-31 | 2019-09-17 | Fireeye, Inc. | Selective virtualization for security threat detection |
US9350750B1 (en) | 2015-04-03 | 2016-05-24 | Area 1 Security, Inc. | Distribution of security rules among sensor computers |
CN104809394B (zh) * | 2015-04-08 | 2017-04-05 | 北京奇虎科技有限公司 | 病毒查杀的方法、装置及终端 |
US9654485B1 (en) | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
US10135633B2 (en) * | 2015-04-21 | 2018-11-20 | Cujo LLC | Network security analysis for smart appliances |
US10230740B2 (en) * | 2015-04-21 | 2019-03-12 | Cujo LLC | Network security analysis for smart appliances |
US9781131B2 (en) * | 2015-04-22 | 2017-10-03 | Aktiebolaget Skf | Systems and methods for securing remote configuration |
US9594904B1 (en) | 2015-04-23 | 2017-03-14 | Fireeye, Inc. | Detecting malware based on reflection |
US10102073B2 (en) * | 2015-05-20 | 2018-10-16 | Dell Products, L.P. | Systems and methods for providing automatic system stop and boot-to-service OS for forensics analysis |
US10142353B2 (en) | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
US10033766B2 (en) * | 2015-06-05 | 2018-07-24 | Cisco Technology, Inc. | Policy-driven compliance |
US10536357B2 (en) | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10642753B1 (en) | 2015-06-30 | 2020-05-05 | Fireeye, Inc. | System and method for protecting a software component running in virtual machine using a virtualization layer |
US10726127B1 (en) | 2015-06-30 | 2020-07-28 | Fireeye, Inc. | System and method for protecting a software component running in a virtual machine through virtual interrupts by the virtualization layer |
US10454950B1 (en) | 2015-06-30 | 2019-10-22 | Fireeye, Inc. | Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks |
US11113086B1 (en) | 2015-06-30 | 2021-09-07 | Fireeye, Inc. | Virtual system and method for securing external network connectivity |
US9690938B1 (en) | 2015-08-05 | 2017-06-27 | Invincea, Inc. | Methods and apparatus for machine learning based malware detection |
US10715542B1 (en) | 2015-08-14 | 2020-07-14 | Fireeye, Inc. | Mobile application risk analysis |
SG10201507051WA (en) * | 2015-09-03 | 2017-04-27 | Certis Cisco Security Pte Ltd | System and method for high frequency heuristic data acquisition and analytics of information security events |
US10176321B2 (en) | 2015-09-22 | 2019-01-08 | Fireeye, Inc. | Leveraging behavior-based rules for malware family classification |
US10033747B1 (en) | 2015-09-29 | 2018-07-24 | Fireeye, Inc. | System and method for detecting interpreter-based exploit attacks |
US10817606B1 (en) | 2015-09-30 | 2020-10-27 | Fireeye, Inc. | Detecting delayed activation malware using a run-time monitoring agent and time-dilation logic |
US9825976B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Detection and classification of exploit kits |
US10210329B1 (en) | 2015-09-30 | 2019-02-19 | Fireeye, Inc. | Method to detect application execution hijacking using memory protection |
US10601865B1 (en) | 2015-09-30 | 2020-03-24 | Fireeye, Inc. | Detection of credential spearphishing attacks using email analysis |
US10706149B1 (en) | 2015-09-30 | 2020-07-07 | Fireeye, Inc. | Detecting delayed activation malware using a primary controller and plural time controllers |
US9825989B1 (en) | 2015-09-30 | 2017-11-21 | Fireeye, Inc. | Cyber attack early warning system |
IL242218B (en) | 2015-10-22 | 2020-11-30 | Verint Systems Ltd | A system and method for maintaining a dynamic dictionary |
IL242219B (en) | 2015-10-22 | 2020-11-30 | Verint Systems Ltd | System and method for keyword searching using both static and dynamic dictionaries |
US10284575B2 (en) | 2015-11-10 | 2019-05-07 | Fireeye, Inc. | Launcher for setting analysis environment variations for malware detection |
US10366129B2 (en) | 2015-12-04 | 2019-07-30 | Bank Of America Corporation | Data security threat control monitoring system |
US10846117B1 (en) | 2015-12-10 | 2020-11-24 | Fireeye, Inc. | Technique for establishing secure communication between host and guest processes of a virtualization architecture |
US10447728B1 (en) | 2015-12-10 | 2019-10-15 | Fireeye, Inc. | Technique for protecting guest processes using a layered virtualization architecture |
US10108446B1 (en) | 2015-12-11 | 2018-10-23 | Fireeye, Inc. | Late load technique for deploying a virtualization layer underneath a running operating system |
WO2017106206A1 (en) | 2015-12-18 | 2017-06-22 | Cujo LLC | Intercepting intra-network communication for smart appliance behavior analysis |
US10050998B1 (en) | 2015-12-30 | 2018-08-14 | Fireeye, Inc. | Malicious message analysis system |
US10621338B1 (en) | 2015-12-30 | 2020-04-14 | Fireeye, Inc. | Method to detect forgery and exploits using last branch recording registers |
US10565378B1 (en) | 2015-12-30 | 2020-02-18 | Fireeye, Inc. | Exploit of privilege detection framework |
US10133866B1 (en) | 2015-12-30 | 2018-11-20 | Fireeye, Inc. | System and method for triggering analysis of an object for malware in response to modification of that object |
US10581874B1 (en) | 2015-12-31 | 2020-03-03 | Fireeye, Inc. | Malware detection system with contextual analysis |
US9824216B1 (en) | 2015-12-31 | 2017-11-21 | Fireeye, Inc. | Susceptible environment detection system |
US11552986B1 (en) | 2015-12-31 | 2023-01-10 | Fireeye Security Holdings Us Llc | Cyber-security framework for application of virtual features |
US10476906B1 (en) | 2016-03-25 | 2019-11-12 | Fireeye, Inc. | System and method for managing formation and modification of a cluster within a malware detection system |
US10601863B1 (en) | 2016-03-25 | 2020-03-24 | Fireeye, Inc. | System and method for managing sensor enrollment |
US10785255B1 (en) | 2016-03-25 | 2020-09-22 | Fireeye, Inc. | Cluster configuration within a scalable malware detection system |
US10671721B1 (en) | 2016-03-25 | 2020-06-02 | Fireeye, Inc. | Timeout management services |
US10445506B2 (en) | 2016-03-30 | 2019-10-15 | Airwatch Llc | Detecting vulnerabilities in managed client devices |
US10893059B1 (en) | 2016-03-31 | 2021-01-12 | Fireeye, Inc. | Verification and enhancement using detection systems located at the network periphery and endpoint devices |
IL245299B (en) | 2016-04-25 | 2021-05-31 | Verint Systems Ltd | A system and method for decoding communication transmitted in a wireless local communication network |
CN106027513B (zh) * | 2016-05-15 | 2019-01-08 | 广东技术师范学院 | 计算机病毒在sdn移动环境下的传播特性分析方法 |
US10050982B1 (en) * | 2016-05-19 | 2018-08-14 | Symantec Corporation | Systems and methods for reverse-engineering malware protocols |
TWI599905B (zh) * | 2016-05-23 | 2017-09-21 | 緯創資通股份有限公司 | 惡意碼的防護方法、系統及監控裝置 |
US10169585B1 (en) | 2016-06-22 | 2019-01-01 | Fireeye, Inc. | System and methods for advanced malware detection through placement of transition events |
EP3475822B1 (en) | 2016-06-22 | 2020-07-22 | Invincea, Inc. | Methods and apparatus for detecting whether a string of characters represents malicious activity using machine learning |
US10462173B1 (en) | 2016-06-30 | 2019-10-29 | Fireeye, Inc. | Malware detection verification and enhancement by coordinating endpoint and malware detection systems |
WO2018004600A1 (en) | 2016-06-30 | 2018-01-04 | Sophos Limited | Proactive network security using a health heartbeat |
US10972495B2 (en) | 2016-08-02 | 2021-04-06 | Invincea, Inc. | Methods and apparatus for detecting and identifying malware by mapping feature data into a semantic space |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
US10491627B1 (en) | 2016-09-29 | 2019-11-26 | Fireeye, Inc. | Advanced malware detection using similarity analysis |
IL248306B (en) | 2016-10-10 | 2019-12-31 | Verint Systems Ltd | System and method for creating data sets for learning to recognize user actions |
JP6908874B2 (ja) * | 2016-10-27 | 2021-07-28 | コニカミノルタ株式会社 | 情報処理システム、情報処理装置およびプログラム |
US10795991B1 (en) | 2016-11-08 | 2020-10-06 | Fireeye, Inc. | Enterprise search |
US10587647B1 (en) | 2016-11-22 | 2020-03-10 | Fireeye, Inc. | Technique for malware detection capability comparison of network security devices |
US10552610B1 (en) | 2016-12-22 | 2020-02-04 | Fireeye, Inc. | Adaptive virtual machine snapshot update framework for malware behavioral analysis |
US10581879B1 (en) | 2016-12-22 | 2020-03-03 | Fireeye, Inc. | Enhanced malware detection for generated objects |
US10523609B1 (en) | 2016-12-27 | 2019-12-31 | Fireeye, Inc. | Multi-vector malware detection and analysis |
US10904286B1 (en) | 2017-03-24 | 2021-01-26 | Fireeye, Inc. | Detection of phishing attacks using similarity analysis |
US10819723B2 (en) * | 2017-03-27 | 2020-10-27 | Cujo LLC | Securing port forwarding through a network traffic hub |
US10791138B1 (en) | 2017-03-30 | 2020-09-29 | Fireeye, Inc. | Subscription-based malware detection |
US10554507B1 (en) | 2017-03-30 | 2020-02-04 | Fireeye, Inc. | Multi-level control for enhanced resource and object evaluation management of malware detection system |
US10798112B2 (en) | 2017-03-30 | 2020-10-06 | Fireeye, Inc. | Attribute-controlled malware detection |
US10902119B1 (en) | 2017-03-30 | 2021-01-26 | Fireeye, Inc. | Data extraction system for malware analysis |
IL252037B (en) | 2017-04-30 | 2021-12-01 | Verint Systems Ltd | System and method for identifying relationships between computer application users |
IL252041B (en) | 2017-04-30 | 2020-09-30 | Verint Systems Ltd | System and method for tracking computer application users |
US10897472B1 (en) * | 2017-06-02 | 2021-01-19 | Enigma Networkz, LLC | IT computer network threat analysis, detection and containment |
GB201709812D0 (en) * | 2017-06-20 | 2017-08-02 | Ibm | Identification of software components based on filtering of corresponding events |
US10503904B1 (en) | 2017-06-29 | 2019-12-10 | Fireeye, Inc. | Ransomware detection and mitigation |
US10601848B1 (en) | 2017-06-29 | 2020-03-24 | Fireeye, Inc. | Cyber-security system and method for weak indicator detection and correlation to generate strong indicators |
US10855700B1 (en) | 2017-06-29 | 2020-12-01 | Fireeye, Inc. | Post-intrusion detection of cyber-attacks during lateral movement within networks |
US10893068B1 (en) | 2017-06-30 | 2021-01-12 | Fireeye, Inc. | Ransomware file modification prevention technique |
CN107733873A (zh) * | 2017-09-19 | 2018-02-23 | 北京北信源软件股份有限公司 | 一种病毒预警系统和方法 |
US10747872B1 (en) | 2017-09-27 | 2020-08-18 | Fireeye, Inc. | System and method for preventing malware evasion |
US10805346B2 (en) | 2017-10-01 | 2020-10-13 | Fireeye, Inc. | Phishing attack detection |
US11108809B2 (en) | 2017-10-27 | 2021-08-31 | Fireeye, Inc. | System and method for analyzing binary code for malware classification using artificial neural network techniques |
DE112018005352T5 (de) | 2017-11-08 | 2020-06-25 | Sony Corporation | Informationsverarbeitungsvorrichtung, bewegte einrichtung, verfahren und programm |
US11271955B2 (en) | 2017-12-28 | 2022-03-08 | Fireeye Security Holdings Us Llc | Platform and method for retroactive reclassification employing a cybersecurity-based global data store |
US11005860B1 (en) | 2017-12-28 | 2021-05-11 | Fireeye, Inc. | Method and system for efficient cybersecurity analysis of endpoint events |
US11240275B1 (en) | 2017-12-28 | 2022-02-01 | Fireeye Security Holdings Us Llc | Platform and method for performing cybersecurity analyses employing an intelligence hub with a modular architecture |
IL256690B (en) | 2018-01-01 | 2022-02-01 | Cognyte Tech Israel Ltd | System and method for identifying pairs of related application users |
WO2019185404A1 (en) * | 2018-03-25 | 2019-10-03 | British Telecommunications Public Limited Company | Malware infection prediction |
EP3777072B1 (en) * | 2018-03-25 | 2024-04-10 | British Telecommunications public limited company | Malware barrier |
US10826931B1 (en) | 2018-03-29 | 2020-11-03 | Fireeye, Inc. | System and method for predicting and mitigating cybersecurity system misconfigurations |
US10956477B1 (en) | 2018-03-30 | 2021-03-23 | Fireeye, Inc. | System and method for detecting malicious scripts through natural language processing modeling |
US11003773B1 (en) | 2018-03-30 | 2021-05-11 | Fireeye, Inc. | System and method for automatically generating malware detection rule recommendations |
US11558401B1 (en) | 2018-03-30 | 2023-01-17 | Fireeye Security Holdings Us Llc | Multi-vector malware detection data sharing system for improved detection |
US10972431B2 (en) | 2018-04-04 | 2021-04-06 | Sophos Limited | Device management based on groups of network adapters |
US10862864B2 (en) | 2018-04-04 | 2020-12-08 | Sophos Limited | Network device with transparent heartbeat processing |
US11140195B2 (en) | 2018-04-04 | 2021-10-05 | Sophos Limited | Secure endpoint in a heterogenous enterprise network |
US11616758B2 (en) * | 2018-04-04 | 2023-03-28 | Sophos Limited | Network device for securing endpoints in a heterogeneous enterprise network |
US11271950B2 (en) | 2018-04-04 | 2022-03-08 | Sophos Limited | Securing endpoints in a heterogenous enterprise network |
US11438357B2 (en) | 2018-06-22 | 2022-09-06 | Senseon Tech Ltd | Endpoint network sensor and related cybersecurity infrastructure |
GB201810294D0 (en) * | 2018-06-22 | 2018-08-08 | Senseon Tech Ltd | Cybe defence system |
US11075930B1 (en) | 2018-06-27 | 2021-07-27 | Fireeye, Inc. | System and method for detecting repetitive cybersecurity attacks constituting an email campaign |
US11314859B1 (en) | 2018-06-27 | 2022-04-26 | FireEye Security Holdings, Inc. | Cyber-security system and method for detecting escalation of privileges within an access token |
US11228491B1 (en) | 2018-06-28 | 2022-01-18 | Fireeye Security Holdings Us Llc | System and method for distributed cluster configuration monitoring and management |
US11316900B1 (en) | 2018-06-29 | 2022-04-26 | FireEye Security Holdings Inc. | System and method for automatically prioritizing rules for cyber-threat detection and mitigation |
IL260986B (en) | 2018-08-05 | 2021-09-30 | Verint Systems Ltd | A system and method for using a user action log to study encrypted traffic classification |
US11182473B1 (en) | 2018-09-13 | 2021-11-23 | Fireeye Security Holdings Us Llc | System and method for mitigating cyberattacks against processor operability by a guest process |
US11763004B1 (en) | 2018-09-27 | 2023-09-19 | Fireeye Security Holdings Us Llc | System and method for bootkit detection |
US11368475B1 (en) | 2018-12-21 | 2022-06-21 | Fireeye Security Holdings Us Llc | System and method for scanning remote services to locate stored objects with malware |
CN109525610A (zh) * | 2019-01-11 | 2019-03-26 | 高艳云 | 网络大数据分析终端 |
US10931706B2 (en) * | 2019-03-20 | 2021-02-23 | Booz Allen Hamilton Inc. | System and method for detecting and identifying a cyber-attack on a network |
WO2020188524A1 (en) | 2019-03-20 | 2020-09-24 | Verint Systems Ltd. | System and method for de-anonymizing actions and messages on networks |
CN110365649B (zh) * | 2019-06-17 | 2022-12-02 | 北京旷视科技有限公司 | 数据传输方法、数据接入设备、数据输出设备和系统 |
US11258806B1 (en) | 2019-06-24 | 2022-02-22 | Mandiant, Inc. | System and method for automatically associating cybersecurity intelligence to cyberthreat actors |
US11556640B1 (en) | 2019-06-27 | 2023-01-17 | Mandiant, Inc. | Systems and methods for automated cybersecurity analysis of extracted binary string sets |
US11392700B1 (en) | 2019-06-28 | 2022-07-19 | Fireeye Security Holdings Us Llc | System and method for supporting cross-platform data verification |
US11330006B2 (en) | 2019-08-29 | 2022-05-10 | Bank Of America Corporation | Detecting and identifying devices at enterprise locations to protect enterprise-managed information and resources |
US11356462B2 (en) * | 2019-08-29 | 2022-06-07 | Bank Of America Corporation | Detecting and identifying devices at enterprise locations to protect enterprise-managed information and resources |
US11652848B1 (en) * | 2019-09-26 | 2023-05-16 | Amazon Technologies, Inc. | Distributed evaluation of networking security rules |
US11886585B1 (en) | 2019-09-27 | 2024-01-30 | Musarubra Us Llc | System and method for identifying and mitigating cyberattacks through malicious position-independent code execution |
US11637862B1 (en) | 2019-09-30 | 2023-04-25 | Mandiant, Inc. | System and method for surfacing cyber-security threats with a self-learning recommendation engine |
GB201915265D0 (en) | 2019-10-22 | 2019-12-04 | Senseon Tech Ltd | Anomaly detection |
WO2021084439A1 (en) | 2019-11-03 | 2021-05-06 | Verint Systems Ltd. | System and method for identifying exchanges of encrypted communication traffic |
JP7368762B2 (ja) * | 2020-02-05 | 2023-10-25 | 日本電信電話株式会社 | 警報監視システム、警報監視方法、及びプログラム |
US11431629B2 (en) * | 2020-08-12 | 2022-08-30 | Micron Technology, Inc. | Data packet management |
US11599523B2 (en) * | 2021-04-30 | 2023-03-07 | Bank Of America Corporation | System for computing system configuration file state identification using decentralized multidimensional snapshots |
US11307952B1 (en) | 2021-04-30 | 2022-04-19 | Bank Of America Corporation | System for computing system configuration file state mirroring on peer computing devices |
CN117240623B (zh) * | 2023-11-13 | 2024-02-02 | 杭州海康威视数字技术股份有限公司 | 一种保证业务连续性的蠕虫病毒阻断系统、方法及装置 |
Family Cites Families (45)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US2889943A (en) * | 1950-06-29 | 1959-06-09 | Plant Pattie Louise Moore | Means for evacuating cars of the hopper type |
DK170490B1 (da) * | 1992-04-28 | 1995-09-18 | Multi Inform As | Databehandlingsanlæg |
KR100297395B1 (ko) * | 1992-12-28 | 2001-10-24 | 이데이 노부유끼 | 통신방법 |
US5440723A (en) * | 1993-01-19 | 1995-08-08 | International Business Machines Corporation | Automatic immune system for computers and computer networks |
US5485575A (en) * | 1994-11-21 | 1996-01-16 | International Business Machines Corporation | Automatic analysis of a computer virus structure and means of attachment to its hosts |
JP4162099B2 (ja) * | 1995-06-02 | 2008-10-08 | 富士通株式会社 | ウィルス感染に対処する機能を持つ装置及びその記憶装置 |
US5889943A (en) | 1995-09-26 | 1999-03-30 | Trend Micro Incorporated | Apparatus and method for electronic mail virus detection and elimination |
US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US5925637A (en) * | 1997-05-15 | 1999-07-20 | Bayer Corporation | Inhibition of matrix metalloproteases by substituted biaryl oxobutyric acids |
US5832208A (en) * | 1996-09-05 | 1998-11-03 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
US5920698A (en) * | 1997-01-06 | 1999-07-06 | Digital Equipment Corporation | Automatic detection of a similar device at the other end of a wire in a computer network |
US6035423A (en) * | 1997-12-31 | 2000-03-07 | Network Associates, Inc. | Method and system for providing automated updating and upgrading of antivirus applications using a computer network |
US6269400B1 (en) * | 1998-07-22 | 2001-07-31 | International Business Machines Corporation | Method for discovering and registering agents in a distributed network |
US6338151B1 (en) * | 1998-08-21 | 2002-01-08 | International Business Machines Corporation | Input/output recovery which is based an error rate and a current state of the computer environment |
US6338141B1 (en) | 1998-09-30 | 2002-01-08 | Cybersoft, Inc. | Method and apparatus for computer virus detection, analysis, and removal in real time |
JP2000148276A (ja) * | 1998-11-05 | 2000-05-26 | Fujitsu Ltd | セキュリティ監視装置,セキュリティ監視方法およびセキュリティ監視用プログラム記録媒体 |
US6321338B1 (en) * | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6480471B1 (en) * | 1998-12-21 | 2002-11-12 | Hewlett-Packard Company | Hardware sampler for statistical monitoring of network traffic |
US20030191957A1 (en) * | 1999-02-19 | 2003-10-09 | Ari Hypponen | Distributed computer virus detection and scanning |
US6711686B1 (en) * | 1999-06-29 | 2004-03-23 | Dell Usa L.P. | Security management tool for managing security attributes in computer systems |
US6721721B1 (en) * | 2000-06-15 | 2004-04-13 | International Business Machines Corporation | Virus checking and reporting for computer database search results |
US6901519B1 (en) * | 2000-06-22 | 2005-05-31 | Infobahn, Inc. | E-mail virus protection system and method |
US7080407B1 (en) * | 2000-06-27 | 2006-07-18 | Cisco Technology, Inc. | Virus detection and removal system and method for network-based systems |
US7181769B1 (en) * | 2000-08-25 | 2007-02-20 | Ncircle Network Security, Inc. | Network security system having a device profiler communicatively coupled to a traffic monitor |
US6910134B1 (en) * | 2000-08-29 | 2005-06-21 | Netrake Corporation | Method and device for innoculating email infected with a virus |
US20060212572A1 (en) * | 2000-10-17 | 2006-09-21 | Yehuda Afek | Protecting against malicious traffic |
US20020107953A1 (en) * | 2001-01-16 | 2002-08-08 | Mark Ontiveros | Method and device for monitoring data traffic and preventing unauthorized access to a network |
US20020133586A1 (en) * | 2001-01-16 | 2002-09-19 | Carter Shanklin | Method and device for monitoring data traffic and preventing unauthorized access to a network |
US7010807B1 (en) * | 2001-04-13 | 2006-03-07 | Sonicwall, Inc. | System and method for network virus protection |
US7743147B2 (en) | 2001-04-20 | 2010-06-22 | Hewlett-Packard Development Company, L.P. | Automated provisioning of computing networks using a network database data model |
US6873988B2 (en) * | 2001-07-06 | 2005-03-29 | Check Point Software Technologies, Inc. | System and methods providing anti-virus cooperative enforcement |
US8200818B2 (en) * | 2001-07-06 | 2012-06-12 | Check Point Software Technologies, Inc. | System providing internet access management with router-based policy enforcement |
US7117533B1 (en) * | 2001-08-03 | 2006-10-03 | Mcafee, Inc. | System and method for providing dynamic screening of transient messages in a distributed computing environment |
WO2003014932A2 (en) | 2001-08-03 | 2003-02-20 | Networks Associates Technology, Inc. | System and method for providing passive screening of transient messages in a distributed computing environment |
US7331061B1 (en) * | 2001-09-07 | 2008-02-12 | Secureworks, Inc. | Integrated computer security management system and method |
US6892241B2 (en) | 2001-09-28 | 2005-05-10 | Networks Associates Technology, Inc. | Anti-virus policy enforcement system and method |
US9392002B2 (en) * | 2002-01-31 | 2016-07-12 | Nokia Technologies Oy | System and method of providing virus protection at a gateway |
JP3980903B2 (ja) * | 2002-02-21 | 2007-09-26 | 武蔵精密工業株式会社 | ボールジョイント |
US7188365B2 (en) * | 2002-04-04 | 2007-03-06 | At&T Corp. | Method and system for securely scanning network traffic |
US8327446B2 (en) * | 2002-05-06 | 2012-12-04 | Trend Micro Inc. | Antivirus stand-alone network or internet appliance and methods therefor |
US7796503B2 (en) | 2002-09-03 | 2010-09-14 | Fujitsu Limited | Fault tolerant network routing |
JP4439169B2 (ja) * | 2002-09-10 | 2010-03-24 | 株式会社アルバック | 真空処理方法及び真空装置 |
US7533166B2 (en) * | 2002-12-05 | 2009-05-12 | Siemens Communications, Inc. | Method and system for router misconfiguration autodetection |
US20040139196A1 (en) * | 2003-01-09 | 2004-07-15 | Dell Products L.P. | System and method for releasing device reservations |
US7387559B2 (en) * | 2003-11-17 | 2008-06-17 | Mattel, Inc. | Toy vehicles and play sets with contactless identification |
-
2003
- 2003-10-09 US US10/683,554 patent/US7287278B2/en active Active
- 2003-10-09 US US10/683,874 patent/US20050050337A1/en not_active Abandoned
- 2003-10-09 US US10/683,582 patent/US7565550B2/en active Active
- 2003-10-09 US US10/684,330 patent/US7523493B2/en active Active
- 2003-10-09 US US10/683,579 patent/US20050050334A1/en not_active Abandoned
- 2003-10-09 US US10/683,873 patent/US7386888B2/en active Active
- 2003-10-09 US US10/683,584 patent/US7512808B2/en active Active
-
2004
- 2004-08-27 WO PCT/IB2004/002781 patent/WO2005022440A1/en active Application Filing
- 2004-08-27 WO PCT/IB2004/002782 patent/WO2005022441A2/en active Application Filing
- 2004-08-27 CN CN200480031322.7A patent/CN100530208C/zh active Active
- 2004-08-27 CN CN200480031562.7A patent/CN1871571A/zh active Pending
- 2004-08-30 TW TW093126071A patent/TWI362206B/zh active
- 2004-08-30 TW TW093126070A patent/TWI362196B/zh active
-
2009
- 2009-06-16 US US12/485,435 patent/US8291498B1/en not_active Expired - Lifetime
Non-Patent Citations (2)
Title |
---|
A holistic approach to enterprise security. Ian Hameroff.Unisys World. 2003 |
A holistic approach to enterprise security. Ian Hameroff.Unisys World. 2003 * |
Also Published As
Publication number | Publication date |
---|---|
US7512808B2 (en) | 2009-03-31 |
TW200529621A (en) | 2005-09-01 |
US20050050335A1 (en) | 2005-03-03 |
US7287278B2 (en) | 2007-10-23 |
CN1871571A (zh) | 2006-11-29 |
TWI362196B (en) | 2012-04-11 |
US7565550B2 (en) | 2009-07-21 |
TW200518521A (en) | 2005-06-01 |
US7523493B2 (en) | 2009-04-21 |
US7386888B2 (en) | 2008-06-10 |
US20050050338A1 (en) | 2005-03-03 |
US20050050359A1 (en) | 2005-03-03 |
CN1871612A (zh) | 2006-11-29 |
US8291498B1 (en) | 2012-10-16 |
WO2005022441A2 (en) | 2005-03-10 |
WO2005022441A3 (en) | 2005-04-14 |
US20050050336A1 (en) | 2005-03-03 |
US20050050378A1 (en) | 2005-03-03 |
US20050050337A1 (en) | 2005-03-03 |
US20050050334A1 (en) | 2005-03-03 |
TWI362206B (en) | 2012-04-11 |
WO2005022440A1 (en) | 2005-03-10 |
WO2005022440A8 (en) | 2005-04-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100530208C (zh) | 适于病毒防护的网络隔离技术 | |
JP6086968B2 (ja) | 悪意のあるソフトウェアに対するローカル保護をするシステム及び方法 | |
CN1841397B (zh) | 聚合计算机系统的知识库以主动保护计算机免受恶意软件侵害 | |
CN101116068B (zh) | 数据中心环境中的入侵检测 | |
US7779465B2 (en) | Distributed peer attack alerting | |
US7941853B2 (en) | Distributed system and method for the detection of eThreats | |
US20060129382A1 (en) | Adaptive intrusion detection for autonomic systems | |
US20130311676A1 (en) | Logical / physical address state lifecycle management | |
US20060037077A1 (en) | Network intrusion detection system having application inspection and anomaly detection characteristics | |
US11374964B1 (en) | Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints | |
WO2006080930A1 (en) | Integrated data traffic monitoring system | |
CN103218563A (zh) | 软件漏洞利用防护 | |
Aoki et al. | Controlling malware http communications in dynamic analysis system using search engine | |
CN101213813A (zh) | 借助目标受害者的自识别和控制,防御ip网络中服务拒绝攻击的方法 | |
US8392998B1 (en) | Uniquely identifying attacked assets | |
CN112583841B (zh) | 虚拟机安全防护方法及系统、电子设备和存储介质 | |
KR20030049853A (ko) | 네트워크 보호 시스템 및 그 운영 방법 | |
Rocke et al. | CONFIDANT: Collaborative object notification framework for insider defense using autonomous network transactions | |
Takemori et al. | Detection of bot infected PC using destination-based IP address and domain name whitelists | |
EP2040437B1 (en) | Distributed ISP system for the inspection and elimination of eThreats in a multi-path environment | |
WO2022165174A1 (en) | Cyber-safety threat detection system | |
Shouman et al. | Multiagent-Based Intrusion Prevention System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |